From users-return-30282-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org  Thu Apr  5 09:51:38 2018
Return-Path: <users-return-30282-apmail-cloudstack-users-archive=cloudstack.apache.org@cloudstack.apache.org>
X-Original-To: apmail-cloudstack-users-archive@www.apache.org
Delivered-To: apmail-cloudstack-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 510E918CC6
	for <apmail-cloudstack-users-archive@www.apache.org>; Thu,  5 Apr 2018 09:51:38 +0000 (UTC)
Received: (qmail 42858 invoked by uid 500); 5 Apr 2018 09:51:37 -0000
Delivered-To: apmail-cloudstack-users-archive@cloudstack.apache.org
Received: (qmail 42792 invoked by uid 500); 5 Apr 2018 09:51:37 -0000
Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@cloudstack.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@cloudstack.apache.org>
List-Post: <mailto:users@cloudstack.apache.org>
List-Id: <users.cloudstack.apache.org>
Reply-To: users@cloudstack.apache.org
Delivered-To: mailing list users@cloudstack.apache.org
Received: (qmail 42766 invoked by uid 99); 5 Apr 2018 09:51:36 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Apr 2018 09:51:36 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id A83BEC1D1B
	for <users@cloudstack.apache.org>; Thu,  5 Apr 2018 09:51:35 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.388
X-Spam-Level: **
X-Spam-Status: No, score=2.388 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_NONE=-0.0001,
	SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01]
	autolearn=disabled
Authentication-Results: spamd1-us-west.apache.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=arhont.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id 9QYl8z8DkLSg for <users@cloudstack.apache.org>;
	Thu,  5 Apr 2018 09:51:33 +0000 (UTC)
Received: from mail1.arhont.com (mail1.arhont.com [178.248.108.111])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id CC7D95F189
	for <users@cloudstack.apache.org>; Thu,  5 Apr 2018 09:51:32 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail1.arhont.com (Postfix) with ESMTP id 62D7314007A3
	for <users@cloudstack.apache.org>; Thu,  5 Apr 2018 10:51:25 +0100 (BST)
Received: from mail1.arhont.com ([127.0.0.1])
	by localhost (mail1.arhont.com [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id DeREDQuWoPSi for <users@cloudstack.apache.org>;
	Thu,  5 Apr 2018 10:51:23 +0100 (BST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by mail1.arhont.com (Postfix) with ESMTP id A7D031400BD1
	for <users@cloudstack.apache.org>; Thu,  5 Apr 2018 10:51:23 +0100 (BST)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail1.arhont.com A7D031400BD1
X-Virus-Scanned: amavisd-new at arhont.com
Received: from mail1.arhont.com ([127.0.0.1])
	by localhost (mail1.arhont.com [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id JgAYLhUGao1M for <users@cloudstack.apache.org>;
	Thu,  5 Apr 2018 10:51:23 +0100 (BST)
Received: from mail1.arhont.com (localhost.localdomain [127.0.0.1])
	by mail1.arhont.com (Postfix) with ESMTP id 7016B1400963
	for <users@cloudstack.apache.org>; Thu,  5 Apr 2018 10:51:23 +0100 (BST)
Date: Thu, 5 Apr 2018 10:51:22 +0100 (BST)
From: Andrei Mikhailovsky <andrei@arhont.com.INVALID>
To: users <users@cloudstack.apache.org>
Message-ID: <962263140.146253.1522921882063.JavaMail.zimbra@arhont.com>
Subject: VPC issues after upgrading from 4.9.3 to 4.11.0
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="=_7a5383c8-802f-4684-9db3-708e13dfea4f"
X-Mailer: Zimbra 8.7.11_GA_1854 (ZimbraWebClient - SAF11 (Mac)/8.7.11_GA_1854)
Thread-Index: c0a9/GwQNWkH64ZlJ369TAP+UwGJ5g==
Thread-Topic: VPC issues after upgrading from 4.9.3 to 4.11.0

--=_7a5383c8-802f-4684-9db3-708e13dfea4f
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello,=20

I have identified a critical VPC issue after we've upgraded to 4.11.0 on KV=
M hypervisors. The problem is the connectivity between network tiers within=
 the VPC stopped working after the upgrade. Doing VPC restart with the Clea=
n Up doesn't help.=20


It seems that the VPC's iptable rules are all messed up and they reference =
wrong interfaces. The iptable rules are all created using the eth0 interfac=
e and not using the tier's corresponding network interface. For example:=20


0 0 SNAT all =E2=80=94 * eth0 10.1.60.0/24 10.1.60.30 to:10.1.70.1=20
0 0 SNAT all =E2=80=94 * eth1 10.1.60.30 0.0.0.0/0 to:178.248.108.109=20
0 0 SNAT all =E2=80=94 * eth0 10.1.60.0/24 10.1.60.4 to:10.1.70.1=20
0 0 SNAT all =E2=80=94 * eth1 10.1.60.4 0.0.0.0/0 to:178.248.108.104=20
0 0 SNAT all =E2=80=94 * eth0 10.1.60.0/24 10.1.60.146 to:10.1.70.1=20
4 304 SNAT all =E2=80=94 * eth1 10.1.60.146 0.0.0.0/0 to:178.248.108.44=20

The network interface that corresponds to the 10.1.60.0/24 is on eth6. The =
same happens with=20

Could anyone suggest the fix for this?=20

Thanks=20

Andrei=20

--=_7a5383c8-802f-4684-9db3-708e13dfea4f--