cloudstack-users-cn mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "linuxbqj@gmail.com" <linux...@gmail.com>
Subject Re: 虚拟机机网络闪断
Date Mon, 28 Apr 2014 03:29:28 GMT
这个某个虚拟机是固定的吗?
另外虚机的系统是什么的?相应的驱动是不是OK

2014-04-28 10:07 GMT+08:00 谢福平 <754282701@qq.com>:
> 问题:虚拟机有时会ping不通,然后关闭主机侧防火墙(但是主机的防火墙等会会自动起来),就能ping通(主机防火前起来后也能ping通虚拟机).
而且是集群中多个虚拟机中的某个虚拟机会偶尔不同,其它正常
>
>  iptable文件配置:       # cat /etc/sysconfig/iptables
> # Generated by iptables-save v1.4.7 on Tue Apr  8 14:50:58 2014
> *nat
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> COMMIT
> # Completed on Tue Apr  8 14:50:58 2014
> # Generated by iptables-save v1.4.7 on Tue Apr  8 14:50:58 2014
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
> -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
> -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
>  -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 1798 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 16509 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 5900:6100 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 49152:49216 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 3260 -j ACCEPT
> -A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT
> -A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT
> -A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT
> -A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT
> -A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT
> -A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT
> -A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT
> -A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT
> -A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT
> -A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT
> -A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT
>  COMMIT
> # Completed on Tue Apr  8 14:50:58 2014
>
>  同时,在kvm主机的agent日志中确实有告警:
>
> 2014-04-25 14:42:52,517 WARN  [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-5:null)
Failed to program network rules for vm i-2-264-VM
> 2014-04-25 14:42:52,732 WARN  [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-1:null)
Failed to program network rules for vm i-2-332-VM
> 2014-04-25 14:42:52,943 WARN  [kvm.resource.LibvirtComputingResource] (agentRequest-Handler-4:null)
Failed to program network rules for vm i-2-332-VM



-- 
白清杰 (Born Bai)

北京开源愿景信息技术有限公司

Mail: linuxbqj@gmail.com

Mime
View raw message