cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rajani Karuturi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-9947) When No PF rules exist for the Public IP , the IP is not erased from the forwardingrules.json file in VPC VR .
Date Thu, 06 Jul 2017 10:34:03 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-9947?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rajani Karuturi updated CLOUDSTACK-9947:
----------------------------------------
    Fix Version/s:     (was: 4.10.0.0)
                   4.10.1.0

> When No PF rules exist for the Public IP , the IP is not erased from the forwardingrules.json
file in VPC VR .
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-9947
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9947
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Virtual Router
>    Affects Versions: 4.10.0.0
>            Reporter: DeepthiMachiraju
>              Labels: PVR
>             Fix For: 4.10.1.0
>
>         Attachments: Ms_log.txt
>
>
> - Create  VPC , and deploy a vm in a Tier.
> - acquire public IP to VPC and configure a single pf rule say for port 80.
> - Able to sucesfully http to the VM.
> - Now delete the PF rule .
> Observation : 
> - Rule is deleted from UI , db but forwardingrules.json is not cleaned up properly .
> - Only after the VPC restart with clean up , the IP is removed from json file.
> root@r-54-VM:/etc/cloudstack# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 0e:00:a9:fe:01:16 brd ff:ff:ff:ff:ff:ff
>     inet 169.254.1.22/16 brd 169.254.255.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 06:a5:6e:00:00:0d brd ff:ff:ff:ff:ff:ff
>     inet 10.147.30.112/24 brd 10.147.30.255 scope global eth1
>     inet 10.147.30.113/24 brd 10.147.30.255 scope global secondary eth1
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 02:00:1f:19:00:15 brd ff:ff:ff:ff:ff:ff
>     inet 172.16.1.1/24 brd 172.16.1.255 scope global eth2
> 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 02:00:61:e6:00:05 brd ff:ff:ff:ff:ff:ff
>     inet 172.16.2.1/24 brd 172.16.2.255 scope global eth3
> root@r-54-VM:/etc/cloudstack#
> root@r-54-VM:/etc/cloudstack#
> root@r-54-VM:/etc/cloudstack# cat forwardingrules.json
> {
>     "10.147.30.113": [
>         {
>             "internal_ip": "172.16.2.10",
>             "internal_ports": "80:80",
>             "protocol": "tcp",
>             "public_ip": "10.147.30.113",
>             "public_ports": "80:80",
>             "type": "forward"
>         }
>     ],
>     "id": "forwardingrules"
> }root@r-54-VM:/etc/cloudstack#
> root@r-54-VM:/etc/cloudstack#
> root@r-54-VM:/etc/cloudstack# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             10.147.30.113        tcp dpt:http to:172.16.2.10:80
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             10.147.30.113        tcp dpt:http to:172.16.2.10:80
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> SNAT       all  --  172.16.2.0/24        anywhere             to:172.16.2.1
> SNAT       all  --  172.16.1.0/24        anywhere             to:172.16.1.1
> SNAT       all  --  anywhere             anywhere             to:10.147.30.112
> SNAT       all  --  anywhere             anywhere             to:10.147.30.113
> SNAT       tcp  --  anywhere             10.147.30.113        tcp dpt:http to:172.16.2.10:80
> root@r-54-VM:/etc/cloudstack#
> mysql> select * from port_forwarding_rules;
> +-----+-------------+-----------------+-----------------+---------------+
> | id  | instance_id | dest_ip_address | dest_port_start | dest_port_end |
> +-----+-------------+-----------------+-----------------+---------------+
> | 119 |          24 | 172.16.2.10     |              80 |            80 |
> +-----+-------------+-----------------+-----------------+---------------+
> 1 row in set (0.00 sec)
> -------- logs post deletion of pf rule ----------------
> root@r-54-VM:/etc/cloudstack# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 0e:00:a9:fe:01:16 brd ff:ff:ff:ff:ff:ff
>     inet 169.254.1.22/16 brd 169.254.255.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 06:a5:6e:00:00:0d brd ff:ff:ff:ff:ff:ff
>     inet 10.147.30.112/24 brd 10.147.30.255 scope global eth1
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 02:00:1f:19:00:15 brd ff:ff:ff:ff:ff:ff
>     inet 172.16.1.1/24 brd 172.16.1.255 scope global eth2
> 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen
1000
>     link/ether 02:00:61:e6:00:05 brd ff:ff:ff:ff:ff:ff
>     inet 172.16.2.1/24 brd 172.16.2.255 scope global eth3
> root@r-54-VM:/etc/cloudstack#
> *********************************************
> root@r-54-VM:/etc/cloudstack# iptables -t  nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> SNAT       all  --  172.16.2.0/24        anywhere             to:172.16.2.1
> SNAT       all  --  172.16.1.0/24        anywhere             to:172.16.1.1
> SNAT       all  --  anywhere             anywhere             to:10.147.30.112
> SNAT       all  --  anywhere             anywhere             to:10.147.30.113
> **********************************************
> root@r-54-VM:/etc/cloudstack# cat forwardingrules.json
> {
>     "10.147.30.113": [],
>     "id": "forwardingrules"
> }
> Attached MS logs



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message