Hi all.
I’am running CS 4.5.1 from ShapeBlue Upstream packages on Ubuntu 14.04.1 with
KVM as a hypervisor. Advanced zone with VLAN isolation for public networks and
VXLAN for guests. Have created some instances with isolated networks.
Infrastructure -> Virtual Routers -> r-4-VM -> NICs tab shows that there should
be 3 NICs (guests net, link-local and public). But I found that there are 4
instead, with 2 public interfaces with the same public ip. Here how it looks
from the inside of this VR:
root@r-4-VM:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 02:00:05:f5:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 0e:00:a9:fe:02:dc brd ff:ff:ff:ff:ff:ff
inet 169.254.2.220/16 brd 169.254.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 06:b5:86:00:00:f3 brd ff:ff:ff:ff:ff:ff
inet 78.11.57.13/26 brd 78.11.57.63 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 06:4e:c0:00:00:f3 brd ff:ff:ff:ff:ff:ff
inet 78.11.57.13/26 brd 78.11.57.63 scope global eth3
root@r-4-VM:~# ip r l
default via 78.11.57.1 dev eth2
10.10.10.0/24 dev eth0 proto kernel scope link src 10.10.10.1
78.11.57.0/26 dev eth2 proto kernel scope link src 78.11.57.13
78.11.57.0/26 dev eth3 proto kernel scope link src 78.11.57.13
169.254.0.0/16 dev eth1 proto kernel scope link src 169.254.2.220
root@r-4-VM:~# ip rule list
0: from all lookup local
32764: from all fwmark 0x3 lookup Table_eth3
32765: from 78.11.57.0/26 lookup Table_eth3
32766: from all lookup main
32767: from all lookup default
root@r-4-VM:~# ip r l t Table_eth3
default via 78.11.57.1 dev eth2 proto static
throw 10.10.10.0/24 proto static
throw 78.11.57.0/26 proto static
throw 169.254.0.0/16 proto static
And this is an interfaces definition in libvirt (p10p1 is a trunk interface for
public (vlan10) and management (native vlan) traffic):
<interface type='bridge'>
<mac address='02:00:05:f5:00:02'/>
<source bridge='brvx-967'/>
<bandwidth>
<inbound average='25600' peak='25600'/>
<outbound average='25600' peak='25600'/>
</bandwidth>
<target dev='vnet7'/>
<model type='virtio'/>
<alias name='net0'/>
<rom bar='off' file='dummy'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='0e:00:a9:fe:02:dc'/>
<source bridge='cloud0'/>
<target dev='vnet8'/>
<model type='virtio'/>
<alias name='net1'/>
<rom bar='off' file='dummy'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04'
function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='06:b5:86:00:00:f3'/>
<source bridge='brp10p1-10'/>
<bandwidth>
<inbound average='25600' peak='25600'/>
<outbound average='25600' peak='25600'/>
</bandwidth>
<target dev='vnet9'/>
<model type='virtio'/>
<alias name='net2'/>
<rom bar='off' file='dummy'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='06:4e:c0:00:00:f3'/>
<source bridge='brp10p1-10'/>
<target dev='vnet10'/>
<model type='virtio'/>
<alias name='net3'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x08'
function='0x0'/>
</interface>
Guests can ping internal VR ip address and even its public ip, but nothing from
the outside no matter what the firewall configuration is (i can even set
FORWARD chain to ACCEPT policy). Removing routes for eth2 and switching default
route to eth3 helps, but new virtual routers will continue to create 4 NICs, so
this is just a temporary solution. Does anyone experiencing the same problem or
having any idea why it may happens to me?
