cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vitaly Pashkov" <ad...@fluda.net>
Subject Virtual router started with 4 NICs, no internet in guests
Date Sat, 16 May 2015 16:48:09 GMT
Hi all.
I’am running CS 4.5.1 from ShapeBlue Upstream packages on Ubuntu 14.04.1 with KVM as a hypervisor.
Advanced zone with VLAN isolation for public networks and VXLAN for guests. Have created some
instances with isolated networks. Infrastructure -> Virtual Routers -> r-4-VM ->
NICs tab shows that there should be 3 NICs (guests net, link-local and public). But I found
that there are 4 instead, with 2 public interfaces with the same public ip. Here how it looks
from the inside of this VR:

root@r-4-VM:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:05:f5:00:02 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 brd 10.10.10.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 0e:00:a9:fe:02:dc brd ff:ff:ff:ff:ff:ff
    inet 169.254.2.220/16 brd 169.254.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 06:b5:86:00:00:f3 brd ff:ff:ff:ff:ff:ff
    inet 78.11.57.13/26 brd 78.11.57.63 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 06:4e:c0:00:00:f3 brd ff:ff:ff:ff:ff:ff
    inet 78.11.57.13/26 brd 78.11.57.63 scope global eth3

root@r-4-VM:~# ip r l
default via 78.11.57.1 dev eth2
10.10.10.0/24 dev eth0  proto kernel  scope link  src 10.10.10.1
78.11.57.0/26 dev eth2  proto kernel  scope link  src 78.11.57.13
78.11.57.0/26 dev eth3  proto kernel  scope link  src 78.11.57.13
169.254.0.0/16 dev eth1  proto kernel  scope link  src 169.254.2.220

root@r-4-VM:~# ip rule list
0:      from all lookup local
32764:  from all fwmark 0x3 lookup Table_eth3
32765:  from 78.11.57.0/26 lookup Table_eth3
32766:  from all lookup main
32767:  from all lookup default

root@r-4-VM:~# ip r l t Table_eth3
default via 78.11.57.1 dev eth2  proto static
throw 10.10.10.0/24  proto static
throw 78.11.57.0/26  proto static
throw 169.254.0.0/16  proto static

And this is an interfaces definition in libvirt (p10p1 is a trunk interface for public (vlan10)
and management (native vlan) traffic):

    <interface type='bridge'>
      <mac address='02:00:05:f5:00:02'/>
      <source bridge='brvx-967'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet7'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <rom bar='off' file='dummy'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='0e:00:a9:fe:02:dc'/>
      <source bridge='cloud0'/>
      <target dev='vnet8'/>
      <model type='virtio'/>
      <alias name='net1'/>
      <rom bar='off' file='dummy'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='06:b5:86:00:00:f3'/>
      <source bridge='brp10p1-10'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet9'/>
      <model type='virtio'/>
      <alias name='net2'/>
      <rom bar='off' file='dummy'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='06:4e:c0:00:00:f3'/>
      <source bridge='brp10p1-10'/>
      <target dev='vnet10'/>
      <model type='virtio'/>
      <alias name='net3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </interface>

Guests can ping internal VR ip address and even its public ip, but nothing from the outside
no matter what the firewall configuration is (i can even set FORWARD chain to ACCEPT policy).
Removing routes for eth2 and switching default route to eth3 helps, but new virtual routers
will continue to create 4 NICs, so this is just a temporary solution. Does anyone experiencing
the same problem or having any idea why it may happens to me?




Mime
View raw message