cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jayapal Reddy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-7728) Network with egress policy allow, VR reboot missed default rule
Date Mon, 20 Oct 2014 05:49:33 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-7728?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14176618#comment-14176618
] 

Jayapal Reddy commented on CLOUDSTACK-7728:
-------------------------------------------

Problem:
------------
Isolated network with egress policy allow is created.
When router is create in this network, router allow the egress traffic by default.
Do NOT create any egress rule on the network.
After rebooting the router, it is not allowing the egress traffic.

Root Cause Analysis:
-------------------------
On router reboot with out any egress rule create on the network, the iptables rules 
to allow egress traffic is not created.

Proposed solution:
-----------------------
On router reboot configuring rules on router to add egress default rules to allow traffic.

Verification steps:
---------------------
1. Create isolated network with default egress policy allow.
2. Deploy VM in network so that VR got created.
3. VR comes up with iptables rules to allow all egress traffic.
4. Do not create any egress rule on the network.
4. Reboot VR. After reboot egress traffic should be allowed for the VMs.


> Network with egress policy allow, VR reboot missed default rule
> ---------------------------------------------------------------
>
>                 Key: CLOUDSTACK-7728
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7728
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Network Controller
>    Affects Versions: 4.2.1
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>             Fix For: 4.5.0
>
>
> Repro steps:
> 1. Create isolated network with default egress policy allow.
> 2. Deploy VM in network so that VR got created.
> 3. VR comes up with iptables rules to allow all egress traffic.
> 4. Reboot VR. After reboot iptables rule to allow egress traffic is missed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message