cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonas Schlichtenbrede <jonas.schlichtenbr...@gmail.com>
Subject Working Site-to-Site VPN gets disconnected and VPC seems to forgets ACL’s
Date Thu, 21 Jul 2016 11:55:54 GMT
Hi CloudStack Users and Developers,

we’re currently implementing a new CloudStack environment based on 4.8.0.1
(System VM Template is 4.6) with XenServer 6.5 SP1 and all the latest
updates.

So far everything works as expected we only have an issue regarding the
stability of Site-to-Site VPNs within VPCs and we think ACL’s.

I’ll try to describe the problem and behaviour:

A connected and working S2S VPN switches to disconnected after some time
(usually a few hours). In relation to that the VPC seems to “forget” it’s
ACLs. Restarting only the Network Tier (a VM lives within) solves the
issues for a short period of time (1-3 hours). The state of the VPN
switches to connected and the S2S VPN is working again. Also pinging from
the VM to any public address is working again. Strange is, that for example
browsing to a website is working all the time. Isolated networks however
work like a charm.

We tried to solve this issue through several tests. We changing the network
setup and reducing the complexity just to get this behaviour isolated. But
it’s always the same. We also tried several different connections to
different customer gateways (firewalls) and a VPC-VPN to VPC-VPN connection
to another CloudStack deployment (based on Version 4.5.2) without any
success.

In addition, we tested several setups like CentOS 6 and CentOS 7, but again
always the same. We updated one installation to the master from yesterday
4.9.0.0-snapshot – again no success. We do not have any issues with version
4.5.2 – but this installation is in a different datacentre.

Below you’ll find some logs – the relevant IP for this test connection is:
*85.88.16.104*

CloudStack 4.8.0.1 Logs (Google Docs):

https://drive.google.com/open?id=1gqIjDdG1htps4p1t7m1uHSs7aNHplWp1Np83nH6e7zM


IPsec Logs from the Virtual Router:
https://drive.google.com/open?id=1ZWvhFu2P_Wv_lF8TgYMmexeS_KDag1Mp-kmuhl8l7uU


Thank you in advance for your help!

Jonas

PS: If possible from your site we can do a remote session to take a look at
the setup.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message