[jira] [Commented] (CLOUDSTACK-8326) Bug in cloudstack virtual router (KVM) in Simple zone with public ips / DHCP Debian Wheezy specific

Mon, 31 Oct 2016 12:38:15 -0700 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-8326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15623129#comment-15623129
 ] 

Wido den Hollander commented on CLOUDSTACK-8326:
------------------------------------------------

This is also affecting me and a more detailed report can be found on Github 
about this: https://github.com/projectcalico/felix/issues/40

A short quote:

"My CirrOS based virtual machines Linux cirros 3.2.0-68-virtual #102-Ubuntu SMP 
Tue Aug 12 22:14:39 UTC 2014 x86_64 GNU/Linux ignore the DHCP reply sent by 
dnsmasq. When tcpdumping on the VM's tap interface, I can see the DHCP request 
AND the DHCP reply, but the reply is not accepted.

It appears to be down to a problem with checksum generation, which usually only 
happens on the physical interface (offloading), but with Calico all DHCP 
happens inside the same compute node and only goes from the dnsmasq ns to the 
relevant tap ports...

A workaround that helped me make my instances accept the DHCP reply is adding 
the following iptables/mangle entry on my compute node:

iptables -A POSTROUTING -t mangle -p udp --dport bootpc -d 100.64.0.0/10 -j 
CHECKSUM --checksum-fill"

> Bug in cloudstack virtual router (KVM) in Simple zone with public ips / DHCP 
> Debian Wheezy specific
> ---------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8326
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8326
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: KVM, Virtual Router
>    Affects Versions: 4.3.2
>         Environment: Ubuntu 12.04.5 for Host
> Debian Squeeze for VR
>            Reporter: Ivan A Kudryavtsev
>            Assignee: Wido den Hollander
>             Fix For: Future, 4.10.0.0, 4.9.2.0
>
>
> I've found bug in DHCP component of VR 4.3.2. The bug is completely described 
> at:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717217
> DHCP responses with bad checksum. As a result, dhcp client unable to get 
> lease: "dhcpd: 5 bad udp checksums in 5 packets"
> Hotfix is:
> iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM 
> --checksum-fill
> on VR.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to