You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2021/08/26 08:36:08 UTC

[GitHub] [cloudstack] ravening opened a new pull request #5376: Use source IP from subnet for snat

ravening opened a new pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376


   This PR...
   
   ### Description
   Fixes #5365
   
   When snat is configured on a vm in a subnet then the source
   ip should be taken from the same subnet rather than from
   random other subnet.
   
   
   Output before the fix and steps to reproduce are mentioned in the issue
   
   
   Output after the fix
   
   ```
   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination
   SNAT       all  --  10.10.10.0/24        10.10.10.154         to:10.10.10.254
   SNAT       all  --  10.10.10.154         0.0.0.0/0            to:10.135.122.131
   SNAT       all  --  0.0.0.0/0            0.0.0.0/0            to:10.135.122.128
   SNAT       all  --  0.0.0.0/0            0.0.0.0/0            to:10.135.122.131
   ```
   <!--- Describe your changes in DETAIL - And how has behaviour functionally changed. -->
   
   <!-- For new features, provide link to FS, dev ML discussion etc. -->
   <!-- In case of bug fix, the expected and actual behaviours, steps to reproduce. -->
   
   <!-- When "Fixes: #<id>" is specified, the issue/PR will automatically be closed when this PR gets merged -->
   <!-- For addressing multiple issues/PRs, use multiple "Fixes: #<id>" -->
   <!-- Fixes: # -->
   
   <!--- ********************************************************************************* -->
   <!--- NOTE: AUTOMATATION USES THE DESCRIPTIONS TO SET LABELS AND PRODUCE DOCUMENTATION. -->
   <!--- PLEASE PUT AN 'X' in only **ONE** box -->
   <!--- ********************************************************************************* -->
   
   ### Types of changes
   
   - [ ] Breaking change (fix or feature that would cause existing functionality to change)
   - [ ] New feature (non-breaking change which adds functionality)
   - [X] Bug fix (non-breaking change which fixes an issue)
   - [ ] Enhancement (improves an existing feature and functionality)
   - [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
   
   ### Feature/Enhancement Scale or Bug Severity
   
   #### Feature/Enhancement Scale
   
   - [X] Major
   - [ ] Minor
   
   #### Bug Severity
   
   - [ ] BLOCKER
   - [X] Critical
   - [ ] Major
   - [ ] Minor
   - [ ] Trivial
   
   
   ### Screenshots (if appropriate):
   
   
   
   ### How Has This Been Tested?
   <!-- Please describe in detail how you tested your changes. -->
   <!-- Include details of your testing environment, and the tests you ran to -->
   <!-- see how your change affects other areas of the code, etc. -->
   
   
   <!-- Please read the [CONTRIBUTING](https://github.com/apache/cloudstack/blob/master/CONTRIBUTING.md) document -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909000430


   Packaging result: :heavy_check_mark: el7 :heavy_check_mark: el8 :heavy_check_mark: debian. SL-JID 1073


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-911341484


   > @ravening @weizhouapache can you check/test the same fix for isolated networks too?
   
   @rhtyd 
   isolated networks do not have this issue, as there is only 1 guest nic in VR.
   
   I have confirmed this PR does not cause issue in isolated networks. (the iptables rules are same, see below).
   
   1. prior to this pr
   ```
   root@r-128-VM:~# iptables-save |grep to-source
   -A POSTROUTING -s 10.1.2.0/24 -d 10.1.2.234/32 -o eth0 -j SNAT --to-source 10.1.2.1
   -A POSTROUTING -s 10.1.2.234/32 -o eth2 -j SNAT --to-source 10.0.55.141
   -A POSTROUTING -o eth2 -j SNAT --to-source 10.0.55.156
   ```
   
   2. with this pr
   ```
   root@r-193-VM:~# iptables-save |grep to-source
   -A POSTROUTING -s 10.1.2.0/24 -d 10.1.2.234/32 -o eth0 -j SNAT --to-source 10.1.2.1
   -A POSTROUTING -s 10.1.2.234/32 -o eth2 -j SNAT --to-source 10.0.55.141
   -A POSTROUTING -o eth2 -j SNAT --to-source 10.0.55.156
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-906325898


   code lgtm


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-908984689






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-910271881


   <b>Trillian test result (tid-1877)</b>
   Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 50762 seconds
   Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5376-t1877-kvm-centos7.zip
   Smoke tests completed. 87 look OK, 4 have errors
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   test_deploy_vm_start_failure | `Error` | 61.52 | test_deploy_vm.py
   test_deploy_vm_volume_creation_failure | `Error` | 67.78 | test_deploy_vm.py
   test_vm_ha | `Error` | 59.32 | test_vm_ha.py
   test_vm_sync | `Error` | 127.81 | test_vm_sync.py
   test_hostha_enable_ha_when_host_in_maintenance | `Error` | 303.66 | test_hostha_kvm.py
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd merged pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

rhtyd merged pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-908984832


   @weizhouapache a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909687283


   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-911210385


   @ravening @weizhouapache can you check/test the same fix for isolated networks too? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] nvazquez commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

nvazquez commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-910483382


   @blueorangutan test


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-908984689


   @blueorangutan package
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-908984832






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-910483629


   @nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909687283


   @rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909008734


   @weizhouapache a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909686736


   @blueorangutan test 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

rhtyd commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909686736


   @blueorangutan test 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] blueorangutan commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

blueorangutan commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-911314945


   <b>Trillian test result (tid-1916)</b>
   Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
   Total time taken: 37354 seconds
   Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5376-t1916-kvm-centos7.zip
   Smoke tests completed. 87 look OK, 0 have errors
   Only failed tests results shown below:
   
   
   Test | Result | Time (s) | Test File
   --- | --- | --- | ---
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] weizhouapache commented on pull request #5376: Use source IP from same subnet for snat

Posted by GitBox <gi...@apache.org>.

weizhouapache commented on pull request #5376:
URL: https://github.com/apache/cloudstack/pull/5376#issuecomment-909008480


   @blueorangutan test


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org