[jira] [Commented] (CLOUDSTACK-5282) KVM - Advanced zone Isolated networks - Egress rules are not functional because of router having mutiple nics for the public ip address.

Jayapal Reddy (JIRA) Tue, 28 Apr 2015 05:27:53 -0700

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-5282?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14516951#comment-14516951
 ]


Jayapal Reddy commented on CLOUDSTACK-5282:
-------------------------------------------

can you please check /var/cache/cloud/cmdline in router. 
This file contains information about the router default interfaces. Check if 
this has eth3 by any chance ?

w.r.t egress rules there is no issue. All iptables rlues are configured 
correctly. 
With default offering egress default policy is false. So all the egress traffic 
is blocked. You need rules to allow traffic, that you have done.

> KVM - Advanced zone  Isolated networks - Egress rules are not functional 
> because of router having mutiple nics for the public ip address.
> -----------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-5282
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-5282
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Management Server
>    Affects Versions: 4.3.0
>         Environment: Build from 4.3 using 64 bit system templates.
>            Reporter: Sangeetha Hariharan
>            Assignee: Jayapal Reddy
>            Priority: Critical
>             Fix For: 4.3.0
>
>         Attachments: management-server.rar
>
>
> KVM - Advanced zone  Isolated networks - Egress rules are not functional. 
> Steps to reproduce the problem:
> Advanced zone with 2 KVM hosts (rhel6.3),  Isolated network with 20 vms.
> Create a egress rule to allow all traffic to all cidrs.
> From Vm , try to ping google.com
> We are not able to ping/ssh outside from the VM.
> Egress rules are programmed in the router.
> But I see that the router has as many NICs as the number of Vms that it 
> services asssigned to the same public Ip address but with 2 different MAC 
> address.
> root@r-10-MyTestVM:~# ip route
> default via 10.223.138.129 dev eth2
> 10.1.1.0/24 dev eth0  proto kernel  scope link  src 10.1.1.1
> 10.223.138.128/26 dev eth2  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth3  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth4  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth5  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth6  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth7  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth8  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth9  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth10  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth11  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth12  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth13  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth14  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth15  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth16  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth17  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth18  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth19  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth20  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth21  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth22  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth23  proto kernel  scope link  src 10.223.138.137
> 10.223.138.128/26 dev eth24  proto kernel  scope link  src 10.223.138.137
> 169.254.0.0/16 dev eth1  proto kernel  scope link  src 169.254.3.13
> root@r-10-MyTestVM:~# ifconfig
> eth0      Link encap:Ethernet  HWaddr 02:00:51:27:00:02
>           inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::51ff:fe27:2/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:757 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:324 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:116494 (113.7 KiB)  TX bytes:44376 (43.3 KiB)
> eth1      Link encap:Ethernet  HWaddr 0e:00:a9:fe:03:0d
>           inet addr:169.254.3.13  Bcast:169.254.255.255  Mask:255.255.0.0
>           inet6 addr: fe80::c00:a9ff:fefe:30d/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:14587 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:13791 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2392297 (2.2 MiB)  TX bytes:2634222 (2.5 MiB)
> eth2      Link encap:Ethernet  HWaddr 06:e5:16:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4e5:16ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:642 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:31140 (30.4 KiB)  TX bytes:8472 (8.2 KiB)
> eth3      Link encap:Ethernet  HWaddr 06:20:ce:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::420:ceff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:616 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:28826 (28.1 KiB)  TX bytes:402 (402.0 B)
> eth4      Link encap:Ethernet  HWaddr 06:2c:f0:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::42c:f0ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:598 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:27718 (27.0 KiB)  TX bytes:486 (486.0 B)
> eth5      Link encap:Ethernet  HWaddr 06:32:ae:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::432:aeff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:589 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:27256 (26.6 KiB)  TX bytes:570 (570.0 B)
> eth6      Link encap:Ethernet  HWaddr 06:5d:66:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::45d:66ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:579 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:26732 (26.1 KiB)  TX bytes:654 (654.0 B)
> eth7      Link encap:Ethernet  HWaddr 06:3b:46:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::43b:46ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:568 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:26234 (25.6 KiB)  TX bytes:808 (808.0 B)
> eth8      Link encap:Ethernet  HWaddr 06:50:fe:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::450:feff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:553 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:25518 (24.9 KiB)  TX bytes:822 (822.0 B)
> eth9      Link encap:Ethernet  HWaddr 06:b9:ce:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4b9:ceff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:539 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:24930 (24.3 KiB)  TX bytes:976 (976.0 B)
> eth10     Link encap:Ethernet  HWaddr 06:9f:ce:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::49f:ceff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:522 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:24180 (23.6 KiB)  TX bytes:990 (990.0 B)
> eth11     Link encap:Ethernet  HWaddr 06:ce:f0:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4ce:f0ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:501 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:23214 (22.6 KiB)  TX bytes:1074 (1.0 KiB)
> eth12     Link encap:Ethernet  HWaddr 06:27:08:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::427:8ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:480 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:22296 (21.7 KiB)  TX bytes:1158 (1.1 KiB)
> eth13     Link encap:Ethernet  HWaddr 06:f1:f6:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4f1:f6ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:457 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:21294 (20.7 KiB)  TX bytes:1312 (1.2 KiB)
> eth14     Link encap:Ethernet  HWaddr 06:ae:66:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4ae:66ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:431 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:20152 (19.6 KiB)  TX bytes:1326 (1.2 KiB)
> eth15     Link encap:Ethernet  HWaddr 06:e3:52:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4e3:52ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:404 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:18982 (18.5 KiB)  TX bytes:1458 (1.4 KiB)
> eth16     Link encap:Ethernet  HWaddr 06:af:18:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4af:18ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:372 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:17518 (17.1 KiB)  TX bytes:1494 (1.4 KiB)
> eth17     Link encap:Ethernet  HWaddr 06:0c:7a:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::40c:7aff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:342 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:16258 (15.8 KiB)  TX bytes:1578 (1.5 KiB)
> eth18     Link encap:Ethernet  HWaddr 06:e1:62:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4e1:62ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:309 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:14836 (14.4 KiB)  TX bytes:1710 (1.6 KiB)
> eth19     Link encap:Ethernet  HWaddr 06:13:46:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::413:46ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:273 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:13274 (12.9 KiB)  TX bytes:1794 (1.7 KiB)
> eth20     Link encap:Ethernet  HWaddr 06:bf:20:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4bf:20ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:236 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:11684 (11.4 KiB)  TX bytes:1878 (1.8 KiB)
> eth21     Link encap:Ethernet  HWaddr 06:33:58:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::433:58ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:195 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:9878 (9.6 KiB)  TX bytes:1962 (1.9 KiB)
> eth22     Link encap:Ethernet  HWaddr 06:e8:dc:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4e8:dcff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:152 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:7932 (7.7 KiB)  TX bytes:2046 (1.9 KiB)
> eth23     Link encap:Ethernet  HWaddr 06:57:32:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::457:32ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:109 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:6112 (5.9 KiB)  TX bytes:2130 (2.0 KiB)
> eth24     Link encap:Ethernet  HWaddr 06:db:f6:00:00:19
>           inet addr:10.223.138.137  Bcast:10.223.138.191  Mask:255.255.255.192
>           inet6 addr: fe80::4db:f6ff:fe00:19/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:84 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:5386 (5.2 KiB)  TX bytes:3096 (3.0 KiB)
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:2 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:214 (214.0 B)  TX bytes:214 (214.0 B)
> root@r-10-MyTestVM:~#
> This seems to be the reason why egress traffic is not being established.
>  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (CLOUDSTACK-5282) KVM - Advanced zone Isolated networks - Egress rules are not functional because of router having mutiple nics for the public ip address.

Reply via email to