cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-7028) [RVR] Static NAT does not work after the fail-over in additional public range
Date Thu, 28 Aug 2014 08:44:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-7028?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14113552#comment-14113552
] 

Jayapal Reddy commented on CLOUDSTACK-7028:
-------------------------------------------

Problem:
-----------
Static NAT does not working after fail over in RVR. This issue there only for the additional
public subnets case.

Root Cause Analysis:
----------------------------
For additional public subnet case in RVR when fail over happens there is no mechanism to add
routes for the additional subnets
in eanble_pubip.sh 

When back up switch to master, during this enable_pubip.sh is called. Its responsibility to
bring up public interfaces and add routes for the 
interface.

Due to this the ingress traffic coming in eth3 is going out via eth2.
To add routes gateway and device infomation which is not available in the router dynamically.

Proposed solution:
------------------------
Once we have gw and device information in VR we can add routes for additional subnets.
So the gw and device information we are maintaining in /var/cache/cloud/ifaceGwIp in VR.
Using this information adding routes for additional public subnet interfaces in enable_pubip.sh
when VR switches to master.

QA Verification steps:
----------------------------
To verify this we need two isolated public subnets in the lab.
In our current lab all public subnets are reachable from each other. In this case you can't
reproduce the issue.
Take public subnet ex: 52, 53. From 52 subnet gateway 53 subnet should not be reachable.

Verfication steps:
1. Create RVR network and acquire additional public ip range (ex: 47 vlan and 10.147.47.x
subnet)
2. create a static nat rue on additional range public ip and add firewall rule for port 22-22
3. ssh to public ip, it get connected to vm
4. Now make master VR down, backup wil become master.
5. On master router on eth3 there should be default route. 
command to check:
ip route show table Table_eth<devNum>
7. Static nat rule on public ip of additional subnet should work.
8. Make sure by capturing the traffic enter in device and leave the same device.


> [RVR] Static NAT does not work after the fail-over in additional public range
> -----------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-7028
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7028
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.0.0
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>             Fix For: 4.4.0
>
>
> On fail over, in master router route got missed.
> Reproducing steps:
> 1. Create RVR network and acquire additional public ip range (ex: 47 vlan and 10.147.47.x
subnet)
> 2. create a static nat rue on additional range public ip and add firewall rule for port
22-22
> 3. ssh to public ip, it get connected to vm
> 4. Now make master VR down, backup wil become master.
> 5. On master router on eth3 there default route got missed, which is causing the ingress
traffic is coming to eth3 is going out via eth2.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message