Hi Sheng, Thanks. We are using XenServer 6.2 SP1. After adding debug in the code, I see that addVif never gets called in my case. That's why nic deviceId is zero. Code falls thru the case where vif is already present.If I dump "correctVif.getDevice(conn)" it returns zero.
Does this command handler also gets called when Public-ip is associated with VM's private ip (StaticNAT) ? Do we create a new interface in DomainRouter when staticNAT entry is created? Thanks, Sachin From: Sheng Yang <sh...@yasker.org<mailto:sh...@yasker.org>> Date: Friday, June 6, 2014 4:12 PM To: "<dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>" <dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>>, Sachchidanand Vaidya <vaidy...@juniper.net<mailto:vaidy...@juniper.net>> Subject: Re: SNAT iptable entry on VirtualRouter Hi Sachin, The nicDevId() you see is coming from prepareNetworkElementCommand(IpAssocCommand cmd) in CitrixResourceBase in case of Xen. You would see this: if (addVif) { // Add a new VIF to DomR String vifDeviceNum = getLowestAvailableVIFDeviceNum(conn, router); if (vifDeviceNum == null) { throw new InternalErrorException("There were no more available slots for a new VIF on router: " + router.getNameLabel(conn)); } nic.setDeviceId(Integer.valueOf(vifDeviceNum)); correctVif = createVif(conn, routerName, router, null, nic); correctVif.plug(conn); // Add iptables rule for network usage networkUsage(conn, routerIp, "addVif", "eth" + correctVif.getDevice(conn)); } And nic.setDeviceId() should set the public nic id(which should be 2 in your case) to it. And what's the XenServer version you're using? Could you help to debug it further more? Sadly we cannot reproduce it in our lab... Thanks! --Sheng On Fri, Jun 6, 2014 at 12:29 AM, Sachchidanand Vaidya <vaidy...@juniper.net<mailto:vaidy...@juniper.net>> wrote: Hi, I'm seeing the same issue with 4.4 code. After further debug, I see that CS mgmt server is sending following command to XenHost, xensource.log: <script> /opt/cloud/bin/ipassoc.sh -A -s -f -l 10.84.59.131/24<http://10.84.59.131/24> -c eth0 -g 10.84.59.254 </script> VirtualRouter's public interface is eth2. Also as per dump of VIF list on XenHost, deviceid for public interface of domainRouter is 2. As part of VirtualRoutingResource.java:generateConfig(), CS mgmt server generates this command. It generates publicNic = "eth" + ip.getNicDevId()? Which deviceId does it refer to? Shouldn't it be the deviceid as per the XenHost dump? Does anyone have input on what could he happening here ? Thanks, Sachin >Hi, > I have an isolated network (192.168.3.x/24) being served by >VirtualRouter, where 10.84.59.131 is SourceNAT address >and eth0 is VN interface of VirtualRouter & eth2 is the public interface >of VirtualRouter. > > When I look at the nat table entries on the VirtualRouter, it shows >following : > >root@r-6-VM:~# iptables -L -t nat -n -v >.. >.. >Chain POSTROUTING (policy ACCEPT 330 packets, 22113 bytes) > pkts bytes target prot opt in out source >destination > 0 0 SNAT all -- * eth0 0.0.0.0/0<http://0.0.0.0/0> >0.0.0.0/0<http://0.0.0.0/0> to:10.84.59.131 > >--> Why the "out" interface for the SNAT entry is VN interface (eth0) >instead of Public interface (eth2) ? > >I'm using "Cloudstack Release 4.3.0 (64-bit) Thu Apr 10 20:27:11 UTC >2014" cloudstack-release template. > >Thanks, >Sachin > >--- >root@r-6-VM:~# ifconfig >eth0 Link encap:Ethernet HWaddr 02:13:87:88:e6:dd > inet addr:192.168.3.226 Bcast:192.168.3.255 Mask:255.255.255.0 > inet6 addr: fe80::13:87ff:fe88:e6dd/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:350 errors:0 dropped:0 overruns:0 frame:0 > TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:29400 (28.7 KiB) TX bytes:602 (602.0 B) > Interrupt:25 > >eth1 Link encap:Ethernet HWaddr 0e:00:a9:fe:02:6b > inet addr:169.254.2.107 Bcast:169.254.255.255 Mask:255.255.0.0 > inet6 addr: fe80::c00:a9ff:fefe:26b/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:3293 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2934 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:444768 (434.3 KiB) TX bytes:539100 (526.4 KiB) > Interrupt:26 > >eth2 Link encap:Ethernet HWaddr 06:d5:1c:00:00:0b > inet addr:10.84.59.131 Bcast:10.84.59.255 Mask:255.255.255.0 > inet6 addr: fe80::4d5:1cff:fe00:b/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:133 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1451 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:4636 (4.5 KiB) TX bytes:113282 (110.6 KiB) > Interrupt:27 > >