RE: Virtual router started with 4 NICs, no internet in guests

Sat, 16 May 2015 12:57:08 -0700 

Oh, just found the bug: https://issues.apache.org/jira/browse/CLOUDSTACK-8428
The solution to manually create vlan and add it to bridge, specifying this 
bridge as public traffic interface label and not tagging the network helped me 
too. Funny that this bug has been closed with resolution "not a problem". Sorry 
for this noise, I should google harder before asking the community.

-----Original Message-----
From: Vitaly Pashkov [mailto:[email protected]] 
Sent: Saturday, May 16, 2015 7:48 PM
To: [email protected]
Subject: Virtual router started with 4 NICs, no internet in guests

Hi all.
I’am running CS 4.5.1 from ShapeBlue Upstream packages on Ubuntu 14.04.1 with 
KVM as a hypervisor. Advanced zone with VLAN isolation for public networks and 
VXLAN for guests. Have created some instances with isolated networks. 
Infrastructure -> Virtual Routers -> r-4-VM -> NICs tab shows that there should 
be 3 NICs (guests net, link-local and public). But I found that there are 4 
instead, with 2 public interfaces with the same public ip. Here how it looks 
from the inside of this VR:

root@r-4-VM:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 02:00:05:f5:00:02 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 brd 10.10.10.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 0e:00:a9:fe:02:dc brd ff:ff:ff:ff:ff:ff
    inet 169.254.2.220/16 brd 169.254.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 06:b5:86:00:00:f3 brd ff:ff:ff:ff:ff:ff
    inet 78.11.57.13/26 brd 78.11.57.63 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP 
qlen 1000
    link/ether 06:4e:c0:00:00:f3 brd ff:ff:ff:ff:ff:ff
    inet 78.11.57.13/26 brd 78.11.57.63 scope global eth3

root@r-4-VM:~# ip r l
default via 78.11.57.1 dev eth2
10.10.10.0/24 dev eth0  proto kernel  scope link  src 10.10.10.1
78.11.57.0/26 dev eth2  proto kernel  scope link  src 78.11.57.13
78.11.57.0/26 dev eth3  proto kernel  scope link  src 78.11.57.13
169.254.0.0/16 dev eth1  proto kernel  scope link  src 169.254.2.220

root@r-4-VM:~# ip rule list
0:      from all lookup local
32764:  from all fwmark 0x3 lookup Table_eth3
32765:  from 78.11.57.0/26 lookup Table_eth3
32766:  from all lookup main
32767:  from all lookup default

root@r-4-VM:~# ip r l t Table_eth3
default via 78.11.57.1 dev eth2  proto static
throw 10.10.10.0/24  proto static
throw 78.11.57.0/26  proto static
throw 169.254.0.0/16  proto static

And this is an interfaces definition in libvirt (p10p1 is a trunk interface for 
public (vlan10) and management (native vlan) traffic):

    <interface type='bridge'>
      <mac address='02:00:05:f5:00:02'/>
      <source bridge='brvx-967'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet7'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <rom bar='off' file='dummy'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' 
function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='0e:00:a9:fe:02:dc'/>
      <source bridge='cloud0'/>
      <target dev='vnet8'/>
      <model type='virtio'/>
      <alias name='net1'/>
      <rom bar='off' file='dummy'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' 
function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='06:b5:86:00:00:f3'/>
      <source bridge='brp10p1-10'/>
      <bandwidth>
        <inbound average='25600' peak='25600'/>
        <outbound average='25600' peak='25600'/>
      </bandwidth>
      <target dev='vnet9'/>
      <model type='virtio'/>
      <alias name='net2'/>
      <rom bar='off' file='dummy'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' 
function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='06:4e:c0:00:00:f3'/>
      <source bridge='brp10p1-10'/>
      <target dev='vnet10'/>
      <model type='virtio'/>
      <alias name='net3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' 
function='0x0'/>
    </interface>

Guests can ping internal VR ip address and even its public ip, but nothing from 
the outside no matter what the firewall configuration is (i can even set 
FORWARD chain to ACCEPT policy). Removing routes for eth2 and switching default 
route to eth3 helps, but new virtual routers will continue to create 4 NICs, so 
this is just a temporary solution. Does anyone experiencing the same problem or 
having any idea why it may happens to me?

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to