OK I think I’ve managed to reproduce this.
Boriss-MacBook-Pro:~ bstoyanov$ ssh root@10.1.34.66<ma...@10.1.34.66>
root@10.1.34.66<ma...@10.1.34.66>'s password:
Last login: Mon Jul 17 08:07:34 2017 from 10.1.0.1
[root@VM-ba2a91c8-af1c-41d1-8cb3-18f599cdc673 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:00:08:91:00:01
inet addr:10.0.2.92 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::8ff:fe91:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3157 errors:0 dropped:0 overruns:0 frame:0
TX packets:268 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:228782 (223.4 KiB) TX bytes:44853 (43.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
Ping Failed
[root@VM-ba2a91c8-af1c-41d1-8cb3-18f599cdc673 ~]# ping -c 3 10.0.1.166
PING 10.0.1.166 (10.0.1.166) 56(84) bytes of data.
--- 10.0.1.166 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2000ms
Restarted both the redundant routers where VM 10.0.1.166 is and was able to ping the machine from VM 10.0.2.92
[root@VM-ba2a91c8-af1c-41d1-8cb3-18f599cdc673 ~]# ping -c 3 10.0.1.166
PING 10.0.1.166 (10.0.1.166) 56(84) bytes of data.
64 bytes from 10.0.1.166: icmp_seq=1 ttl=62 time=3.03 ms
64 bytes from 10.0.1.166: icmp_seq=2 ttl=62 time=2.22 ms
64 bytes from 10.0.1.166: icmp_seq=3 ttl=62 time=1.67 ms
--- 10.0.1.166 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 1.673/2.310/3.030/0.557 ms
[root@VM-ba2a91c8-af1c-41d1-8cb3-18f599cdc673 ~]#
As Simon suggested this issue is related to this bug: https://issues.apache.org/jira/browse/CLOUDSTACK-8945
Once we fix it it’ll pass the test_privategw_acl test.
Thanks,
Boris Stoyanov.
boris.stoyanov@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
On Jun 23, 2017, at 4:32 PM, Simon Weller <sw...@ena.com.INVALID>> wrote:
Paul,
Could it be related to rp_filter in some way?
- Si
________________________________
From: Paul Angus <pa...@shapeblue.com>>
Sent: Tuesday, June 20, 2017 3:39 AM
To: dev@cloudstack.apache.org<ma...@cloudstack.apache.org>
Subject: RE: Private Gateway on REDUNDANT VPC
I don't believe so.
Rules look OK and consistent with std VPC as well.
Kind regards,
Paul Angus
paul.angus@shapeblue.com<ma...@shapeblue.com>
www.shapeblue.com<http://www.shapeblue.com>
[http://shapeblue.com/wp-content/uploads/2014/03/sungardonline1.jpg]<http://www.shapeblue.com/>
Shapeblue - The CloudStack Company<http://www.shapeblue.com/>
www.shapeblue.com
The city of Prague was the venue for the spring meeting of the Cloudstack European user group. There was
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Jayapal Uradi [mailto:jayapal.uradi@accelerite.com]
Sent: 20 June 2017 09:30
To: dev@cloudstack.apache.org
Subject: Re: Private Gateway on REDUNDANT VPC
Did you check iptables, Is it blocking on the VR ?
On Jun 20, 2017, at 1:30 PM, Paul Angus <pa...@shapeblue.com> wrote:
Hi All,
I've been looking at the failing Marvin tests for Private Gateways. It passes on std VPC and fails on rVPC.
The test tries to ping a VM on a remote VPC via the private gateways on both VRs.
Digging into it, I found that an ARP request goes out for the remote VM from the local VR to the remote VR, the local VR receives it, then nothing. On the std VRs a reply goes back out.
I've checked all interfaces to see if the reply is going out of the wrong interface, but it just isn't going out anywhere. I can't figure out why no reply seems to be generated... Obviously the answer is in the difference in config and packages on VPC vs rVPC - but I can't find it.
HELP! Any ideas anyone?
Kind regards,
Paul Angus
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.