cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8881) [Blocker] PF , static nat , LB , egress rules not working in case of isolated networks
Date Sun, 27 Sep 2015 12:12:05 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14909704#comment-14909704
] 

ASF subversion and git services commented on CLOUDSTACK-8881:
-------------------------------------------------------------

Commit 3ded3e90007d08fa98465f2b8c68b7fb075557c0 in cloudstack's branch refs/heads/master from
[~remibergsma]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=3ded3e9 ]

Merge pull request #887 from schubergphilis/vr_fixes_combined

[BLOCKER] Combined PRs that fix VR issuesTonight I worked with @wilderrodrigues to figure
out what is wrong with the virtual router. As we couldn't test single PRs any more (because
of other issues with them causing tests to fail) we added all VR related PRs in a separate
branch and started testing from there.

We combined the following PRs into this PR:
#836 #851 #867 #870 #881 #882 #842

After that, one issue remains: the VPC does not get a default gateway. Which is strange, because
we already solved it in PR #738. When I look back, it was fixed again in PR #784. It could
very well be that either one fixed one specific case, but also breaking the other. We need
to investigate this, and make sure there will be a fix that works both for VPCs and VRs.

When we manually add the default gateway on the VPC, most tests pass and also spinning up
two VPCs with one tier each, having a VM and them using s2s to VPN them together works fine.
See for more details the report Wilder sent earlier.

Tomorrow we'll try to figure out how to fix the default gateway and merge this. Then we should
have a base to work from again. Any PR that fixes another blocker, should at least then be
rebased against the fixed master so we can run the tests against the PR branch. I'm not saying
everything is fixed, I'm just saying that we can spin up a cloud that has working VMs.

When, in the mean time, someone has the time to checkout this branch and make the default
route work for both VPC and VR that would be awesome. After that we should double check and
verify the test results.

Pinging @karuturi to let her know the current status.

Regards,
Wilder / Remi

* pr/887:
  Fixing the index out of bounds error in the check_if_link_up() function
  small cleanups
  Fixing the defaut route for VPC routers
  Formatting the get_gateway() method in the CsDatabag.py file
  Fixing the dhcpsrvr iptables file
  Formatting the router_proxy.sh script
  CLOUDSTACK-8881: Fixed Static and PF configuration issue
  CLOUDSTACK-8905: Fixed hooking egress rules
  CLOUDSTACK-8891: Fixed default iptables rules on VR  for guest traffic
  Configured dnsmasq to listen on all interfaces so that vpn  client gets dns
  CLOUDSTACK-8864: Not able to add TCP port forwarding rule in VPN for specific ports
  CLOUDSTACK-8863: VM doesn't reconnect to internet post VR RESTART/STOP-START/RECREATE
  CLOUDSTACK-8843: Fixed issue in default iptables rules on shared network VR

Signed-off-by: Remi Bergsma <github@remi.nl>


> [Blocker] PF , static nat , LB , egress rules not working in case of isolated networks
> --------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8881
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8881
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.6.0
>            Reporter: Raja Pullela
>            Assignee: Wilder Rodrigues
>            Priority: Blocker
>             Fix For: 4.6.0
>
>
> BVTs are failing as - integration.smoke.test_loadbalance.TestLoadBalance.test_01_create_lb_rule_src_nat
> integration.smoke.test_loadbalance.TestLoadBalance.test_02_create_lb_rule_non_nat
> integration.smoke.test_loadbalance.TestLoadBalance.test_assign_and_removal_lb
> integration.smoke.test_network.TestPortForwarding.test_01_port_fwd_on_src_nat
> integration.smoke.test_network.TestPortForwarding.test_02_port_fwd_on_non_src_nat
> integration.smoke.test_network.TestRouterRules.test_network_rules_acquired_public_ip_1_static_nat_rule
> integration.smoke.test_network.TestRouterRules.test_network_rules_acquired_public_ip_2_nat_rule
> integration.smoke.test_network.TestRouterRules.test_network_rules_acquired_public_ip_3_Load_Balancer_Rule
> integration.smoke.test_network.TestRebootRouter.test_reboot_router
> Repro steps:
> 1.Create a advance zone setup
> 2. Create a VM in isolated network 
> 3. add PF rules, LB rules, Static nat rules ,firewall rules , Egress rules to the network
> ( i added the rules for port 22 and on different public ips by acquiring ips )
> Bug: 
> none of the rules works
> Routers iptables shows following entries
> Chain INPUT (policy DROP 1330 packets, 79806 bytes)
> pkts bytes target prot opt in out source dest ination
> 1616 116814 NETWORK_STATS all – * * 0.0.0.0/0 0. 0.0.0/0
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 4 730 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 255 34874 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state NEW,ESTABLISHED
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state NEW,ESTABLISHED
> 0 0 ACCEPT all – * * 0.0.0.0/0 224.0. 0.18
> 0 0 ACCEPT all – * * 0.0.0.0/0 225.0. 0.50
> 0 0 ACCEPT all – eth2 * 0.0.0.0/0 0.0.0. 0/0 state RELATED,ESTABLISHED
> 0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT all – lo * 0.0.0.0/0 0.0.0. 0/0
> 0 0 ACCEPT tcp – eth1 * 0.0.0.0/0 0.0.0. 0/0 tcp dpt:3922 state NEW,ESTABLISHED



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message