答复: Build CloudStack 4.10.0 Error

[li jerry]

Think Rafael Weingärtner



I have already passed the build after the change. Is this because the openssl 
version of my build machine is too low?



Root@59e9a8871fe8:/mnt/build# openssl version -a

OpenSSL 1.0.1f 6 Jan 2014

Built on: Wed Apr 18 18:30:39 UTC 2018

Platform: debian-amd64

Options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)

Compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
-DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector 
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE = 
2 -Wl, -Bsymbolic-functions -Wl, -z, relro -Wa, - noexecstack -Wall 
-DMD32_REG_T = int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
-DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM 
-DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM 
-DGHASH_ASM

OPENSSLDIR: "/usr/lib/ssl"




发件人: Rafael Weingärtner 
发送时间: Tuesday, November 13, 2018 11:44:37 PM
收件人: dev
抄送: users
主题: Re: Build CloudStack 4.10.0 Error

This is a known problem, and it is fixed with:
https://github.com/apache/cloudstack/pull/2674

On Tue, Nov 13, 2018 at 1:42 PM Rohit Yadav 
wrote:

> Can you try with 4.11 branch or latest master? 4.10 is not a maintained
> branch and likely have env caused errors due to supported ciphers and tls
> versions in jre/jdk.
>
> Regards.
>
>
> Regards,
> Rohit Yadav
>
> 
> From: li jerry 
> Sent: Tuesday, November 13, 2018 9:04:34 PM
> To: us...@cloudstack.apache.org; dev@cloudstack.apache.org
> Subject: Build CloudStack 4.10.0 Error
>
> Hi All
>
>I made a mistake in compiling cloudstack 4.10.0 through docker
> image (khos2ow/cloudstack-deb-builder: 14.04).
>
> Please help me. Thank you!
>
> ---
> T E S T S
> ---
> Running streamer.BaseElementTest
> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.103 sec
> - in streamer.BaseElementTest
> Running streamer.ByteBufferTest
> Tests run: 400, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091
> sec - in streamer.ByteBufferTest
> Running rdpclient.MockServerTest
> Error in mock server: Received fatal alert: handshake_failure
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure
>at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
>at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
>at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>at streamer.debug.MockServer.run(MockServer.java:122)
>at java.lang.Thread.run(Thread.java:748)
> Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.186 sec
> <<< FAILURE! - in rdpclient.MockServerTest
> testIsMockServerCanUpgradeConnectionToSsl(rdpclient.MockServerTest)  Time
> elapsed: 0.18 sec  <<< ERROR!
> javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is
> disabled or cipher suites are inappropriate)
>at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
>at
> sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
>at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>at
> rdpclient.MockServerTest.testIsMockServerCanUpgradeConnectionToSsl(MockServerTest.java:166)
>
> Running common.ClientTest
> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.262 sec
> - in common.ClientTest
>
> Results :
>
> Tests in error:
>   MockServerTest.testIsMockServerCanUpgradeConnectionToSsl:166 ?
> SSLHandshake No...
>
> Tests run: 404, Failures: 0, Errors: 1, Skipped: 0
>
>
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

--
Rafael Weingärtner

Re: Build CloudStack 4.10.0 Error

[Rafael Weingärtner]

This is a known problem, and it is fixed with:
https://github.com/apache/cloudstack/pull/2674

On Tue, Nov 13, 2018 at 1:42 PM Rohit Yadav 
wrote:

> Can you try with 4.11 branch or latest master? 4.10 is not a maintained
> branch and likely have env caused errors due to supported ciphers and tls
> versions in jre/jdk.
>
> Regards.
>
>
> Regards,
> Rohit Yadav
>
> 
> From: li jerry 
> Sent: Tuesday, November 13, 2018 9:04:34 PM
> To: us...@cloudstack.apache.org; dev@cloudstack.apache.org
> Subject: Build CloudStack 4.10.0 Error
>
> Hi All
>
>I made a mistake in compiling cloudstack 4.10.0 through docker
> image (khos2ow/cloudstack-deb-builder: 14.04).
>
> Please help me. Thank you!
>
> ---
> T E S T S
> ---
> Running streamer.BaseElementTest
> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.103 sec
> - in streamer.BaseElementTest
> Running streamer.ByteBufferTest
> Tests run: 400, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091
> sec - in streamer.ByteBufferTest
> Running rdpclient.MockServerTest
> Error in mock server: Received fatal alert: handshake_failure
> javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure
>at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
>at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
>at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>at streamer.debug.MockServer.run(MockServer.java:122)
>at java.lang.Thread.run(Thread.java:748)
> Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.186 sec
> <<< FAILURE! - in rdpclient.MockServerTest
> testIsMockServerCanUpgradeConnectionToSsl(rdpclient.MockServerTest)  Time
> elapsed: 0.18 sec  <<< ERROR!
> javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is
> disabled or cipher suites are inappropriate)
>at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
>at
> sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
>at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>at
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>at
> rdpclient.MockServerTest.testIsMockServerCanUpgradeConnectionToSsl(MockServerTest.java:166)
>
> Running common.ClientTest
> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.262 sec
> - in common.ClientTest
>
> Results :
>
> Tests in error:
>   MockServerTest.testIsMockServerCanUpgradeConnectionToSsl:166 ?
> SSLHandshake No...
>
> Tests run: 404, Failures: 0, Errors: 1, Skipped: 0
>
>
>
> rohit.ya...@shapeblue.com
> www.shapeblue.com
> Amadeus House, Floral Street, London  WC2E 9DPUK
> @shapeblue
>
>
>
>

-- 
Rafael Weingärtner

Re: Build CloudStack 4.10.0 Error

[Rafael Weingärtner]

To be more precise, it is fixed with this commit:
https://github.com/apache/cloudstack/pull/2674/commits/69961dc9067ffa1ae4460436825125718c5ad796

On Tue, Nov 13, 2018 at 1:44 PM Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:

> This is a known problem, and it is fixed with:
> https://github.com/apache/cloudstack/pull/2674
>
> On Tue, Nov 13, 2018 at 1:42 PM Rohit Yadav 
> wrote:
>
>> Can you try with 4.11 branch or latest master? 4.10 is not a maintained
>> branch and likely have env caused errors due to supported ciphers and tls
>> versions in jre/jdk.
>>
>> Regards.
>>
>>
>> Regards,
>> Rohit Yadav
>>
>> 
>> From: li jerry 
>> Sent: Tuesday, November 13, 2018 9:04:34 PM
>> To: us...@cloudstack.apache.org; dev@cloudstack.apache.org
>> Subject: Build CloudStack 4.10.0 Error
>>
>> Hi All
>>
>>I made a mistake in compiling cloudstack 4.10.0 through docker
>> image (khos2ow/cloudstack-deb-builder: 14.04).
>>
>> Please help me. Thank you!
>>
>> ---
>> T E S T S
>> ---
>> Running streamer.BaseElementTest
>> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.103 sec
>> - in streamer.BaseElementTest
>> Running streamer.ByteBufferTest
>> Tests run: 400, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091
>> sec - in streamer.ByteBufferTest
>> Running rdpclient.MockServerTest
>> Error in mock server: Received fatal alert: handshake_failure
>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> handshake_failure
>>at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>>at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>>at
>> sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
>>at
>> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
>>at
>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
>>at
>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>>at
>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>>at streamer.debug.MockServer.run(MockServer.java:122)
>>at java.lang.Thread.run(Thread.java:748)
>> Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.186 sec
>> <<< FAILURE! - in rdpclient.MockServerTest
>> testIsMockServerCanUpgradeConnectionToSsl(rdpclient.MockServerTest)  Time
>> elapsed: 0.18 sec  <<< ERROR!
>> javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is
>> disabled or cipher suites are inappropriate)
>>at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
>>at
>> sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
>>at
>> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
>>at
>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
>>at
>> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
>>at
>> rdpclient.MockServerTest.testIsMockServerCanUpgradeConnectionToSsl(MockServerTest.java:166)
>>
>> Running common.ClientTest
>> Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.262 sec
>> - in common.ClientTest
>>
>> Results :
>>
>> Tests in error:
>>   MockServerTest.testIsMockServerCanUpgradeConnectionToSsl:166 ?
>> SSLHandshake No...
>>
>> Tests run: 404, Failures: 0, Errors: 1, Skipped: 0
>>
>>
>>
>> rohit.ya...@shapeblue.com
>> www.shapeblue.com
>> Amadeus House, Floral Street, London  WC2E 9DPUK
>> @shapeblue
>>
>>
>>
>>
>
> --
> Rafael Weingärtner
>


-- 
Rafael Weingärtner

Re: Build CloudStack 4.10.0 Error

[Rohit Yadav]

Can you try with 4.11 branch or latest master? 4.10 is not a maintained branch 
and likely have env caused errors due to supported ciphers and tls versions in 
jre/jdk.

Regards.


Regards,
Rohit Yadav


From: li jerry 
Sent: Tuesday, November 13, 2018 9:04:34 PM
To: us...@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Build CloudStack 4.10.0 Error

Hi All

   I made a mistake in compiling cloudstack 4.10.0 through docker image 
(khos2ow/cloudstack-deb-builder: 14.04).

Please help me. Thank you!

---
T E S T S
---
Running streamer.BaseElementTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.103 sec - in 
streamer.BaseElementTest
Running streamer.ByteBufferTest
Tests run: 400, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091 sec - 
in streamer.ByteBufferTest
Running rdpclient.MockServerTest
Error in mock server: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
   at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
   at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at streamer.debug.MockServer.run(MockServer.java:122)
   at java.lang.Thread.run(Thread.java:748)
Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.186 sec <<< 
FAILURE! - in rdpclient.MockServerTest
testIsMockServerCanUpgradeConnectionToSsl(rdpclient.MockServerTest)  Time 
elapsed: 0.18 sec  <<< ERROR!
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is 
disabled or cipher suites are inappropriate)
   at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
   at 
sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
   at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at 
rdpclient.MockServerTest.testIsMockServerCanUpgradeConnectionToSsl(MockServerTest.java:166)

Running common.ClientTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.262 sec - in 
common.ClientTest

Results :

Tests in error:
  MockServerTest.testIsMockServerCanUpgradeConnectionToSsl:166 ? SSLHandshake 
No...

Tests run: 404, Failures: 0, Errors: 1, Skipped: 0



rohit.ya...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Build CloudStack 4.10.0 Error

[li jerry]

Hi All

   I made a mistake in compiling cloudstack 4.10.0 through docker image 
(khos2ow/cloudstack-deb-builder: 14.04).

Please help me. Thank you!

---
T E S T S
---
Running streamer.BaseElementTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.103 sec - in 
streamer.BaseElementTest
Running streamer.ByteBufferTest
Tests run: 400, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.091 sec - 
in streamer.ByteBufferTest
Running rdpclient.MockServerTest
Error in mock server: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
   at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
   at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)
   at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
   at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at streamer.debug.MockServer.run(MockServer.java:122)
   at java.lang.Thread.run(Thread.java:748)
Tests run: 2, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.186 sec <<< 
FAILURE! - in rdpclient.MockServerTest
testIsMockServerCanUpgradeConnectionToSsl(rdpclient.MockServerTest)  Time 
elapsed: 0.18 sec  <<< ERROR!
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is 
disabled or cipher suites are inappropriate)
   at sun.security.ssl.Handshaker.activate(Handshaker.java:529)
   at 
sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1492)
   at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1361)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
   at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
   at 
rdpclient.MockServerTest.testIsMockServerCanUpgradeConnectionToSsl(MockServerTest.java:166)

Running common.ClientTest
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.262 sec - in 
common.ClientTest

Results :

Tests in error:
  MockServerTest.testIsMockServerCanUpgradeConnectionToSsl:166 ? SSLHandshake 
No...

Tests run: 404, Failures: 0, Errors: 1, Skipped: 0

[VOTE] Apache CloudStack 4.11.2.0 RC5

[Paul Angus]

Hi All,

I've created a 4.11.2.0 release (RC5), with the following artefacts up for 
testing and a vote:


Git Branch and Commit SH:
https://gitbox.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/4.11.2.0-RC20181113T0924
Commit: 5aae410dfce2bef5cc21a0892370cb5d0628f681

Source release (checksums and signatures are available at the same
location):
https://dist.apache.org/repos/dist/dev/cloudstack/4.11.2.0/

PGP release keys (signed using 51EE0BC8):
https://dist.apache.org/repos/dist/release/cloudstack/KEYS

The vote will be open for 72 hours - until 14:00 GMT on Friday 16th Nov.

For sanity in tallying the vote, can PMC members please be sure to indicate 
"(binding)" with their vote?

[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)

Additional information:

For users' convenience, I've built packages from 
5aae410dfce2bef5cc21a0892370cb5d0628f681 and published RC5 repository here:
http://packages.shapeblue.com/testing/41120rc5/

The release notes are still work-in-progress, but the systemvm template upgrade 
section has been updated.

4.11.2.0 systemvm templates are available from here:
http://packages.shapeblue.com/testing/systemvm/41120rc5/

Only the following changes have been added to RC5:

+-+--+---+--++
| Version | Github   | Type  | Priority | Description   
 |
+=+==+===+==++
| 4.11.2.0| `#3018`_ |   |  | Prevent error 
on GroupAnswers on VR creation   |
+-+--+---+--++
| 4.11.2.0| `#3007`_ |   |  | Add missing 
ConfigDrive entries on existing zones after|
| |  |   |  | upgrade   
 |
+-+--+---+--++
| 4.11.2.0| `#2980`_ |   |  | [4.11] Fix 
set initial reservation on public IP ranges |
+-+--+---+--++
| 4.11.2.0| `#3010`_ |   |  | Fix 
DirectNetworkGuru canHandle checks for lowercase   |
| |  |   |  | isolation 
methods  |
+-+--+---+--++

.. _`#3012`: https://github.com/apache/cloudstack/pull/3012
.. _`#3018`: https://github.com/apache/cloudstack/pull/3018
.. _`#3007`: https://github.com/apache/cloudstack/pull/3007
.. _`#2980`: https://github.com/apache/cloudstack/pull/2980
.. _`#3010`: https://github.com/apache/cloudstack/pull/3010



Kind regards,

Paul Angus


paul.an...@shapeblue.com 
www.shapeblue.com
Amadeus House, Floral Street, London  WC2E 9DPUK
@shapeblue
  
 

Re: VXLAN and KVm experiences

[Wido den Hollander]

On 10/23/18 2:34 PM, Simon Weller wrote:
> Linux native VXLAN uses multicast and each host has to participate in 
> multicast in order to see the VXLAN networks. We haven't tried using PIM 
> across a L3 boundary with ACS, although it will probably work fine.
> 
> Another option is to use a L3 VTEP, but right now there is no native support 
> for that in CloudStack's VXLAN implementation, although we've thought about 
> proposing it as feature.
> 

Getting back to this I see CloudStack does this:

local mcastGrp="239.$(( ($vxlanId >> 16) % 256 )).$(( ($vxlanId >> 8) %
256 )).$(( $vxlanId % 256 ))"

VNI 1000 would use group 239.0.3.232 and VNI 1001 uses 239.0.3.233 1000.

Why are we using a different mcast group for every VNI? As the VNI is
encoded in the packet this should just work in one group, right?

Because this way you need to configure all those groups on your
Router(s) as each VNI will use a different Multicast Group.

I'm just looking for the reason why we have this different multicast groups.

I was thinking that we might want to add a option to agent.properties
where we allow users to set a fixed Multicast group for all traffic.

Wido

[0]:
https://github.com/apache/cloudstack/blob/master/scripts/vm/network/vnet/modifyvxlan.sh#L33



> 
> 
> From: Wido den Hollander 
> Sent: Tuesday, October 23, 2018 7:17 AM
> To: dev@cloudstack.apache.org; Simon Weller
> Subject: Re: VXLAN and KVm experiences
> 
> 
> 
> On 10/23/18 1:51 PM, Simon Weller wrote:
>> We've also been using VXLAN on KVM for all of our isolated VPC guest 
>> networks for quite a long time now. As Andrija pointed out, make sure you 
>> increase the max_igmp_memberships param and also put an ip address on each 
>> interface host VXLAN interface in the same subnet for all hosts that will 
>> share networking, or multicast won't work.
>>
> 
> Thanks! So you are saying that all hypervisors need to be in the same L2
> network or are you routing the multicast?
> 
> My idea was that each POD would be an isolated Layer 3 domain and that a
> VNI would span over the different Layer 3 networks.
> 
> I don't like STP and other Layer 2 loop-prevention systems.
> 
> Wido
> 
>>
>> - Si
>>
>>
>> 
>> From: Wido den Hollander 
>> Sent: Tuesday, October 23, 2018 5:21 AM
>> To: dev@cloudstack.apache.org
>> Subject: Re: VXLAN and KVm experiences
>>
>>
>>
>> On 10/23/18 11:21 AM, Andrija Panic wrote:
>>> Hi Wido,
>>>
>>> I have "pioneered" this one in production for last 3 years (and suffered a
>>> nasty pain of silent drop of packages on kernel 3.X back in the days
>>> because of being unaware of max_igmp_memberships kernel parameters, so I
>>> have updated the manual long time ago).
>>>
>>> I never had any issues (beside above nasty one...) and it works very well.
>>
>> That's what I want to hear!
>>
>>> To avoid above issue that I described - you should increase
>>> max_igmp_memberships (/proc/sys/net/ipv4/igmp_max_memberships)  - otherwise
>>> with more than 20 vxlan interfaces, some of them will stay in down state
>>> and have a hard traffic drop (with proper message in agent.log) with kernel
 4.0 (or I silent, bitchy random packet drop on kernel 3.X...) - and also
>>> pay attention to MTU size as well - anyway everything is in the manual (I
>>> updated everything I though was missing) - so please check it.
>>>
>>
>> Yes, the underlying network will all be 9000 bytes MTU.
>>
>>> Our example setup:
>>>
>>> We have i.e. bond.950 as the main VLAN which will carry all vxlan "tunnels"
>>> - so this is defined as KVM traffic label. In our case it didn't make sense
>>> to use bridge on top of this bond0.950 (as the traffic label) - you can
>>> test it on your own - since this bridge is used only to extract child
>>> bond0.950 interface name, then based on vxlan ID, ACS will provision
>>> vxlan...@bond0.xxx and join this new vxlan interface to NEW bridge created
>>> (and then of course vNIC goes to this new bridge), so original bridge (to
>>> which bond0.xxx belonged) is not used for anything.
>>>
>>
>> Clear, I indeed thought something like that would happen.
>>
>>> Here is sample from above for vxlan 867 used for tenant isolation:
>>>
>>> root@hostname:~# brctl show brvx-867
>>>
>>> bridge name bridge id   STP enabled interfaces
>>> brvx-8678000.2215cfce99ce   no  vnet6
>>>
>>>  vxlan867
>>>
>>> root@hostname:~# ip -d link show vxlan867
>>>
>>> 297: vxlan867:  mtu 8142 qdisc noqueue
>>> master brvx-867 state UNKNOWN mode DEFAULT group default qlen 1000
>>> link/ether 22:15:cf:ce:99:ce brd ff:ff:ff:ff:ff:ff promiscuity 1
>>> vxlan id 867 group 239.0.3.99 dev bond0.950 port 0 0 ttl 10 ageing 300
>>>
>>> root@ix1-c7-2:~# ifconfig bond0.950 | grep MTU
>>>   UP BROADCAST RUNNING MULTICAST  MTU:8192  Metric:1
>>>
>>> So note how the vxlan interface has by 50 bytes smaller MTU than the
>>> bond0.950 parent interface (which c