cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "DeepthiMachiraju (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-9947) When No PF rules exist for the Public IP , the IP is not erased from the forwardingrules.json file in VPC VR .
Date Wed, 07 Jun 2017 09:57:18 GMT
DeepthiMachiraju created CLOUDSTACK-9947:
--------------------------------------------

             Summary: When No PF rules exist for the Public IP , the IP is not erased from
the forwardingrules.json file in VPC VR .
                 Key: CLOUDSTACK-9947
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9947
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Virtual Router
    Affects Versions: 4.10.0.0
            Reporter: DeepthiMachiraju
             Fix For: 4.10.0.0
         Attachments: Ms_log.txt

- Create  VPC , and deploy a vm in a Tier.
- acquire public IP to VPC and configure a single pf rule say for port 80.
- Able to sucesfully http to the VM.
- Now delete the PF rule .

Observation : 

- Rule is deleted from UI , db but forwardingrules.json is not cleaned up properly .
- Only after the VPC restart with clean up , the IP is removed from json file.

root@r-54-VM:/etc/cloudstack# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 0e:00:a9:fe:01:16 brd ff:ff:ff:ff:ff:ff
    inet 169.254.1.22/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 06:a5:6e:00:00:0d brd ff:ff:ff:ff:ff:ff
    inet 10.147.30.112/24 brd 10.147.30.255 scope global eth1
    inet 10.147.30.113/24 brd 10.147.30.255 scope global secondary eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:1f:19:00:15 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.1/24 brd 172.16.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:61:e6:00:05 brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.1/24 brd 172.16.2.255 scope global eth3
root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack# cat forwardingrules.json
{
    "10.147.30.113": [
        {
            "internal_ip": "172.16.2.10",
            "internal_ports": "80:80",
            "protocol": "tcp",
            "public_ip": "10.147.30.113",
            "public_ports": "80:80",
            "type": "forward"
        }
    ],
    "id": "forwardingrules"
}root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             10.147.30.113        tcp dpt:http to:172.16.2.10:80

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             10.147.30.113        tcp dpt:http to:172.16.2.10:80

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  172.16.2.0/24        anywhere             to:172.16.2.1
SNAT       all  --  172.16.1.0/24        anywhere             to:172.16.1.1
SNAT       all  --  anywhere             anywhere             to:10.147.30.112
SNAT       all  --  anywhere             anywhere             to:10.147.30.113
SNAT       tcp  --  anywhere             10.147.30.113        tcp dpt:http to:172.16.2.10:80
root@r-54-VM:/etc/cloudstack#

mysql> select * from port_forwarding_rules;
+-----+-------------+-----------------+-----------------+---------------+
| id  | instance_id | dest_ip_address | dest_port_start | dest_port_end |
+-----+-------------+-----------------+-----------------+---------------+
| 119 |          24 | 172.16.2.10     |              80 |            80 |
+-----+-------------+-----------------+-----------------+---------------+
1 row in set (0.00 sec)


-------- logs post deletion of pf rule ----------------

root@r-54-VM:/etc/cloudstack# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 0e:00:a9:fe:01:16 brd ff:ff:ff:ff:ff:ff
    inet 169.254.1.22/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 06:a5:6e:00:00:0d brd ff:ff:ff:ff:ff:ff
    inet 10.147.30.112/24 brd 10.147.30.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:1f:19:00:15 brd ff:ff:ff:ff:ff:ff
    inet 172.16.1.1/24 brd 172.16.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:61:e6:00:05 brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.1/24 brd 172.16.2.255 scope global eth3
root@r-54-VM:/etc/cloudstack#
*********************************************
root@r-54-VM:/etc/cloudstack# iptables -t  nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  172.16.2.0/24        anywhere             to:172.16.2.1
SNAT       all  --  172.16.1.0/24        anywhere             to:172.16.1.1
SNAT       all  --  anywhere             anywhere             to:10.147.30.112
SNAT       all  --  anywhere             anywhere             to:10.147.30.113
**********************************************
root@r-54-VM:/etc/cloudstack# cat forwardingrules.json
{
    "10.147.30.113": [],
    "id": "forwardingrules"
}


Attached MS logs



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message