Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@cloudstack.apache.org
Received-SPF: pass (athena.apache.org: local policy)
From: "Warren Nicholson" <warren.nicholson@nfinausa.com>
To: <users@cloudstack.apache.org>
References: <000301ce45f6$d85c44c0$8914ce40$@nfinausa.com>
 <CAO+D_1wKuKDSqFzh2YUovxYFJdHJxmpZMesOe4NUDUXGhabKDw@mail.gmail.com>
 <000001ce4672$31e943f0$95bbcbd0$@nfinausa.com>
 <FB3EBB31B3A2C145A630C3EF1EAA536670F87049@uswv1vdag02.vsnl.co.in>
 <000d01ce4681$652a0060$2f7e0120$@nfinausa.com>
 <FB3EBB31B3A2C145A630C3EF1EAA536670F870C2@uswv1vdag02.vsnl.co.in>
 <000601ce4688$b2ec24c0$18c46e40$@nfinausa.com>
 <FB3EBB31B3A2C145A630C3EF1EAA536670F8714C@uswv1vdag02.vsnl.co.in>
 <001501ce468f$21f40170$65dc0450$@nfinausa.com>
 <FB3EBB31B3A2C145A630C3EF1EAA536670F871AF@uswv1vdag02.vsnl.co.in>
In-Reply-To: <FB3EBB31B3A2C145A630C3EF1EAA536670F871AF@uswv1vdag02.vsnl.co.in>
Subject: RE: router not working
Date: Wed, 1 May 2013 14:47:28 -0500
Message-ID: <000301ce46a4$b666e2e0$2334a8a0$@nfinausa.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
thread-index: 
 AQGHlJqTTa2b+bq8VKPbL52uAxSmNgDUmr7fAa4OEdQCaFJ5RAJOtWzeAM3vTQcCb7bD+gLBoJuIAUJYKpoBpvx7j5j9DaYQ
Content-Language: en-us

I built another one, this time from my own Network service offering.

Same result.

Warren

-----Original Message-----
From: Oliver Leach [mailto:Oliver.Leach@tatacommunications.com] 
Sent: Wednesday, May 01, 2013 1:32 PM
To: users@cloudstack.apache.org
Subject: RE: router not working

That looks good to me. Couple of suggestions: try to ping the gateway of the
public network, 172.16.1.1. You could try a tcpdump. You need to run this on
the domain router console - tcpdump -n -tttt -i eth2 icmp. Then on the dom0
console on the xenserver the domain router is running on, run this - ssh
root@169.254.0.47 -p 3922 -i /root/.ssh/id_rsa.cloud - that will log you in
to the domain router via the link local network (169.254.0.47 seems to be
the IP link local address on the domain router from your output below. Then
run ping once logged in and check the output on the domain router console. 

Have you tried to destroy the domain router and create a new one? A new
domain router should be created when you create another VM.

Hope that helps!


-----Original Message-----
From: Warren Nicholson [mailto:warren.nicholson@nfinausa.com] 
Sent: Wednesday, May 01, 2013 6:13 PM
To: users@cloudstack.apache.org
Subject: RE: router not working

root@r-12-VM:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
172.16.1.0      0.0.0.0         255.255.255.0        U         0 0      0
eth2
10.1.1.0          0.0.0.0         255.255.255.0        U         0 0      0
eth0
169.254.0.0     0.0.0.0        255.255.0.0            U         0 0      0
eth1
0.0.0.0         172.16.1.1      0.0.0.0                  UG        0 0
0           eth2

[root@HV1 ~]# xe vif-list params=network-name-label,vm-name-label,device
vm-name-label=s-10-VM
vm-name-label ( RO)         : s-10-VM
                device ( RO): 0
 network-name-label ( RO): cloud_link_local_network


vm-name-label ( RO)         : s-10-VM
                device ( RO): 2
 network-name-label ( RO): VLAN-1d4e2ee4-6c9f-6587-71e5-180c5ba901a7-20


vm-name-label ( RO)         : s-10-VM
                device ( RO): 3
 network-name-label ( RO): storage


[root@HV1 ~]# xe vif-list params=network-name-label,vm-name-label,device
vm-name-label=r-12-VM
vm-name-label ( RO)         : r-12-VM
                device ( RO): 0
 network-name-label ( RO): VLAN-1d4e2ee4-6c9f-6587-71e5-180c5ba901a7-796


vm-name-label ( RO)         : r-12-VM
                device ( RO): 2
network-name-label ( RO): VLAN-1d4e2ee4-6c9f-6587-71e5-180c5ba901a7-20


vm-name-label ( RO)         : r-12-VM
                device ( RO): 1
network-name-label ( RO): cloud_link_local_network


I appreciate the assistance...


Warren

-----Original Message-----
From: Oliver Leach [mailto:Oliver.Leach@tatacommunications.com]
Sent: Wednesday, May 01, 2013 11:55 AM
To: users@cloudstack.apache.org
Subject: RE: router not working

And a netstat -rn on the domain router? Does the SSVM (which works) have a
similar ifconfig output and a similar netsta -rn output?

It is difficult to say that the virtual routers networks are correct from
the output below. Try this:

xe vif-list params=network-name-label,vm-name-label,device
vm-name-label=<SSVM name label s-xxx> 

xe vif-list params=network-name-label,vm-name-label,device
vm-name-label=<domain router name label v-xxx>


-----Original Message-----
From: Warren Nicholson [mailto:warren.nicholson@nfinausa.com]
Sent: Wednesday, May 01, 2013 5:27 PM
To: users@cloudstack.apache.org; aemneina@gmail.com
Subject: RE: router not working

1. We are using Advanced Zone.

2. 

root@r-12-VM:~# ifconfig |grep inet -B 2 
eth0      Link encap:Ethernet  HWaddr 02:00:15:4c:00:04  
          inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
          inet6 addr: fe80::15ff:fe4c:4/64 Scope:Link
--

eth1      Link encap:Ethernet  HWaddr 0e:00:a9:fe:00:2f  
          inet addr:169.254.0.47  Bcast:169.254.255.255  Mask:255.255.0.0
          inet6 addr: fe80::c00:a9ff:fefe:2f/64 Scope:Link
--

eth2      Link encap:Ethernet  HWaddr 06:99:5a:00:00:61  
          inet addr:172.16.1.226  Bcast:172.16.1.255  Mask:255.255.255.0
          inet6 addr: fe80::499:5aff:fe00:61/64 Scope:Link
--

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host

3.

[root@HV1 ~]# xe vif-list device=1
uuid ( RO)            : cfd2a22f-8dc6-757b-4171-3992c7e0f435
vm-uuid ( RO): 3f705289-bf96-e5ca-85fa-2572c27109cb
device ( RO): 1
network-uuid ( RO): fd7ce650-0d40-69ea-ba83-20287290ae15


uuid ( RO)            : 2fc93309-791a-317f-b48e-77b35efdf30e
vm-uuid ( RO): 7379ffda-9e45-49a0-0040-52a678a9c809
device ( RO): 1
network-uuid ( RO): 96b63187-9785-53f0-5cb3-bfd662f3d69a


uuid ( RO)            : a072870d-f8a5-9f82-9efd-9f62f7629597
vm-uuid ( RO): 281750f2-3b81-e2d5-48df-f3fed56f7bcf
device ( RO): 1
network-uuid ( RO): fd7ce650-0d40-69ea-ba83-20287290ae15

[root@HV1 ~]# xe pif-list VLAN=20
uuid ( RO)                  : 2e0c3966-2b1b-2fee-6609-8ee30c8d6693
device ( RO): eth1
currently-attached ( RO): true
VLAN ( RO): 20
network-uuid ( RO): 21fedae7-8424-272a-2a62-0c9343b683fe


uuid ( RO)                  : 4841d837-5975-3a42-a310-ceec11403581
                device ( RO): eth1
    currently-attached ( RO): true
                  VLAN ( RO): 20
          network-uuid ( RO): 21fedae7-8424-272a-2a62-0c9343b683fe

[root@HV1 ~]# xe network-list name-label=guest_public
uuid ( RO)                : 1d4e2ee4-6c9f-6587-71e5-180c5ba901a7
name-label ( RW): guest_public
name-description ( RW): 
bridge ( RO): xenbr1

[root@HV1 ~]# xe network-list
name-label=VLAN-1d4e2ee4-6c9f-6587-71e5-180c5ba901a7-20
uuid ( RO)                : 21fedae7-8424-272a-2a62-0c9343b683fe
name-label ( RW): VLAN-1d4e2ee4-6c9f-6587-71e5-180c5ba901a7-20
name-description ( RW): 
bridge ( RO): xapi3


Warren

-----Original Message-----
From: Oliver Leach [mailto:Oliver.Leach@tatacommunications.com]
Sent: Wednesday, May 01, 2013 10:44 AM
To: users@cloudstack.apache.org; aemneina@gmail.com
Subject: RE: router not working

Are you using basic zone or an advance zone?

In advance zone, the domain router should have 3 interfaces - 1 on the
private vlan, 1 on the linklocal network and one on the public network,
which is the source nat for the account. What does ifconfig |grep inet -B 2
output? And do these interfaces tie up with the correct networks in
XenCenter? Ie, private should belong to a private vlan, link local should be
connected using a 169.254.x.x address and the public interface should be
tied to the vlan of your public network. 

-----Original Message-----
From: Warren Nicholson [mailto:warren.nicholson@nfinausa.com]
Sent: Wednesday, May 01, 2013 4:35 PM
To: users@cloudstack.apache.org; aemneina@gmail.com
Subject: RE: router not working

I do find it interesting that Xenserver and XenCenter report one network
UUID and cloudstack another.

Why don't these agree?

Warren

-----Original Message-----
From: Oliver Leach [mailto:Oliver.Leach@tatacommunications.com]
Sent: Wednesday, May 01, 2013 9:47 AM
To: users@cloudstack.apache.org; aemneina@gmail.com
Subject: RE: router not working

I am assuming you are using XenServer. Is the domain router's public vif
using the correct network on the XenServer? This is the same network as the
ssvm and the console proxy which you say can access the internet. If the
domain router is on the same host using the same network and the same vlan
as the SSVM and the CP, then it should be able to ping the internet. 

Potentially, the other thing to check is your egress firewall rules for
cloudstack network allows outbound traffic. 

Oliver
--

-----Original Message-----
From: Warren Nicholson [mailto:warren.nicholson@nfinausa.com]
Sent: Wednesday, May 01, 2013 2:46 PM
To: users@cloudstack.apache.org; aemneina@gmail.com
Subject: RE: router not working

I dropped a direct connection to the HW using XenCenter, and statically
configured the IP.  That works fine, and I am able to get on the internet.

However, doing it this way, I've lost the firewall protection of the
Cloudstack Router.

I would still like to know why the router isn't working.....

Warren

-----Original Message-----
From: Ahmad Emneina [mailto:aemneina@gmail.com]
Sent: Tuesday, April 30, 2013 6:27 PM
To: Cloudstack users mailing list
Subject: Re: router not working

i would imagine your trunked public vlan is the issue. boot a vm and tag it
with the public vlan, see if it gets out. check the switches also, make sure
its trunked down properly.


On Tue, Apr 30, 2013 at 4:02 PM, Warren Nicholson <
warren.nicholson@nfinausa.com> wrote:

> When my router boots it can't ping its public side.
>
>
>
> What's up with that?
>
>
>
> Is the supplied router bad?
>
>
>
> Warren
>
>