You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Amin Pashapour <jo...@yahoo.com> on 2014/03/26 15:21:13 UTC
Can't go out of a vm with F5 as loadbalancer network offering
Hi All,
On CloudStack 4.2.1, I have set up a network that uses an offering with F5 as loadbalancer. All other features use VirtualRouter. Everything is working fine going southbound to the two VM's I am loadbalancing.
But when I am on either one of these VM's, I can't get to anything external. I can get to the virtual router/gateway or other internal VM's. I can resolve www.google.com but I can't telnet to google.com on port 80
I have set egress on my network to ALL protocols from 0.0.0.0/0. I have also disabled iptables and still nothing going out.
I can go outside when I use the default network offering.
Any hint on what could be the cause is greatly appreciated. Or any hint on how to troubleshoot!
Thanks.
Amin
Re: No outbound traffic with F5 as loadbalancer network offering
Posted by Amin Pashapour <jo...@yahoo.com>.
I re-did the whole thing again and this time it works perfectly. The only difference that I can tell is that in the new network offering with F5 as loadbalancer, I set the default egress policy to deny. Then I went ahead and set the egress allow policy on the the SourceNAT external IP for the new network.
I also used the first additional IP for loadbalancing. Last time I had used the first one for portforwarding.
Hope this helps others.
Thanks.
Amin
________________________________
From: Amin Pashapour <jo...@yahoo.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>
Sent: Wednesday, April 2, 2014 1:01 PM
Subject: Re: No outbound traffic with F5 as loadbalancer network offering
Sanjeev,
Clearly the problem is in the VR, since I can see activities (using tcpdump) in my VR when I try to telnet to any external server on port 80 on my vm's. I enabled LOGGING on iptables in the VR and can see packets being dropped. Even after I make iptables everything ACCEPT, I can't go out to google on port 80.
Is there any other log files that I can look at for some hints?
Thanks
Amin
________________________________
From: Sanjeev Neelarapu <sa...@citrix.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>; Amin Pashapour <jo...@yahoo.com>
Sent: Wednesday, April 2, 2014 12:58 AM
Subject: RE: No outbound traffic with F5 as loadbalancer network offering
Hi Amin,
Have you checked whether the configured egress rules are programmed properly on VR ?
-Sanjeev
-----Original
Message-----
From: Amin Pashapour [mailto:jolfa1@yahoo.com]
Sent: Wednesday, April 02, 2014 1:24 AM
To: users@cloudstack.apache.org
Subject: No outbound traffic with F5 as loadbalancer network offering
I am still stuck with this issue.
Looks like the virtualrouter is not allowing any outbound traffic, but I have set the egress to allow all TCP ports from 1-64000.
I have restarted my virtualrouter several times and still nothing outbound.
Any hints? Any buttons to push?
Appreciate it in advance
Amin
________________________________
From: Amin Pashapour <jo...@yahoo.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>
Sent: Wednesday, March 26, 2014 10:21 AM
Subject: Can't go out of a vm with F5 as loadbalancer network offering
Hi All,
On CloudStack 4.2.1, I have set up a network that uses an offering with F5 as loadbalancer. All other features use VirtualRouter. Everything is working fine going southbound to the two VM's I
am loadbalancing.
But when I am on either one of these VM's, I can't get to anything external. I can get to the virtual router/gateway or other internal VM's. I can resolve www.google.com but I can't telnet to google.com on port 80
I have set egress on my network to ALL protocols from 0.0.0.0/0. I have also disabled iptables and still nothing going out.
I can go outside when I use the default network offering.
Any hint on what could be the cause is greatly appreciated. Or any hint on how to troubleshoot!
Thanks.
Amin
Re: No outbound traffic with F5 as loadbalancer network offering
Posted by Amin Pashapour <jo...@yahoo.com>.
Sanjeev,
Clearly the problem is in the VR, since I can see activities (using tcpdump) in my VR when I try to telnet to any external server on port 80 on my vm's. I enabled LOGGING on iptables in the VR and can see packets being dropped. Even after I make iptables everything ACCEPT, I can't go out to google on port 80.
Is there any other log files that I can look at for some hints?
Thanks
Amin
________________________________
From: Sanjeev Neelarapu <sa...@citrix.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>; Amin Pashapour <jo...@yahoo.com>
Sent: Wednesday, April 2, 2014 12:58 AM
Subject: RE: No outbound traffic with F5 as loadbalancer network offering
Hi Amin,
Have you checked whether the configured egress rules are programmed properly on VR ?
-Sanjeev
-----Original
Message-----
From: Amin Pashapour [mailto:jolfa1@yahoo.com]
Sent: Wednesday, April 02, 2014 1:24 AM
To: users@cloudstack.apache.org
Subject: No outbound traffic with F5 as loadbalancer network offering
I am still stuck with this issue.
Looks like the virtualrouter is not allowing any outbound traffic, but I have set the egress to allow all TCP ports from 1-64000.
I have restarted my virtualrouter several times and still nothing outbound.
Any hints? Any buttons to push?
Appreciate it in advance
Amin
________________________________
From: Amin Pashapour <jo...@yahoo.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>
Sent: Wednesday, March 26, 2014 10:21 AM
Subject: Can't go out of a vm with F5 as loadbalancer network offering
Hi All,
On CloudStack 4.2.1, I have set up a network that uses an offering with F5 as loadbalancer. All other features use VirtualRouter. Everything is working fine going southbound to the two VM's I
am loadbalancing.
But when I am on either one of these VM's, I can't get to anything external. I can get to the virtual router/gateway or other internal VM's. I can resolve www.google.com but I can't telnet to google.com on port 80
I have set egress on my network to ALL protocols from 0.0.0.0/0. I have also disabled iptables and still nothing going out.
I can go outside when I use the default network offering.
Any hint on what could be the cause is greatly appreciated. Or any hint on how to troubleshoot!
Thanks.
Amin
RE: No outbound traffic with F5 as loadbalancer network offering
Posted by Sanjeev Neelarapu <sa...@citrix.com>.
Hi Amin,
Have you checked whether the configured egress rules are programmed properly on VR ?
-Sanjeev
-----Original Message-----
From: Amin Pashapour [mailto:jolfa1@yahoo.com]
Sent: Wednesday, April 02, 2014 1:24 AM
To: users@cloudstack.apache.org
Subject: No outbound traffic with F5 as loadbalancer network offering
I am still stuck with this issue.
Looks like the virtualrouter is not allowing any outbound traffic, but I have set the egress to allow all TCP ports from 1-64000.
I have restarted my virtualrouter several times and still nothing outbound.
Any hints? Any buttons to push?
Appreciate it in advance
Amin
________________________________
From: Amin Pashapour <jo...@yahoo.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>
Sent: Wednesday, March 26, 2014 10:21 AM
Subject: Can't go out of a vm with F5 as loadbalancer network offering
Hi All,
On CloudStack 4.2.1, I have set up a network that uses an offering with F5 as loadbalancer. All other features use VirtualRouter. Everything is working fine going southbound to the two VM's I am loadbalancing.
But when I am on either one of these VM's, I can't get to anything external. I can get to the virtual router/gateway or other internal VM's. I can resolve www.google.com but I can't telnet to google.com on port 80
I have set egress on my network to ALL protocols from 0.0.0.0/0. I have also disabled iptables and still nothing going out.
I can go outside when I use the default network offering.
Any hint on what could be the cause is greatly appreciated. Or any hint on how to troubleshoot!
Thanks.
Amin
No outbound traffic with F5 as loadbalancer network offering
Posted by Amin Pashapour <jo...@yahoo.com>.
I am still stuck with this issue.
Looks like the virtualrouter is not allowing any outbound traffic, but I have set the egress to allow all TCP ports from 1-64000.
I have restarted my virtualrouter several times and still nothing outbound.
Any hints? Any buttons to push?
Appreciate it in advance
Amin
________________________________
From: Amin Pashapour <jo...@yahoo.com>
To: "users@cloudstack.apache.org" <us...@cloudstack.apache.org>
Sent: Wednesday, March 26, 2014 10:21 AM
Subject: Can't go out of a vm with F5 as loadbalancer network offering
Hi All,
On CloudStack 4.2.1, I have set up a network that uses an offering with F5 as loadbalancer. All other features use VirtualRouter. Everything is working fine going southbound to the two VM's I am loadbalancing.
But when I am on either one of these VM's, I can't get to anything external. I can get to the virtual router/gateway or other internal VM's. I can resolve www.google.com but I can't telnet to google.com on port 80
I have set egress on my network to ALL protocols from 0.0.0.0/0. I have also disabled iptables and still nothing going out.
I can go outside when I use the default network offering.
Any hint on what could be the cause is greatly appreciated. Or any hint on how to troubleshoot!
Thanks.
Amin