You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cloudstack.apache.org by Andrei Mikhailovsky <an...@arhont.com.INVALID> on 2018/04/05 09:51:22 UTC

VPC issues after upgrading from 4.9.3 to 4.11.0

Hello, 

I have identified a critical VPC issue after we've upgraded to 4.11.0 on KVM hypervisors. The problem is the connectivity between network tiers within the VPC stopped working after the upgrade. Doing VPC restart with the Clean Up doesn't help. 


It seems that the VPC's iptable rules are all messed up and they reference wrong interfaces. The iptable rules are all created using the eth0 interface and not using the tier's corresponding network interface. For example: 


0 0 SNAT all — * eth0 10.1.60.0/24 10.1.60.30 to:10.1.70.1 
0 0 SNAT all — * eth1 10.1.60.30 0.0.0.0/0 to:178.248.108.109 
0 0 SNAT all — * eth0 10.1.60.0/24 10.1.60.4 to:10.1.70.1 
0 0 SNAT all — * eth1 10.1.60.4 0.0.0.0/0 to:178.248.108.104 
0 0 SNAT all — * eth0 10.1.60.0/24 10.1.60.146 to:10.1.70.1 
4 304 SNAT all — * eth1 10.1.60.146 0.0.0.0/0 to:178.248.108.44 

The network interface that corresponds to the 10.1.60.0/24 is on eth6. The same happens with 

Could anyone suggest the fix for this? 

Thanks 

Andrei

Re: VPC issues after upgrading from 4.9.3 to 4.11.0

Posted by Simon Weller <sw...@ena.com.INVALID>.

Andrei,

Do the interfaces appear correct (i.e. are the correct interfaces plugged into the expected bridges in the libvirt config)?

We have yet to test 4.11, but we're about to get it into our lab.

- Si

________________________________
From: Andrei Mikhailovsky <an...@arhont.com.INVALID>
Sent: Thursday, April 5, 2018 4:51 AM
To: users
Subject: VPC issues after upgrading from 4.9.3 to 4.11.0

Hello,

I have identified a critical VPC issue after we've upgraded to 4.11.0 on KVM hypervisors. The problem is the connectivity between network tiers within the VPC stopped working after the upgrade. Doing VPC restart with the Clean Up doesn't help.


It seems that the VPC's iptable rules are all messed up and they reference wrong interfaces. The iptable rules are all created using the eth0 interface and not using the tier's corresponding network interface. For example:


0 0 SNAT all — * eth0 10.1.60.0/24 10.1.60.30 to:10.1.70.1
0 0 SNAT all — * eth1 10.1.60.30 0.0.0.0/0 to:178.248.108.109
0 0 SNAT all — * eth0 10.1.60.0/24 10.1.60.4 to:10.1.70.1
0 0 SNAT all — * eth1 10.1.60.4 0.0.0.0/0 to:178.248.108.104
0 0 SNAT all — * eth0 10.1.60.0/24 10.1.60.146 to:10.1.70.1
4 304 SNAT all — * eth1 10.1.60.146 0.0.0.0/0 to:178.248.108.44

The network interface that corresponds to the 10.1.60.0/24 is on eth6. The same happens with

Could anyone suggest the fix for this?

Thanks

Andrei