Github user dsclose commented on the pull request:
https://github.com/apache/cloudstack/pull/1413#issuecomment-205716220
@wilderrodrigues @ustcweizhou Sorry to arrive late to the party but this
appears to break/ignore some RvR functionality. 4 things in particular stand
out:
1. All public interfaces should be down in both redundanant virtual
routers. Non-public interfaces should be up. The master.py script will bring up
public interfaces on master routers. I had been discussing this with
@ustcweizhou on the Cloudstack mailing list, Wei had provided a solution based
upon the check_is_up method of the CsIP class (in CsAddress.py) but the commit
at 8bbea5eeb6598b213b78a324c184841dbba69280 in #1413 appears to contradict what
we discussed.
2. Redundant virtual routers can have multiple public interfaces.
Presumably, so can VPC routers - although I've not experimented with that. The
source-NAT IP will be assigned to eth2 - as will any public IP on the same
subnet. Public IPs on different subnets will be assigned to eth3, eth4, eth5
etc. with a new device being created for each separate subnet. The commit
11e61f7054234e17343e9a11948f1804d732ac6c in #1413 does not account for this.
3. Because of point 2, we know that a new interface will be created on an
RvR when an IP on a new subnet is assigned to it. Because of point 1, we know
that that interface will be down because the master.py script will not have run
since it was created. Currently a failover must be induced before this
interface will be brought up - I'm yet to address this issue because of point
4, next.
4. Currently static-NATs do not work on RvR setup when they are on a
different subnet to the source-NAT IP. There are two reasons for this; one is
missing iptables config allowing traffic across interfaces other than eth2. The
second reason is that connmarks are being assigned to outbound traffic from
eth0 (guest network) which are being used to match traffic to an interface in
the IP rules. Traffic intended for a public network therefore gets routed out
of the default gateway interface (eth2), breaking any static-NAT traffic on
public IPs not assigned to eth2.
I'd like to contribute to points 3 and 4 but issue #1413 appears to have
been marked as closed. To remedy these points I might need to overwrite code
committed as part of this issue, so it seems best to start a conversation about
it before rolling the sleeves up and getting stuck in.
Are these issues being considered else where?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
