You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Erik Weber <te...@gmail.com> on 2014/11/11 22:54:11 UTC
[ACS430] Instances / network unable to access external network until
an egress rule has been applied
I'm trying to find out if a bug we experience is known and fixed in a later
version or not.
We're running ACS/CCP 4.3.0 on XenServer 6.2, with advanced networking
(VLAN isolated).
The problem is that whenever a network is created or restarted it won't
allow external access before an egress rule has been applied and deleted
again.
I suspect this is because of wrong iptables rules being applied on startup,
and that the rule addition/removal reconfigures it to be correct.
I've done some initial searching in jira, but not found anything.
Has anyone experienced anything like this, or are able to find any
commits/issues that matches this issue?
--
Erik
Re: [ACS430] Instances / network unable to access external network
until an egress rule has been applied
Posted by Erik Weber <te...@gmail.com>.
Cool, thanks :-)
Erik
Den fredag 14. november 2014 skrev Jan-Arve Nygård <
jan.arve.nygard@gmail.com> følgende:
> Erik,
>
> I just noticed this in the Citrix CloudPlatform 4.3.0.2 release notes (
>
> http://support.citrix.com/servlet/KbServlet/download/38098-102-713723/CitrixCloudPlatform4.3.0.2ReleaseNotes.pdf
> ),
> but i can't find this issue in JIRA:
>
> CS-24473
>
> Problem: Restarting VR on an isolate network
> with egress policy set to allow does not honor the
> default rule.
> Root cause: After VR reboot in a network with no
> egress rule created, the IPtables rules are not
> created to allow egress traffic.
> Solution: After VR reboot, rules are configured
> on VR to add egress default rules to allow traffic
>
>
> -Jan-Arve
>
>
Re: [ACS430] Instances / network unable to access external network
until an egress rule has been applied
Posted by Jan-Arve Nygård <ja...@gmail.com>.
Erik,
I just noticed this in the Citrix CloudPlatform 4.3.0.2 release notes (
http://support.citrix.com/servlet/KbServlet/download/38098-102-713723/CitrixCloudPlatform4.3.0.2ReleaseNotes.pdf),
but i can't find this issue in JIRA:
CS-24473
Problem: Restarting VR on an isolate network
with egress policy set to allow does not honor the
default rule.
Root cause: After VR reboot in a network with no
egress rule created, the IPtables rules are not
created to allow egress traffic.
Solution: After VR reboot, rules are configured
on VR to add egress default rules to allow traffic
-Jan-Arve
Re: [ACS430] Instances / network unable to access external network
until an egress rule has been applied
Posted by Pierre-Luc Dion <pd...@cloudops.com>.
Hi Erik,
I've experiance similar behavior, but in my case, doing a stop/start from
CloudStack of VR did solve the problem. I'm still not sure if rebooting the
VR via SSH instead of using CloudStack API was root cause of the problem.
*Pierre-Luc DION*
Architecte de Solution Cloud | Cloud Solutions Architect
t 855.652.5683
*CloudOps* Votre partenaire infonuagique* | *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_
On Tue, Nov 11, 2014 at 4:54 PM, Erik Weber <te...@gmail.com> wrote:
> I'm trying to find out if a bug we experience is known and fixed in a later
> version or not.
>
> We're running ACS/CCP 4.3.0 on XenServer 6.2, with advanced networking
> (VLAN isolated).
>
> The problem is that whenever a network is created or restarted it won't
> allow external access before an egress rule has been applied and deleted
> again.
>
> I suspect this is because of wrong iptables rules being applied on startup,
> and that the rule addition/removal reconfigures it to be correct.
>
> I've done some initial searching in jira, but not found anything.
>
> Has anyone experienced anything like this, or are able to find any
> commits/issues that matches this issue?
>
>
> --
> Erik
>