You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by "Sailaja Mada (JIRA)" <ji...@apache.org> on 2013/02/28 13:39:12 UTC
[jira] [Created] (CLOUDSTACK-1452) Public IP's are assigned to
private interface with VPC Restart [PF/LB rules are not functional]
Sailaja Mada created CLOUDSTACK-1452:
----------------------------------------
Summary: Public IP's are assigned to private interface with VPC Restart [PF/LB rules are not functional]
Key: CLOUDSTACK-1452
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1452
Project: CloudStack
Issue Type: Bug
Security Level: Public (Anyone can view this level - this is the default.)
Components: Network Controller
Affects Versions: 4.1.0
Reporter: Sailaja Mada
Priority: Critical
Steps:
1. Advanced Networking - KVM 6.3 host
2. Create VPC and add Tier1 with 1 instance
3. Configure PF or LB rule [22-22]
4. Access Instance and ensure that PF/LB rules are functional
Statistics of Router & VM Before restart :
Router :
root@r-151-VM:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 0e:00:a9:fe:01:d3 brd ff:ff:ff:ff:ff:ff
inet 169.254.1.211/16 brd 169.254.255.255 scope global eth0
inet6 fe80::c00:a9ff:fefe:1d3/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 06:de:46:00:00:15 brd ff:ff:ff:ff:ff:ff
inet 10.102.196.222/24 brd 10.102.196.255 scope global eth1
inet6 fe80::4de:46ff:fe00:15/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 02:00:19:9f:00:01 brd ff:ff:ff:ff:ff:ff
inet 10.2.0.1/24 brd 10.2.0.255 scope global eth2
inet6 fe80::19ff:fe9f:1/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 06:f0:c6:00:00:16 brd ff:ff:ff:ff:ff:ff
inet 10.102.197.225/24 brd 10.102.197.255 scope global eth3
inet6 fe80::4f0:c6ff:fe00:16/64 scope link
valid_lft forever preferred_lft forever
root@r-151-VM:~#
root@r-151-VM:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
NETWORK_STATS all -- anywhere anywhere
ACCEPT all -- anywhere vrrp.mcast.net
ACCEPT all -- anywhere 225.0.0.50
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT udp -- anywhere 10.2.0.1 udp dpt:domain
ACCEPT tcp -- anywhere 10.2.0.1 tcp dpt:domain
ACCEPT tcp -- anywhere 10.2.0.1 state NEW tcp dpt:www
ACCEPT tcp -- anywhere 10.2.0.1 state NEW tcp dpt:http-alt
Chain FORWARD (policy DROP)
target prot opt source destination
NETWORK_STATS all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere !anywhere
ACL_INBOUND_eth2 all -- anywhere 10.2.0.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
NETWORK_STATS all -- anywhere anywhere
Chain ACL_INBOUND_eth2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere
Chain NETWORK_STATS (3 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
tcp -- anywhere anywhere
tcp -- anywhere anywhere
root@r-151-VM:~#
Instance :
[root@cbdbc436-ddbb-4d72-9ca4-96d8a417b6e9 ~]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@cbdbc436-ddbb-4d72-9ca4-96d8a417b6e9 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:00:60:1C:00:02
inet addr:10.2.0.127 Bcast:10.2.0.255 Mask:255.255.255.0
inet6 addr: fe80::60ff:fe1c:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:180 errors:0 dropped:0 overruns:0 frame:0
TX packets:170 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16010 (15.6 KiB) TX bytes:22842 (22.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4076 (3.9 KiB) TX bytes:4076 (3.9 KiB)
[root@cbdbc436-ddbb-4d72-9ca4-96d8a417b6e9 ~]#
Statistics after restarting VPC :
root@r-155-VM:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 0e:00:a9:fe:02:88 brd ff:ff:ff:ff:ff:ff
inet 169.254.2.136/16 brd 169.254.255.255 scope global eth0
inet6 fe80::c00:a9ff:fefe:288/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 06:4a:24:00:00:15 brd ff:ff:ff:ff:ff:ff
inet 10.102.196.222/24 brd 10.102.196.255 scope global eth1
inet6 fe80::44a:24ff:fe00:15/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 06:74:de:00:00:16 brd ff:ff:ff:ff:ff:ff
inet 10.2.0.1/24 brd 10.2.0.255 scope global eth2
inet 10.102.197.225/24 brd 10.102.197.255 scope global eth2
inet6 fe80::474:deff:fe00:16/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 02:00:1a:94:00:03 brd ff:ff:ff:ff:ff:ff
root@r-155-VM:~#
root@r-155-VM:~# ifconfig
eth0 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:88
inet addr:169.254.2.136 Bcast:169.254.255.255 Mask:255.255.0.0
inet6 addr: fe80::c00:a9ff:fefe:288/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:410 errors:0 dropped:0 overruns:0 frame:0
TX packets:355 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:63392 (61.9 KiB) TX bytes:64251 (62.7 KiB)
eth1 Link encap:Ethernet HWaddr 06:4a:24:00:00:15
inet addr:10.102.196.222 Bcast:10.102.196.255 Mask:255.255.255.0
inet6 addr: fe80::44a:24ff:fe00:15/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:305 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15516 (15.1 KiB) TX bytes:404 (404.0 B)
eth2 Link encap:Ethernet HWaddr 06:74:de:00:00:16
inet addr:10.2.0.1 Bcast:10.2.0.255 Mask:255.255.255.0
inet6 addr: fe80::474:deff:fe00:16/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8080 (7.8 KiB) TX bytes:404 (404.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:414 (414.0 B) TX bytes:414 (414.0 B)
root@r-155-VM:~#
root@r-155-VM:~# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
NETWORK_STATS all -- anywhere anywhere
ACCEPT all -- anywhere vrrp.mcast.net
ACCEPT all -- anywhere 225.0.0.50
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:3922
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT udp -- anywhere 10.2.0.1 udp dpt:domain
ACCEPT tcp -- anywhere 10.2.0.1 tcp dpt:domain
ACCEPT tcp -- anywhere 10.2.0.1 state NEW tcp dpt:www
ACCEPT tcp -- anywhere 10.2.0.1 state NEW tcp dpt:http-alt
Chain FORWARD (policy DROP)
target prot opt source destination
NETWORK_STATS all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere !anywhere
ACL_INBOUND_eth2 all -- anywhere 10.2.0.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
NETWORK_STATS all -- anywhere anywhere
Chain ACL_INBOUND_eth2 (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere
Chain NETWORK_STATS (3 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
tcp -- anywhere anywhere
tcp -- anywhere anywhere
root@r-155-VM:~#
Observation before restart - VPC :
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 02:00:19:9f:00:01 brd ff:ff:ff:ff:ff:ff
inet 10.2.0.1/24 brd 10.2.0.255 scope global eth2
inet6 fe80::19ff:fe9f:1/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 06:f0:c6:00:00:16 brd ff:ff:ff:ff:ff:ff
inet 10.102.197.225/24 brd 10.102.197.255 scope global eth3
inet6 fe80::4f0:c6ff:fe00:16/64 scope link
valid_lft forever preferred_lft forever
root@r-151-VM:~#
Observation after restart - VPC :
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 06:74:de:00:00:16 brd ff:ff:ff:ff:ff:ff
inet 10.2.0.1/24 brd 10.2.0.255 scope global eth2
inet 10.102.197.225/24 brd 10.102.197.255 scope global eth2
inet6 fe80::474:deff:fe00:16/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 02:00:1a:94:00:03 brd ff:ff:ff:ff:ff:ff
notes:
a.Public IP's are assigned to private interface with VPC Restart
b. PF/LB rules are not functional. Instances are not accessible.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira