Cloud0 is created dynamically by Cloudstack, in CentOS too. I think it's not related to security groups, since I'm not able to ping anymore from outside the Console VM and Storage VM after creating instances. So it's definitely something wrong with the scripts that are responsible to create instances (involving the creation of the Virtual Router, and so on).
On Thu, Dec 5, 2013 at 1:34 PM, Shanker Balan <shanker.ba...@shapeblue.com>wrote: > Comments inline. > > On 05-Dec-2013, at 5:35 pm, Francesco Maria Magnini <fmm1...@gmail.com> > wrote: > > > I know. > > My reply was inline to the comment: > > >>> > >>> I think icmp is disabled by default on SSVM and CPVM > >>> on control IP address, but should be allowed on public IP address. > >> > >> FWIW, ICMP works on both the public and private addresses on my lab > setup: > > :) > > > > As I said on top of the discussion, I tested Cloudstack 4.2 on a CentOS > 6.4 > > deployment (Controller, KVM Host) and never encountered problems on > > network. I even tested Advancend networking with VLANS, GRE Tunnels in a > > very complicated scenarios. > > > > Switching to Ubuntu (because I need to interact with CEPH), SSVM and KVM > > Guest have no connectivity, in a very basic scenario consisting in basic > > network zone. > > Am looking at your brctl output: > > root@kvm01:~# brctl show > bridge name bridge id STP enabled interfaces > cloud0 8000.fe00a9fe01a8 no vnet0 > vnet4 > cloudbr0 8000.0019995a73ac no eth0 > vnet1 > vnet2 > vnet3 > vnet5 > vnet6 > virbr0 8000.000000000000 yes > > What’s cloud0 interface? Does the brctl output match with your working > CentOS setup? > > > After debugging, watching iptables counters, I see that all the incoming > > public traffic is dropped by iptables on the KVM host, and is not passed > to > > KVM Guests (including SSVM and Guest VMs). > > > > > > On Thu, Dec 5, 2013 at 12:52 PM, Shanker Balan > > <shanker.ba...@shapeblue.com>wrote: > > > >> On 05-Dec-2013, at 10:53 am, Sanjeev Neelarapu < > >> sanjeev.neelar...@citrix.com> wrote: > >> > >>> Hi, > >>> > >>> Make sure that iptable rules are configured properly for icmp and ssh > >>> traffic on kvm host. > >> > >> > >>> I think icmp is disabled by default on SSVM and CPVM > >>> on control IP address, but should be allowed on public IP address. > >> > >> FWIW, ICMP works on both the public and private addresses on my lab > setup: > >> > >> [root@csman1-1 cloudmonkey]# cloudmonkey list systemvms|grep ip > >> linklocalip = 169.254.3.16 > >> privateip = 192.168.44.62 > >> publicip = 192.168.64.100 > >> linklocalip = 169.254.3.98 > >> privateip = 192.168.44.61 > >> publicip = 192.168.64.101 > >> [root@csman1-1 cloudmonkey]# fping 192.168.44.62 > >> 192.168.44.62 is alive > >> [root@csman1-1 cloudmonkey]# fping 192.168.64.100 > >> 192.168.64.100 is alive > >> [root@csman1-1 cloudmonkey]# fping 192.168.44.61 > >> 192.168.44.61 is alive > >> [root@csman1-1 cloudmonkey]# fping 192.168.64.101 > >> 192.168.64.101 is alive > >> [root@csman1-1 cloudmonkey]# > >> > >> > >> -- > >> @shankerbalan > >> > >> M: +91 98860 60539 | O: +91 (80) 67935867 > >> shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue > >> ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade > Centre, > >> Bangalore - 560 055 > >> > >> This email and any attachments to it may be confidential and are > intended > >> solely for the use of the individual to whom it is addressed. Any views > or > >> opinions expressed are solely those of the author and do not necessarily > >> represent those of Shape Blue Ltd or related companies. If you are not > the > >> intended recipient of this email, you must neither take any action based > >> upon its contents, nor copy or show it to anyone. Please contact the > sender > >> if you believe you have received this email in error. Shape Blue Ltd is > a > >> company incorporated in England & Wales. ShapeBlue Services India LLP > is a > >> company incorporated in India and is operated under license from Shape > Blue > >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in > Brasil > >> and is operated under license from Shape Blue Ltd. ShapeBlue is a > >> registered trademark. > >> > > > > > > > > -- > > “I videogiochi non influenzano i bambini. > > Voglio dire, se pac-man avesse influenzato la nostra generazione, > > staremmo tutti saltando in sale scure, > > masticando pillole magiche e ascoltando musica elettronica > > ripetitiva...” > > > > (Kristian Wilson, Nintendo Inc, 1989) > > -- > @shankerbalan > > M: +91 98860 60539 | O: +91 (80) 67935867 > shanker.ba...@shapeblue.com | www.shapeblue.com | Twitter:@shapeblue > ShapeBlue Services India LLP, 22nd floor, Unit 2201A, World Trade Centre, > Bangalore - 560 055 > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based > upon its contents, nor copy or show it to anyone. Please contact the sender > if you believe you have received this email in error. Shape Blue Ltd is a > company incorporated in England & Wales. ShapeBlue Services India LLP is a > company incorporated in India and is operated under license from Shape Blue > Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil > and is operated under license from Shape Blue Ltd. ShapeBlue is a > registered trademark. > -- “I videogiochi non influenzano i bambini. Voglio dire, se pac-man avesse influenzato la nostra generazione, staremmo tutti saltando in sale scure, masticando pillole magiche e ascoltando musica elettronica ripetitiva...” (Kristian Wilson, Nintendo Inc, 1989)
