You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/11/23 10:07:31 UTC
[GitHub] [cloudstack] weizhouapache edited a comment on pull request #4484: VPC: fix some issues related to multiple public IP ranges and private gateway
weizhouapache edited a comment on pull request #4484:
URL: https://github.com/apache/cloudstack/pull/4484#issuecomment-732042168
> I see nothing strange or wrong with this code. two remarks thought:
>
> 1. it is a lot in one go and will require verification in a lot of different kinds of environments.
> 2. I recognise some changes that already went into master over the last few weeks so merging forward might give some conflicts (nothing that should stop us now.
@DaanHoogland @rhtyd rebased with latest 4.14
yes, there are indeed a lot of verifications to be done.
I have added some test cases in this PR which verify the ips on nics and UP/DOWN state of public interfaces.
I have tested with kvm, but not on xenserver and vmware.
it takes around 1 hour to finish all 4 integration tests so I do not add them to .travis.yaml.
The integration tests cover vpc/network with/without vr, and some actions (add/remove public ip in multiple ip ranges, add/remove vpc tier,add private gateway, reboot routers, restart vpc tiers, restart vpc/network w/wo cleanup).
https://github.com/apache/cloudstack/blob/788ed28a8c73756a1bc8deb102a1d2506cc2d430/test/integration/component/test_multiple_subnets_in_isolated_network.py
https://github.com/apache/cloudstack/blob/788ed28a8c73756a1bc8deb102a1d2506cc2d430/test/integration/component/test_multiple_subnets_in_isolated_network_rvr.py
https://github.com/apache/cloudstack/blob/788ed28a8c73756a1bc8deb102a1d2506cc2d430/test/integration/component/test_multiple_subnets_in_vpc.py
https://github.com/apache/cloudstack/blob/788ed28a8c73756a1bc8deb102a1d2506cc2d430/test/integration/component/test_multiple_subnets_in_vpc_rvr.py
However, for some changes on iptable rules , they require manual test.
What I have done
(1) create vpc1 and two tiers vpc1-001, vpc1-002, and some vms vpc1-001-001, vpc1-001-002, vpc1-002-001, vpc1-002-002
(2) create a shared network and a vm in it, to simulate server in private rack.
(3) create vpc2, create a tier and vm vpc2-001-001, and enable site-to-site vpn gateway
(4) add multiple public ip ranges in zone/public physical network
setup
(5) create site-to-site vpn between vpc1 and vpc2
(6) create private gateway in vpc1, with same vlan with shared network in step (2) above.
(7) acquire multiple IPs in new public ranges created in step (4) above, and use them for different proposal (eg enable static nat on some vms in vpc, or create port forwarding rules to vms in vpc).
expected results
(1) if ACL is allow_all, then all servers (including vm in shared network, vm in vpc2, vms with/without static nat in vpc1) should be able to reach each other
(2) if ACL is deny_all, vm in vpc tiers and private gateway should not be able to reach each other.
By the way, if you merge his pr, could you use "Rebase and Merge" option so it would be better to track why a line of change is made if there are issues in the future.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org