DeepthiMachiraju created CLOUDSTACK-9947:
--------------------------------------------
Summary: When No PF rules exist for the Public IP , the IP is not
erased from the forwardingrules.json file in VPC VR .
Key: CLOUDSTACK-9947
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9947
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Virtual Router
Affects Versions: 4.10.0.0
Reporter: DeepthiMachiraju
Fix For: 4.10.0.0
Attachments: Ms_log.txt
- Create VPC , and deploy a vm in a Tier.
- acquire public IP to VPC and configure a single pf rule say for port 80.
- Able to sucesfully http to the VM.
- Now delete the PF rule .
Observation :
- Rule is deleted from UI , db but forwardingrules.json is not cleaned up
properly .
- Only after the VPC restart with clean up , the IP is removed from json file.
root@r-54-VM:/etc/cloudstack# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 0e:00:a9:fe:01:16 brd ff:ff:ff:ff:ff:ff
inet 169.254.1.22/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 06:a5:6e:00:00:0d brd ff:ff:ff:ff:ff:ff
inet 10.147.30.112/24 brd 10.147.30.255 scope global eth1
inet 10.147.30.113/24 brd 10.147.30.255 scope global secondary eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 02:00:1f:19:00:15 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 02:00:61:e6:00:05 brd ff:ff:ff:ff:ff:ff
inet 172.16.2.1/24 brd 172.16.2.255 scope global eth3
root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack# cat forwardingrules.json
{
"10.147.30.113": [
{
"internal_ip": "172.16.2.10",
"internal_ports": "80:80",
"protocol": "tcp",
"public_ip": "10.147.30.113",
"public_ports": "80:80",
"type": "forward"
}
],
"id": "forwardingrules"
}root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack#
root@r-54-VM:/etc/cloudstack# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.147.30.113 tcp dpt:http
to:172.16.2.10:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.147.30.113 tcp dpt:http
to:172.16.2.10:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 172.16.2.0/24 anywhere to:172.16.2.1
SNAT all -- 172.16.1.0/24 anywhere to:172.16.1.1
SNAT all -- anywhere anywhere to:10.147.30.112
SNAT all -- anywhere anywhere to:10.147.30.113
SNAT tcp -- anywhere 10.147.30.113 tcp dpt:http
to:172.16.2.10:80
root@r-54-VM:/etc/cloudstack#
mysql> select * from port_forwarding_rules;
+-----+-------------+-----------------+-----------------+---------------+
| id | instance_id | dest_ip_address | dest_port_start | dest_port_end |
+-----+-------------+-----------------+-----------------+---------------+
| 119 | 24 | 172.16.2.10 | 80 | 80 |
+-----+-------------+-----------------+-----------------+---------------+
1 row in set (0.00 sec)
-------- logs post deletion of pf rule ----------------
root@r-54-VM:/etc/cloudstack# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 0e:00:a9:fe:01:16 brd ff:ff:ff:ff:ff:ff
inet 169.254.1.22/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 06:a5:6e:00:00:0d brd ff:ff:ff:ff:ff:ff
inet 10.147.30.112/24 brd 10.147.30.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 02:00:1f:19:00:15 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 02:00:61:e6:00:05 brd ff:ff:ff:ff:ff:ff
inet 172.16.2.1/24 brd 172.16.2.255 scope global eth3
root@r-54-VM:/etc/cloudstack#
*********************************************
root@r-54-VM:/etc/cloudstack# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 172.16.2.0/24 anywhere to:172.16.2.1
SNAT all -- 172.16.1.0/24 anywhere to:172.16.1.1
SNAT all -- anywhere anywhere to:10.147.30.112
SNAT all -- anywhere anywhere to:10.147.30.113
**********************************************
root@r-54-VM:/etc/cloudstack# cat forwardingrules.json
{
"10.147.30.113": [],
"id": "forwardingrules"
}
Attached MS logs
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
