cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Weller <swel...@ena.com>
Subject Re: slow firewall
Date Tue, 04 Oct 2016 13:51:23 GMT
When I've seen something like this happen, there is a problem with the router script parsing
an input and so it returns a failure and the router is restarted.

You might need to put the agent in debug so you can see what exactly is failing when it tries
to inject rules into the VR.


4.8 has a bug like this for Private Gateway configs in VPCs. It is fixed in later versions.


- Si

________________________________
From: Janis Andersons | Failiem.lv <ja@failiem.lv>
Sent: Friday, September 30, 2016 4:23 AM
To: users@cloudstack.apache.org
Subject: Re: slow firewall

Restart fails and router keeps rebooting. Also if I reboot router it
keeps rebooting. Then I need to remove all firewall rules and and
restart it with clean up option to get it work again.

Janis Andersons
http://serveri.failiem.lv
serveri.failiem.lv | virtualie privatie serveri<http://serveri.failiem.lv/>
serveri.failiem.lv
DROSA UN BOJAJUMPIECIETIGA APARATURA. Tiek dubleti diski un serveri, ka ari datu centri, pec
pieprasijuma. Failiem.lv spej nodrosinat augstu noslodzi un ...



http://files.fm
[https://files.fm/images/files.fm_facebook_big2.jpg]<http://files.fm/>

Files.fm<http://files.fm/>
files.fm
Fast, Secure and Easy cloud file hosting, storage and safe sharing. FTP alternative. Free
signup. Unlimited download traffic via torrents.



http://failiem.lv
[https://failiem.lv/images/failiem.lv_facebook.jpg]<http://failiem.lv/>

Failiem.lv: atra, erta un drosa failu glabasana vai apmaina<http://failiem.lv/>
failiem.lv
Atrs, dross un erts serviss failu un foto glabasanai vai apmainai. FTP alternativa. Bezmaksas
registracija un failu glabasana. Neierobezots atrums un ...



mobile: +371 26606064
ja@failiem.lv

On 29.09.2016 23:32, Simon Weller wrote:
> What happens if you try and do a network restart with the cleanup option selected?
>
>
> ________________________________
> From: Janis Andersons | Failiem.lv <ja@failiem.lv>
> Sent: Thursday, September 29, 2016 6:25 AM
> To: users@cloudstack.apache.org
> Subject: Re: slow firewall
>
> Also If I try to restart network it ends with: Failed to restart network
> management log files:
> 2016-09-29 14:21:18,486 DEBUG    Seq 27-2522015791327480407: Processing:
> { Ans: , MgmtId: 95537004648, via: 27, Ver: v1, Flags: 10,
> [{"com.cloud.agent.api.Answer":{"result":false,"details":"Timed out in
> waiting SSH execution result","wait":0}}] }
> 2016-09-29 14:21:18,487 DEBUG    ctx-d2b04874) (logid:93af951b) Seq
> 27-2522015791327480407: Received: { Ans: , MgmtId: 95537004648, via:
> 27(xs4.failiem.lv), Ver: v1, Flags: 10, { Answer } }
> 2016-09-29 14:21:18,487 WARN    ctx-d2b04874) (logid:93af951b) Failed to
> re-program the network as a part of network Ntwk[248|Guest|67] implement
> due to aggregated commands execution failure!
> 2016-09-29 14:21:18,490 WARN    ctx-d2b04874) (logid:93af951b) Failed to
> implement network Ntwk[248|Guest|67] elements and resources as a part of
> network restart due to
> com.cloud.exception.ResourceUnavailableException: Resource
> [DataCenter:9]    to apply network rules as a part of network
> Ntwk[248|Guest|67] implement
>
> J. Andersons
>
> On 29.09.2016 14:08, Janis Andersons | Failiem.lv wrote:
>> Also adding Load balancer rules takes about 3 minutes.
>>
>>
>> On 29.09.2016 14:07, Janis Andersons | Failiem.lv wrote:
>>> I have total 20 firewall rules and 50 port forwarding rules for 12
>>> VMs and it takes more than 60 seconds to add new rule.
>>> If new IP is acquired adding new rule takes about 80 seconds even if
>>> there is no rules set for new IP.
>>> If I try to add multiple rules it takes much more time for first rule
>>> and sometimes another rules fails.
>>>
>>> Have tried to change service offering for router to 2 CPUs, 1GB ram
>>> but that doesn't help.
>>>
>>> Cloudstack 4.8, Xenserver, Shared Storage
>>> Virtual Router: Firewall, Vpn, Dhcp, SourceNat, PortForwarding, Lb,
>>> UserData, Dns.
>>>
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message