midhunpjos opened a new issue, #8562:
URL: https://github.com/apache/cloudstack/issues/8562
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
VPC
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on main
branch.
-->
~~~
4.18.1
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
~~~
Advanced Zone, Network VPC
~~~
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
~~~
Cloudstack 4.18 on KVM
Multiple /27 IP's for Public
~~~
##### SUMMARY
<!-- Explain the problem/feature briefly -->
Unable to Reach Public IP, which is in same deployment from VM's deployed
in VPC
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal
test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
Cloudstack deployment is having multiple /27 IP addresses added to public
Range. Deploy A VPC and acquire Multiple public IP from each /27 subnet. From
any of the VM's deployed in the VPC we are not able to reach the above public
IP's except one.
checked the VPC router and the routing table is added as below
~~~
default via 99.127.xxx.65 dev eth1
10.20.1.0/24 dev eth5 proto kernel scope link src 10.20.1.1
10.20.2.0/24 dev eth6 proto kernel scope link src 10.20.2.1
169.254.0.0/16 dev eth0 proto kernel scope link src 169.254.198.170
99.127.xxx.32/27 dev eth2 proto kernel scope link src 99.127.xxx.51
99.127.xxx.64/27 dev eth1 proto kernel scope link src 99.127.xxx.93
99.127.xxx.96/27 dev eth3 proto kernel scope link src 99.127.xxx.125
~~~
From any VM's in VPC I can reach 99.127.xxx.64/27 subnet. Remaining public
subnets are not reachable. From the VM We tried to ping the IP 99.127.xxx.107
(Firewall was Open to public for ICMP), but not pinging
On capturing the packets we could see that packets are leaving the source
network and its reaching VR with IP 99.127.xxx.107 but no response is received.
Packet Capture at source VPC router
~~~
03:34:16.950824 IP css1-cks-shared-1-node-18bb5b445d5 > 99.127.xxx.107: ICMP
echo request, id 7168, seq 0, length 64
03:34:17.950957 IP css1-cks-shared-1-node-18bb5b445d5 > 99.127.xxx.107: ICMP
echo request, id 7168, seq 1, length 64
~~~
Received packets at 99.127.xxx.107 VR
~~~
03:34:16.950549 IP 10.20.2.137 > 99.127.xxx.107: ICMP echo request, id 7168,
seq 0, length 64
03:34:16.951536 IP 99.127.xxx.107 > 10.20.2.137: ICMP echo reply, id 7168,
seq 0, length 64
03:34:17.950598 IP 10.20.2.137 > 99.127.xxx.107: ICMP echo request, id 7168,
seq 1, length 64
03:34:17.951405 IP 99.127.xxx.107 > 10.20.2.137: ICMP echo reply, id 7168,
seq 1, length 64
~~~
On above we could see that the source IP address is marked as '10.20.2.137'
and from the 99.127.xxx.107 router this Private IP will not be reachable.
Ideally It should be the Public IP address of VPC.
Please let us know your comments on this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
