[jira] [Commented] (CLOUDSTACK-6761) Destroying an Instance that has a Static NAT bound, the security policy is removed and the firewall filter term is removed however the proxy-arp entry is not

Tue, 27 May 2014 01:43:33 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-6761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14009501#comment-14009501
 ] 

ASF subversion and git services commented on CLOUDSTACK-6761:
-------------------------------------------------------------

Commit 9bb35ce11d8d6fb9454fbe2237baa98b3b06e087 in cloudstack's branch 
refs/heads/4.4 from Jayapal
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=9bb35ce ]

CLOUDSTACK-6761: Fixed removing proxy arp rule on deleting static nat or PF 
rule on ip

    The proxy-arp add/del is done on firewall rule add/del.
    The proxy-arp rule is deleted only when there is no static nat or dest nat 
rule is not using the ip.

    When there is static nat or PF and firewall rule
     a. Delete firewall rule. It skips delete proxy-arp because the rule is 
used by static nat rule.
     b. After deleting fw rule if we disable static nat there is no way to 
delete proxy-arp rule.

     On VM expunge we are deleting firewall rules first then static nat rules. 
This caused the stale proxy-arp
     rules.

    With this fix adding/deleting proxy arp rule on static nat/PF rule add/del.


> Destroying an Instance that has a Static NAT bound, the security policy is 
> removed and the firewall filter term is removed however the proxy-arp entry 
> is not
> -------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-6761
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6761
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Network Controller
>    Affects Versions: 4.0.0
>            Reporter: Jayapal Reddy
>            Assignee: Jayapal Reddy
>             Fix For: 4.4.0
>
>
> When destroying an Instance that has a Static NAT bound, the security policy 
> is removed and the firewall filter term is removed however the proxy-arp 
> entry is not
> This causing issue when network is configured with SRX and load balancer.
> For the same ip responses comes for two devices depending on who receives 
> first.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to