[ https://issues.apache.org/jira/browse/CLOUDSTACK-6464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13975510#comment-13975510 ]
Serg Senko commented on CLOUDSTACK-6464: ---------------------------------------- Hello, Also related to advanced zone with VLAN isolation: Environment: OS : CentOS 6.3 Hypervizor : KVM ( QEMU ) Zone : Advanced VLAN isolation Traffic labels : Guest: cloudbr1 private: cloudbr1 public: cloudbr0 After upgrade to ACS 4.3 new VR's started with duplicate NIC's. All IP aliases started as network interfaces with same public IP Following that, egress traffic iptables rules doesn't work and no outgoing network connectivity in any cases. root@r-256-VM:~# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 02:00:6b:16:00:09 brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global eth0 inet6 fe80::6bff:fe16:9/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 0e:00:a9:fe:01:38 brd ff:ff:ff:ff:ff:ff inet 169.254.1.56/16 brd 169.254.255.255 scope global eth1 inet6 fe80::c00:a9ff:fefe:138/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 06:06:ec:00:00:0e brd ff:ff:ff:ff:ff:ff inet XXX.XXX.XXX.219/26 brd 46.165.231.255 scope global eth2 inet6 fe80::406:ecff:fe00:e/64 scope link valid_lft forever preferred_lft forever 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 06:81:44:00:00:0e brd ff:ff:ff:ff:ff:ff inet XXX.XXX.XXX.219/26 brd 46.165.231.255 scope global eth3 inet XXX.XXX.XXX.230/26 brd 46.165.231.255 scope global secondary eth3 inet XXX.XXX.XXX.228/26 brd 46.165.231.255 scope global secondary eth3 inet XXX.XXX.XXX.209/26 brd 46.165.231.255 scope global secondary eth3 inet XXX.XXX.XXX.247/26 brd 46.165.231.255 scope global secondary eth3 inet XXX.XXX.XXX.227/26 brd 46.165.231.255 scope global secondary eth3 inet6 fe80::481:44ff:fe00:e/64 scope link valid_lft forever preferred_lft forever 6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 06:e5:36:00:00:0e brd ff:ff:ff:ff:ff:ff inet XXX.XXX.XXX.219/26 brd 46.165.231.255 scope global eth4 inet XXX.XXX.XXX.247/26 brd 46.165.231.255 scope global secondary eth4 inet XXX.XXX.XXX.209/26 brd 46.165.231.255 scope global secondary eth4 inet XXX.XXX.XXX.227/26 brd 46.165.231.255 scope global secondary eth4 inet XXX.XXX.XXX.230/26 brd 46.165.231.255 scope global secondary eth4 inet6 fe80::4e5:36ff:fe00:e/64 scope link valid_lft forever preferred_lft forever 7: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 06:6f:3a:00:00:0e brd ff:ff:ff:ff:ff:ff inet XXX.XXX.XXX.219/26 brd 46.165.231.255 scope global eth5 inet XXX.XXX.XXX.228/26 brd 46.165.231.255 scope global secondary eth5 inet XXX.XXX.XXX.227/26 brd 46.165.231.255 scope global secondary eth5 inet XXX.XXX.XXX.209/26 brd 46.165.231.255 scope global secondary eth5 inet XXX.XXX.XXX.247/26 brd 46.165.231.255 scope global secondary eth5 inet XXX.XXX.XXX.230/26 brd 46.165.231.255 scope global secondary eth5 inet6 fe80::46f:3aff:fe00:e/64 scope link valid_lft forever preferred_lft forever 8: eth6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 06:b0:30:00:00:0e brd ff:ff:ff:ff:ff:ff inet XXX.XXX.XXX.219/26 brd 46.165.231.255 scope global eth6 inet XXX.XXX.XXX.209/26 brd 46.165.231.255 scope global secondary eth6 inet XXX.XXX.XXX.247/26 brd 46.165.231.255 scope global secondary eth6 inet XXX.XXX.XXX.230/26 brd 46.165.231.255 scope global secondary eth6 inet XXX.XXX.XXX.227/26 brd 46.165.231.255 scope global secondary eth6 inet6 fe80::4b0:30ff:fe00:e/64 scope link valid_lft forever preferred_lft forever 9: eth7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 06:26:b4:00:00:0e brd ff:ff:ff:ff:ff:ff inet XXX.XXX.XXX.219/26 brd 46.165.231.255 scope global eth7 inet XXX.XXX.XXX.247/26 brd 46.165.231.255 scope global secondary eth7 inet XXX.XXX.XXX.228/26 brd 46.165.231.255 scope global secondary eth7 inet XXX.XXX.XXX.230/26 brd 46.165.231.255 scope global secondary eth7 inet XXX.XXX.XXX.209/26 brd 46.165.231.255 scope global secondary eth7 inet XXX.XXX.XXX.227/26 brd 46.165.231.255 scope global secondary eth7 inet6 fe80::426:b4ff:fe00:e/64 scope link valid_lft forever preferred_lft forever > [KVM:basic zone- upgrade to 4.3],after any vm restart,all the nics are > plugged to default bridge even though trafiic labels are being used > ---------------------------------------------------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-6464 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6464 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: Management Server > Affects Versions: 4.3.0 > Reporter: sadhu suresh > Priority: Critical > Fix For: 4.3.1 > > > Steps: > 1. create a KVM basic zone with 2 nics on host (pre 4.3 build) > 2.use cloudbr0 for management and cloudbr1 for guest by specifying the > traffic labels in the physical networks. > 3.deploy few vms > 4.upgrade to felton GA build as per the Upgrade instructions. > actual result: > Upgrade successful but all the vnets that were attached to cloudbr1 before > upgrade are attached to cloudbr0. > Due to this network connectivity is lost. > Expected result: > Even after upgrade ,all the vnets should be attached to the same bridge as > before upgrade. > ex: > before Upgrade : this vms(i-5-616-VM) nic was attached to cloudbr1 and after > upgrade and VM stop/start. > the network rules are getting programmed in cloudbr0 .check below output > ,984 DEBUG [kvm.resource.LibvirtComputingResource] > (agentRequest-Handler-2:null) Executing: > /usr/share/cloudstack-common/scripts/vm/network/security_group.py > default_network_rules --vmname i-5-616-VM --vmid 616 --vmip 10.x.x245 --vmmac > 06:14:48:00:00:7f --vif vnet15 --brname cloudbr0 --nicsecips 0: > dumpxml output for i-5-616-VM after upgrade(& after VM restart) > ***************************************************** > virsh # dumpxml 38 > <domain type='kvm' id='38'> > <name>i-5-616-VM</name> > <uuid>87557942-1393-49b3-a73e-ae24c40541d1</uuid> > <description>Other CentOS (64-bit)</description> > <memory unit='KiB'>2097152</memory> > <currentMemory unit='KiB'>2097152</currentMemory> > <vcpu placement='static'>1</vcpu> > <cputune> > <shares>1000</shares> > </cputune> > <os> > <type arch='x86_64' machine='rhel6.2.0'>hvm</type> > <boot dev='cdrom'/> > <boot dev='hd'/> > </os> > <features> > <acpi/> > <apic/> > <pae/> > </features> > <cpu> > </cpu> > <clock offset='utc'/> > <on_poweroff>destroy</on_poweroff> > <on_reboot>restart</on_reboot> > <on_crash>destroy</on_crash> > <devices> > <emulator>/usr/libexec/qemu-kvm</emulator> > <disk type='file' device='disk'> > <driver name='qemu' type='qcow2' cache='none'/> > <source > file='/mnt/041e5d8e-d9c1-346d-aea9-cd9c7b80a211/75544e9d-a4c9-4a94-943e-b20827676a27'/> > <target dev='hda' bus='ide'/> > <alias name='ide0-0-0'/> > <address type='drive' controller='0' bus='0' target='0' unit='0'/> > </disk> > <disk type='file' device='cdrom'> > <driver name='qemu' type='raw' cache='none'/> > <target dev='hdc' bus='ide'/> > <readonly/> > <alias name='ide0-1-0'/> > <address type='drive' controller='0' bus='1' target='0' unit='0'/> > </disk> > <controller type='usb' index='0'> > <alias name='usb0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/> > </controller> > <controller type='ide' index='0'> > <alias name='ide0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/> > </controller> > <interface type='bridge'> > <mac address='06:14:48:00:00:7f'/> > <source bridge='cloudbr0'/> > <target dev='vnet15'/> > <model type='e1000'/> > <bandwidth> > <inbound average='25600' peak='25600'/> > <outbound average='25600' peak='25600'/> > </bandwidth> > <alias name='net0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> > </interface> > <serial type='pty'> > <source path='/dev/pts/12'/> > <target port='0'/> > <alias name='serial0'/> > </serial> > <console type='pty' tty='/dev/pts/12'> > <source path='/dev/pts/12'/> > <target type='serial' port='0'/> > <alias name='serial0'/> > </console> > <input type='tablet' bus='usb'> > <alias name='input0'/> > </input> > <input type='mouse' bus='ps2'/> > <graphics type='vnc' port='5912' autoport='yes' listen='10.x.x.3'> > <listen type='address' address='10.147.37.3'/> > </graphics> > <video> > <model type='cirrus' vram='9216' heads='1'/> > <alias name='video0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> > </video> > <memballoon model='virtio'> > <alias name='balloon0'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> > </memballoon> > </devices> > <seclabel type='none'/> > </domain> > its also applicable to new vm deployments. -- This message was sent by Atlassian JIRA (v6.2#6252)