cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei Mikhailovsky <and...@arhont.com>
Subject ACS + KVM and strangeness with egress rules
Date Mon, 18 Aug 2014 20:26:42 GMT
Hello guys,

Has anyone noticed some intermittent issues with egress rules on ACS + KVM hypervisor? I've
noticed that occasionally VR would just stop allowing outbound traffic. There are rules for
egress filtering, but it just wouldn't work. Inbound traffic is working just fine, but vms
on the effected network are not able to connect to anything outside. 

I am seeing this on ACS 4.2.1 as well as on ACS 4.4 (my mate's install). 

This doesn't happen on all networks. I would say about 20-30% of my VRs are having this problem.
Stopping/starting VR doesn't help and restarting the network doesn't help either. I've noticed
that sometimes doing a network restart with the clean up option ticked does help. Other times
I would have to do the following trick to make egress work: migrate vr to a different host,
restart network with cleanup enabled, stop vr and start it again. Usually when nothing else
works, this one sorts it out. This problem happens with VPC VRs as well.

The strange thing for me is that the problem only started to happen when I've attempted to
upgrade to version 4.3.0, which didn't succeed because of the broken KVM support, which a
lot of people noticed. After the failed upgrade, I've downgraded back to 4.2.1 and this is
when I've noticed the egress misbehaviour. 

However, my friend's ACS has been doing this since the first install (I think since version
4.0). 

If someone else is experiencing similar problems, It would be great to share the experience
and workarounds.

cheers

Andrei

Mime
View raw message