From users-return-33149-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Tue Jul 9 16:44:25 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id BB26A18062B for ; Tue, 9 Jul 2019 18:44:24 +0200 (CEST) Received: (qmail 3084 invoked by uid 500); 9 Jul 2019 16:44:22 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 3059 invoked by uid 99); 9 Jul 2019 16:44:21 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Jul 2019 16:44:21 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 5451CC09F3 for ; Tue, 9 Jul 2019 16:44:21 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 5.098 X-Spam-Level: ***** X-Spam-Status: No, score=5.098 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=2, KAM_BADIPHTTP=2, KAM_SHORT=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=0.001, PDS_NO_HELO_DNS=1.294, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id pqsZ8uDj8RLU for ; Tue, 9 Jul 2019 16:44:19 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2607:f8b0:4864:20::22c; helo=mail-oi1-x22c.google.com; envelope-from=jesse.waters@gmail.com; receiver= Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 8DDDA7E209 for ; Tue, 9 Jul 2019 16:44:18 +0000 (UTC) Received: by mail-oi1-x22c.google.com with SMTP id m202so15868272oig.6 for ; Tue, 09 Jul 2019 09:44:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Dw+mol7gwptyB5YvlVjH1U59t4jWrH6xMemDzTQxyP8=; b=shqT2CVQ6B9zLm/0xAPcUsx6vYu19J6Cx+MJu3hLRo85jlbPxhhrIjKiOE9qiyPb2B d5xiTXUjWValVrtzPIfmqDBt3zPs3E3HOOm/DQLzGWmduZCH3mLZYljxMZU0CHqarcCS iqovxmc7t9CeLMfkN2ARvTAgVuNg5nUGm9G3bvw61P9d3AP5WcR1U/FvmopOb0wET9sr G3pvjf2SnbQpEG33p3XtWDxgOenkiIy/Qeg+hxcisuNL7VcnkNiFWnq/K2ooymqH6CE0 hNwoV2w92U+bcj5zqm8CwDouUgqphm/BzJKmMJTSe9HzQPXXc7v/8c4PaOrjPqLb5oZY 5new== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Dw+mol7gwptyB5YvlVjH1U59t4jWrH6xMemDzTQxyP8=; b=StbqZSsvktTfR9gNVPJFYEPRLVisuh4BbAZyjm1UdzLlEwqjpzqObkifAFIeIWf6Ld DLnkhQi1cwBp5BIUNC/kgM8hAkzdzwYrQEKWXuDlXfwMFi7gBZ/fo3CtW8he63p/pYG9 SsIk8cn4EM2XudWmLOMwcZ/crvo6ASliQ0LHuMVCwaFCBn+XhgUkWBqFx/l87d4ilXoz L1BZX8+Yi5syCwz3vVvnPY3NKoCkHgmD7OY6wuiVv7taKvE1BLjT3armBNkj27AKe6n1 j46kwTuQpL0rgv9B9zWkdsZSZLvWRr3RE0OYyc/eRfkAfQHO7BTASIHA+4Yl4qCry5H+ yaPA== X-Gm-Message-State: APjAAAXjqLzXhwrcnuVqdSIt1yWUPLXUXq8eblqBQI8HrJx3rh9G1Yh7 UQ+vMYWgAlbpbrsvCi6nDfbHoY8JcWoIE9y2FSdVHfkn X-Google-Smtp-Source: APXvYqz1N6M6pe8TUWtF2MMnSRP56FeP+ahKZy81pWbDMbgfjwk0BpE2x/2mjl7RqoziEndU2qvLWAswY5+DDjhnYiw= X-Received: by 2002:aca:e641:: with SMTP id d62mr624135oih.24.1562690656924; Tue, 09 Jul 2019 09:44:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: jesse.waters@gmail.com Date: Tue, 9 Jul 2019 12:44:05 -0400 Message-ID: Subject: Re: DHCP instance/vm issue To: users@cloudstack.apache.org Content-Type: multipart/alternative; boundary="0000000000007ff7d6058d424502" --0000000000007ff7d6058d424502 Content-Type: text/plain; charset="UTF-8" Interesting proxy in to vm pkill dhclient dhclient -x dhclient eth0 get ip I expected, odd On Tue, Jul 9, 2019 at 11:16 AM wrote: > > My vm was assigned an ip from our endpoint DHCP server, not from VR. Do I > need to add firewall rule(s) to force DHCP request to VR? I probably missed > a part of setup w/KVM hosts and or within management when I defined the > zone/pod/... > > This seems to be correct, VR is running on a different host then the vm. > > Chain i-2-11-VM-eg (1 references) > pkts bytes target prot opt in out source > destination > 0 0 RETURN all -- * * 0.0.0.0/0 > 0.0.0.0/0 > > Chain i-2-11-def (2 references) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > --physdev-is-bridged udp spt:68 dpt:67 > 0 0 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-out vnet0 > --physdev-is-bridged udp spt:67 dpt:68 > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > --physdev-is-bridged ! match-set i-2-11-VM src > 0 0 RETURN udp -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > --physdev-is-bridged match-set i-2-11-VM src udp dpt:53 > 0 0 RETURN tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > --physdev-is-bridged match-set i-2-11-VM src tcp dpt:53 > 0 0 i-2-11-VM-eg all -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-in vnet0 > --physdev-is-bridged match-set i-2-11-VM src > 15 1963 i-2-11-VM all -- * * 0.0.0.0/0 > 0.0.0.0/0 PHYSDEV match --physdev-out vnet0 > --physdev-is-bridged > > > > Thanks for quick response Andrija! > > - Jesse > > > > > On Tue, Jul 9, 2019 at 10:39 AM Andrija Panic > wrote: > >> ACS will only offer DHCP leases to its VMs, via DHCP reservation.. If you >> have another DHCP server in your area, than it might be quicker to offer a >> lease to a VM. You have to either remove your non-ACS DHCP server >> completely, OR make sure it uses reservation for non-ACS servers/hosts >> i.e. >> NOT let it issue leases freely to anyone who asks for it. Pure DHCP >> "problem" - i.e. nothing to do with ACS specifically. >> >> Best, >> Andrija >> >> On Tue, Jul 9, 2019, 20:27 wrote: >> >> > Have a DHCP issue where vm pulls from ACS proxy properly sometimes and >> > other when it pulls from our normal dhcp server for end-points. >> > >> > Network layout is flat, and I ACS is using basic network with security >> > groups. IP range for acs is within range of our normal network so vms >> and >> > endpoints will flow without additional hardware. How do I ensure dhcp >> > requests are served by router vm and not our normal dhcp server? >> > >> > TIA, >> > Jesse >> > >> > --0000000000007ff7d6058d424502--