Return-Path: X-Original-To: apmail-cloudstack-issues-archive@www.apache.org Delivered-To: apmail-cloudstack-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9409418F13 for ; Tue, 28 Apr 2015 12:30:06 +0000 (UTC) Received: (qmail 6915 invoked by uid 500); 28 Apr 2015 12:30:06 -0000 Delivered-To: apmail-cloudstack-issues-archive@cloudstack.apache.org Received: (qmail 6880 invoked by uid 500); 28 Apr 2015 12:30:06 -0000 Mailing-List: contact issues-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list issues@cloudstack.apache.org Received: (qmail 6865 invoked by uid 500); 28 Apr 2015 12:30:06 -0000 Delivered-To: apmail-incubator-cloudstack-issues@incubator.apache.org Received: (qmail 6861 invoked by uid 99); 28 Apr 2015 12:30:06 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Apr 2015 12:30:06 +0000 Date: Tue, 28 Apr 2015 12:30:06 +0000 (UTC) From: "Aleksandr (JIRA)" To: cloudstack-issues@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-5282) KVM - Advanced zone Isolated networks - Egress rules are not functional because of router having mutiple nics for the public ip address. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-5282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14516955#comment-14516955 ] Aleksandr commented on CLOUDSTACK-5282: --------------------------------------- root@r-31-VM:~# cat /var/cache/cloud/cmdline template=domP name=r-31-VM eth2ip=185.22.***.** eth2mask=255.255.255.0 gateway=185.22.***.1 eth0ip=172.17.150.1 eth0mask=255.255.255.0 domain=cs2cloud.internal cidrsize=24 dhcprange=172.17.150.1 eth1ip=169.254.1.247 eth1mask=255.255.0.0 type=router disable_rp_filter=true dns1=8.8.8.8 dns2=8.8.4.4 Noup, no eth3 here. > KVM - Advanced zone Isolated networks - Egress rules are not functional because of router having mutiple nics for the public ip address. > ----------------------------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-5282 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5282 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Management Server > Affects Versions: 4.3.0 > Environment: Build from 4.3 using 64 bit system templates. > Reporter: Sangeetha Hariharan > Assignee: Jayapal Reddy > Priority: Critical > Fix For: 4.3.0 > > Attachments: management-server.rar > > > KVM - Advanced zone Isolated networks - Egress rules are not functional. > Steps to reproduce the problem: > Advanced zone with 2 KVM hosts (rhel6.3), Isolated network with 20 vms. > Create a egress rule to allow all traffic to all cidrs. > From Vm , try to ping google.com > We are not able to ping/ssh outside from the VM. > Egress rules are programmed in the router. > But I see that the router has as many NICs as the number of Vms that it services asssigned to the same public Ip address but with 2 different MAC address. > root@r-10-MyTestVM:~# ip route > default via 10.223.138.129 dev eth2 > 10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.1 > 10.223.138.128/26 dev eth2 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth3 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth4 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth5 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth6 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth7 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth8 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth9 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth10 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth11 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth12 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth13 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth14 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth15 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth16 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth17 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth18 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth19 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth20 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth21 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth22 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth23 proto kernel scope link src 10.223.138.137 > 10.223.138.128/26 dev eth24 proto kernel scope link src 10.223.138.137 > 169.254.0.0/16 dev eth1 proto kernel scope link src 169.254.3.13 > root@r-10-MyTestVM:~# ifconfig > eth0 Link encap:Ethernet HWaddr 02:00:51:27:00:02 > inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0 > inet6 addr: fe80::51ff:fe27:2/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:757 errors:0 dropped:0 overruns:0 frame:0 > TX packets:324 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:116494 (113.7 KiB) TX bytes:44376 (43.3 KiB) > eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:03:0d > inet addr:169.254.3.13 Bcast:169.254.255.255 Mask:255.255.0.0 > inet6 addr: fe80::c00:a9ff:fefe:30d/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:14587 errors:0 dropped:0 overruns:0 frame:0 > TX packets:13791 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:2392297 (2.2 MiB) TX bytes:2634222 (2.5 MiB) > eth2 Link encap:Ethernet HWaddr 06:e5:16:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4e5:16ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:642 errors:0 dropped:0 overruns:0 frame:0 > TX packets:104 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:31140 (30.4 KiB) TX bytes:8472 (8.2 KiB) > eth3 Link encap:Ethernet HWaddr 06:20:ce:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::420:ceff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:616 errors:0 dropped:0 overruns:0 frame:0 > TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:28826 (28.1 KiB) TX bytes:402 (402.0 B) > eth4 Link encap:Ethernet HWaddr 06:2c:f0:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::42c:f0ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:598 errors:0 dropped:0 overruns:0 frame:0 > TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:27718 (27.0 KiB) TX bytes:486 (486.0 B) > eth5 Link encap:Ethernet HWaddr 06:32:ae:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::432:aeff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:589 errors:0 dropped:0 overruns:0 frame:0 > TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:27256 (26.6 KiB) TX bytes:570 (570.0 B) > eth6 Link encap:Ethernet HWaddr 06:5d:66:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::45d:66ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:579 errors:0 dropped:0 overruns:0 frame:0 > TX packets:11 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:26732 (26.1 KiB) TX bytes:654 (654.0 B) > eth7 Link encap:Ethernet HWaddr 06:3b:46:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::43b:46ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:568 errors:0 dropped:0 overruns:0 frame:0 > TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:26234 (25.6 KiB) TX bytes:808 (808.0 B) > eth8 Link encap:Ethernet HWaddr 06:50:fe:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::450:feff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:553 errors:0 dropped:0 overruns:0 frame:0 > TX packets:15 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:25518 (24.9 KiB) TX bytes:822 (822.0 B) > eth9 Link encap:Ethernet HWaddr 06:b9:ce:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4b9:ceff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:539 errors:0 dropped:0 overruns:0 frame:0 > TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:24930 (24.3 KiB) TX bytes:976 (976.0 B) > eth10 Link encap:Ethernet HWaddr 06:9f:ce:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::49f:ceff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:522 errors:0 dropped:0 overruns:0 frame:0 > TX packets:19 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:24180 (23.6 KiB) TX bytes:990 (990.0 B) > eth11 Link encap:Ethernet HWaddr 06:ce:f0:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4ce:f0ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:501 errors:0 dropped:0 overruns:0 frame:0 > TX packets:21 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:23214 (22.6 KiB) TX bytes:1074 (1.0 KiB) > eth12 Link encap:Ethernet HWaddr 06:27:08:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::427:8ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:480 errors:0 dropped:0 overruns:0 frame:0 > TX packets:23 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:22296 (21.7 KiB) TX bytes:1158 (1.1 KiB) > eth13 Link encap:Ethernet HWaddr 06:f1:f6:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4f1:f6ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:457 errors:0 dropped:0 overruns:0 frame:0 > TX packets:26 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:21294 (20.7 KiB) TX bytes:1312 (1.2 KiB) > eth14 Link encap:Ethernet HWaddr 06:ae:66:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4ae:66ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:431 errors:0 dropped:0 overruns:0 frame:0 > TX packets:27 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:20152 (19.6 KiB) TX bytes:1326 (1.2 KiB) > eth15 Link encap:Ethernet HWaddr 06:e3:52:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4e3:52ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:404 errors:0 dropped:0 overruns:0 frame:0 > TX packets:29 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:18982 (18.5 KiB) TX bytes:1458 (1.4 KiB) > eth16 Link encap:Ethernet HWaddr 06:af:18:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4af:18ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:372 errors:0 dropped:0 overruns:0 frame:0 > TX packets:31 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:17518 (17.1 KiB) TX bytes:1494 (1.4 KiB) > eth17 Link encap:Ethernet HWaddr 06:0c:7a:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::40c:7aff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:342 errors:0 dropped:0 overruns:0 frame:0 > TX packets:33 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:16258 (15.8 KiB) TX bytes:1578 (1.5 KiB) > eth18 Link encap:Ethernet HWaddr 06:e1:62:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4e1:62ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:309 errors:0 dropped:0 overruns:0 frame:0 > TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:14836 (14.4 KiB) TX bytes:1710 (1.6 KiB) > eth19 Link encap:Ethernet HWaddr 06:13:46:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::413:46ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:273 errors:0 dropped:0 overruns:0 frame:0 > TX packets:37 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:13274 (12.9 KiB) TX bytes:1794 (1.7 KiB) > eth20 Link encap:Ethernet HWaddr 06:bf:20:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4bf:20ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:236 errors:0 dropped:0 overruns:0 frame:0 > TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:11684 (11.4 KiB) TX bytes:1878 (1.8 KiB) > eth21 Link encap:Ethernet HWaddr 06:33:58:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::433:58ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:195 errors:0 dropped:0 overruns:0 frame:0 > TX packets:41 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:9878 (9.6 KiB) TX bytes:1962 (1.9 KiB) > eth22 Link encap:Ethernet HWaddr 06:e8:dc:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4e8:dcff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:152 errors:0 dropped:0 overruns:0 frame:0 > TX packets:43 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:7932 (7.7 KiB) TX bytes:2046 (1.9 KiB) > eth23 Link encap:Ethernet HWaddr 06:57:32:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::457:32ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:109 errors:0 dropped:0 overruns:0 frame:0 > TX packets:45 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:6112 (5.9 KiB) TX bytes:2130 (2.0 KiB) > eth24 Link encap:Ethernet HWaddr 06:db:f6:00:00:19 > inet addr:10.223.138.137 Bcast:10.223.138.191 Mask:255.255.255.192 > inet6 addr: fe80::4db:f6ff:fe00:19/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:84 errors:0 dropped:0 overruns:0 frame:0 > TX packets:68 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:5386 (5.2 KiB) TX bytes:3096 (3.0 KiB) > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:2 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:214 (214.0 B) TX bytes:214 (214.0 B) > root@r-10-MyTestVM:~# > This seems to be the reason why egress traffic is not being established. > -- This message was sent by Atlassian JIRA (v6.3.4#6332)