cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Godard <sgod...@cloudops.com>
Subject Re: VPC network stats wrong on 4.7
Date Wed, 13 Jul 2016 14:58:22 GMT
After some more investigation, I think I’ve identified the problem. It was indeed the last
chain containing the wrong rules:

Chain NETWORK_STATS_eth1 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      eth1    0.0.0.0/0            10.188.218.0/24     
 275K  718M            all  --  *      eth1    10.188.218.0/24      0.0.0.0/0    

Should be:
Chain NETWORK_STATS_eth1 (1 references)
 pkts bytes target     prot opt in     out     source               destination          
       
 373K  828M            all  --  *      eth1    10.188.218.0/24      0.0.0.0/0           
81528  848M            all  --  eth1   *       0.0.0.0/0            10.188.218.0/24 

The order of the rules is important since it will be interpreted by CloudStack to be Bytes
sent first and Bytes received second. The in and out were also reversed. 

-- 
Simon

> On Jul 13, 2016, at 09:28, Simon Godard <sgodard@cloudops.com> wrote:
> 
> Hi,
> 
> After upgrading to ACS 4.7 and VRs to 4.6 we are noticing a regression in the Network
usage stats. The Network out (bytes sent) is now 0 and the Network received (bytes received)
appears to hold the stats of bytes sent. This is using VPCs without redundant VRs.
> 
> Here are the output of the iptables -L -v command:
> 
> ~# iptables -L -v -n
> Chain INPUT (policy DROP 36031 packets, 3454K bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            10.188.218.1    
    tcp dpt:80 state NEW
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            10.188.218.1    
    tcp dpt:53
>  8988  655K ACCEPT     udp  --  eth2   *       0.0.0.0/0            10.188.218.1    
    udp dpt:53
> 91565   11M NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
       
>     0     0 ACCEPT     udp  --  eth2   *       0.0.0.0/0            0.0.0.0/0       
    udp dpt:67
>     0     0 ACCEPT     udp  --  eth2   *       0.0.0.0/0            0.0.0.0/0       
    udp dpt:53
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:53
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:80 state NEW
>     0     0 ACCEPT     tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:8080 state NEW
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>  2936  244K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
> 52597 7459K ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0       
    tcp dpt:3922 state NEW,ESTABLISHED
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
>  560K 1307M NETWORK_STATS_eth1  all  --  *      *       0.0.0.0/0            0.0.0.0/0
          
>  560K 1307M NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
       
>  286K  589M ACL_INBOUND_eth2  all  --  *      eth2    0.0.0.0/0            10.188.218.0/24
    
>  275K  718M ACCEPT     all  --  *      *       10.188.216.0/22     !10.188.216.0/22 
   
> 
> Chain OUTPUT (policy ACCEPT 71914 packets, 10M bytes)
>  pkts bytes target     prot opt in     out     source               destination     
   
> 71955   10M NETWORK_STATS  all  --  *      *       0.0.0.0/0            0.0.0.0/0   
       
> 
> Chain ACL_INBOUND_eth2 (1 references)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            225.0.0.50      
   
>     0     0 ACCEPT     all  --  *      *       0.0.0.0/0            224.0.0.18      
   
>  286K  589M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0       
   
>     0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0       
   
> 
> Chain NETWORK_STATS (3 references)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0            tcp  --  eth0   eth2    0.0.0.0/0            0.0.0.0/0       
   
>     0     0            tcp  --  eth2   eth0    0.0.0.0/0            0.0.0.0/0       
   
>  275K  588M            tcp  --  !eth0  eth2    0.0.0.0/0            0.0.0.0/0       
   
>  264K  717M            tcp  --  eth2   !eth0   0.0.0.0/0            0.0.0.0/0       
   
> 
> Chain NETWORK_STATS_eth1 (1 references)
>  pkts bytes target     prot opt in     out     source               destination     
   
>     0     0            all  --  *      eth1    0.0.0.0/0            10.188.218.0/24 
   
>  275K  718M            all  --  *      eth1    10.188.218.0/24      0.0.0.0/0       
   
> 
> The last Chain (NETWORK_STATS_eth1 appears to be wrong since both rules have ‘in’
as * and ‘out’ as eth1.
> 
> Do you have an idea of what is going on?
> 
> Thanks
> -- 
> Simon Godard
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message