Hi,
After upgrading to ACS 4.7 and VRs to 4.6 we are noticing a regression in the
Network usage stats. The Network out (bytes sent) is now 0 and the Network
received (bytes received) appears to hold the stats of bytes sent. This is
using VPCs without redundant VRs.
Here are the output of the iptables -L -v command:
~# iptables -L -v -n
Chain INPUT (policy DROP 36031 packets, 3454K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0
10.188.218.1 tcp dpt:80 state NEW
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0
10.188.218.1 tcp dpt:53
8988 655K ACCEPT udp -- eth2 * 0.0.0.0/0
10.188.218.1 udp dpt:53
91565 11M NETWORK_STATS all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0
udp dpt:67
0 0 ACCEPT udp -- eth2 * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 state NEW
0 0 ACCEPT tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8080 state NEW
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
2936 244K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
52597 7459K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3922 state NEW,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
560K 1307M NETWORK_STATS_eth1 all -- * * 0.0.0.0/0
0.0.0.0/0
560K 1307M NETWORK_STATS all -- * * 0.0.0.0/0
0.0.0.0/0
286K 589M ACL_INBOUND_eth2 all -- * eth2 0.0.0.0/0
10.188.218.0/24
275K 718M ACCEPT all -- * * 10.188.216.0/22
!10.188.216.0/22
Chain OUTPUT (policy ACCEPT 71914 packets, 10M bytes)
pkts bytes target prot opt in out source destination
71955 10M NETWORK_STATS all -- * * 0.0.0.0/0
0.0.0.0/0
Chain ACL_INBOUND_eth2 (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 225.0.0.50
0 0 ACCEPT all -- * * 0.0.0.0/0 224.0.0.18
286K 589M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain NETWORK_STATS (3 references)
pkts bytes target prot opt in out source destination
0 0 tcp -- eth0 eth2 0.0.0.0/0 0.0.0.0/0
0 0 tcp -- eth2 eth0 0.0.0.0/0 0.0.0.0/0
275K 588M tcp -- !eth0 eth2 0.0.0.0/0 0.0.0.0/0
264K 717M tcp -- eth2 !eth0 0.0.0.0/0 0.0.0.0/0
Chain NETWORK_STATS_eth1 (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * eth1 0.0.0.0/0
10.188.218.0/24
275K 718M all -- * eth1 10.188.218.0/24 0.0.0.0/0
The last Chain (NETWORK_STATS_eth1 appears to be wrong since both rules have
‘in’ as * and ‘out’ as eth1.
Do you have an idea of what is going on?
Thanks
--
Simon Godard
