[
https://issues.apache.org/jira/browse/CLOUDSTACK-9969?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajani Karuturi updated CLOUDSTACK-9969:
----------------------------------------
Fix Version/s: (was: 4.10.0.0)
4.10.1.0
> IP acquired from additional public ranges which is static nat enabled is
> set to true post releasing the IP in VPC VR.
> ------------------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-9969
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9969
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Virtual Router, VPC
> Affects Versions: 4.10.0.0
> Reporter: DeepthiMachiraju
> Labels: pvr
> Fix For: 4.10.1.0
>
> Attachments: cloud.log, management-server.log
>
>
> - Create VPC and create multiple tiers within VPC.
> - Acquire IP from additional Public Range and ENable static nat on the IP.
> ============== rules created after the above step
> =============================
> - Here eth4 : 10.x.203 , 10.x.204 are the acquired ip
> - 10.147.52.203 is static nat enabled.
> root@r-199-VM:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 0e:00:a9:fe:02:5f brd ff:ff:ff:ff:ff:ff
> inet 169.254.2.95/16 brd 169.254.255.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 06:3b:84:00:00:0e brd ff:ff:ff:ff:ff:ff
> inet 10.147.30.113/24 brd 10.147.30.255 scope global eth1
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:06:b4:00:02 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
> 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:05:12:00:02 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.1/24 brd 192.168.1.255 scope global eth3
> 6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 06:56:62:00:00:1f brd ff:ff:ff:ff:ff:ff
> inet 10.147.52.203/24 brd 10.147.52.255 scope global eth4
> inet 10.147.52.204/24 brd 10.147.52.255 scope global secondary eth4
> root@r-199-VM:/etc/cloudstack# cat forwardingrules.json
> {
> "10.147.52.203": [
> {
> "internal_ip": "192.168.1.90",
> "public_ip": "10.147.52.203",
> "type": "staticnat"
> }
> ],
> "id": "forwardingrules"
> ===================== ips.json ================
> root@r-199-VM:/etc/cloudstack# cat ips.json
> {
> "eth0": [
> {
> "add": true,
> "broadcast": "169.254.255.255",
> "cidr": "169.254.2.95/16",
> "device": "eth0",
> "gateway": "None",
> "netmask": "255.255.0.0",
> "network": "169.254.0.0/16",
> "nic_dev_id": "0",
> "nw_type": "control",
> "one_to_one_nat": false,
> "public_ip": "169.254.2.95",
> "size": "16",
> "source_nat": false
> }
> ],
> "eth1": [
> {
> "add": true,
> "broadcast": "10.147.30.255",
> "cidr": "10.147.30.113/24",
> "device": "eth1",
> "first_i_p": true,
> "gateway": "10.147.30.1",
> "netmask": "255.255.255.0",
> "network": "10.147.30.0/24",
> "new_nic": false,
> "nic_dev_id": 1,
> "nw_type": "public",
> "one_to_one_nat": false,
> "public_ip": "10.147.30.113",
> "size": "24",
> "source_nat": true,
> "vif_mac_address": "06:3b:84:00:00:0e"
> }
> ],
> "eth2": [
> {
> "add": true,
> "broadcast": "192.168.2.255",
> "cidr": "192.168.2.1/24",
> "device": "eth2",
> "gateway": "192.168.2.1",
> "netmask": "255.255.255.0",
> "network": "192.168.2.0/24",
> "nic_dev_id": "2",
> "nw_type": "guest",
> "one_to_one_nat": false,
> "public_ip": "192.168.2.1",
> "size": "24",
> "source_nat": false
> }
> ],
> "eth3": [
> {
> "add": true,
> "broadcast": "192.168.1.255",
> "cidr": "192.168.1.1/24",
> "device": "eth3",
> "gateway": "192.168.1.1",
> "netmask": "255.255.255.0",
> "network": "192.168.1.0/24",
> "nic_dev_id": "3",
> "nw_type": "guest",
> "one_to_one_nat": false,
> "public_ip": "192.168.1.1",
> "size": "24",
> "source_nat": false
> }
> ],
> "eth4": [
> {
> "add": true,
> "broadcast": "10.147.52.255",
> "cidr": "10.147.52.204/24",
> "device": "eth4",
> "first_i_p": true,
> "gateway": "10.147.52.1",
> "netmask": "255.255.255.0",
> "network": "10.147.52.0/24",
> "new_nic": false,
> "nic_dev_id": 4,
> "nw_type": "public",
> "one_to_one_nat": false,
> "public_ip": "10.147.52.204",
> "size": "24",
> "source_nat": true,
> "vif_mac_address": "06:56:62:00:00:1f"
> },
> {
> "add": true,
> "broadcast": "10.147.52.255",
> "cidr": "10.147.52.203/24",
> "device": "eth4",
> "first_i_p": false,
> "gateway": "10.147.52.1",
> "netmask": "255.255.255.0",
> "network": "10.147.52.0/24",
> "new_nic": false,
> "nic_dev_id": 4,
> "nw_type": "public",
> "one_to_one_nat": true,
> "public_ip": "10.147.52.203",
> "size": "24",
> "source_nat": false,
> "vif_mac_address": "06:56:62:00:00:1f"
> }
> ],
> "id": "ips"
> ==============================================
> - Both the acquired IP's are released from the UI.
> ============ logs post releasing =========================
> - eth4 10.147.52.203 is still set to true in ips.json file.
> - IPtables are cleaned up.
> root@r-199-VM:/etc/cloudstack# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 0e:00:a9:fe:02:5f brd ff:ff:ff:ff:ff:ff
> inet 169.254.2.95/16 brd 169.254.255.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 06:3b:84:00:00:0e brd ff:ff:ff:ff:ff:ff
> inet 10.147.30.113/24 brd 10.147.30.255 scope global eth1
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:06:b4:00:02 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
> 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:05:12:00:02 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.1/24 brd 192.168.1.255 scope global eth3
> root@r-199-VM:/etc/cloudstack# cat ips.json
> {
> "eth0": [
> {
> "add": true,
> "broadcast": "169.254.255.255",
> "cidr": "169.254.2.95/16",
> "device": "eth0",
> "gateway": "None",
> "netmask": "255.255.0.0",
> "network": "169.254.0.0/16",
> "nic_dev_id": "0",
> "nw_type": "control",
> "one_to_one_nat": false,
> "public_ip": "169.254.2.95",
> "size": "16",
> "source_nat": false
> }
> ],
> "eth1": [
> {
> "add": true,
> "broadcast": "10.147.30.255",
> "cidr": "10.147.30.113/24",
> "device": "eth1",
> "first_i_p": true,
> "gateway": "10.147.30.1",
> "netmask": "255.255.255.0",
> "network": "10.147.30.0/24",
> "new_nic": false,
> "nic_dev_id": 1,
> "nw_type": "public",
> "one_to_one_nat": false,
> "public_ip": "10.147.30.113",
> "size": "24",
> "source_nat": true,
> "vif_mac_address": "06:3b:84:00:00:0e"
> }
> ],
> "eth2": [
> {
> "add": true,
> "broadcast": "192.168.2.255",
> "cidr": "192.168.2.1/24",
> "device": "eth2",
> "gateway": "192.168.2.1",
> "netmask": "255.255.255.0",
> "network": "192.168.2.0/24",
> "nic_dev_id": "2",
> "nw_type": "guest",
> "one_to_one_nat": false,
> "public_ip": "192.168.2.1",
> "size": "24",
> "source_nat": false
> }
> ],
> "eth3": [
> {
> "add": true,
> "broadcast": "192.168.1.255",
> "cidr": "192.168.1.1/24",
> "device": "eth3",
> "gateway": "192.168.1.1",
> "netmask": "255.255.255.0",
> "network": "192.168.1.0/24",
> "nic_dev_id": "3",
> "nw_type": "guest",
> "one_to_one_nat": false,
> "public_ip": "192.168.1.1",
> "size": "24",
> "source_nat": false
> }
> ],
> "eth4": [
> {
> "add": true,
> "broadcast": "10.147.52.255",
> "cidr": "10.147.52.203/24",
> "device": "eth4",
> "first_i_p": true,
> "gateway": "10.147.52.1",
> "netmask": "255.255.255.0",
> "network": "10.147.52.0/24",
> "new_nic": false,
> "nic_dev_id": 4,
> "nw_type": "public",
> "one_to_one_nat": true,
> "public_ip": "10.147.52.203",
> "size": "24",
> "source_nat": true,
> "vif_mac_address": "06:56:62:00:00:1f"
> },
> {
> "add": false,
> "broadcast": "10.147.52.255",
> "cidr": "10.147.52.204/24",
> "device": "eth4",
> "first_i_p": true,
> "gateway": "10.147.52.1",
> "netmask": "255.255.255.0",
> "network": "10.147.52.0/24",
> "new_nic": false,
> "nic_dev_id": 4,
> "nw_type": "public",
> "one_to_one_nat": false,
> "public_ip": "10.147.52.204",
> "size": "24",
> "source_nat": true,
> "vif_mac_address": "06:56:62:00:00:1f"
> }
> ],
> "id": "ips"
> ========================================================
> - BUt when a new IP is acquired from the same subnet and a rule is
> configured for that IP , the previous [203] IP which was deleted but set to
> true in IPs.json file is now observed in interfaces and iptables .
> root@r-199-VM:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 0e:00:a9:fe:02:11 brd ff:ff:ff:ff:ff:ff
> inet 169.254.2.17/16 brd 169.254.255.255 scope global eth0
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 06:3b:84:00:00:0e brd ff:ff:ff:ff:ff:ff
> inet 10.147.30.113/24 brd 10.147.30.255 scope global eth1
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:06:b4:00:02 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
> 5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 02:00:05:12:00:02 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.1/24 brd 192.168.1.255 scope global eth3
> 6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
> qlen 1000
> link/ether 06:f3:ba:00:00:1e brd ff:ff:ff:ff:ff:ff
> inet 10.147.52.202/24 brd 10.147.52.255 scope global eth4
> inet 10.147.52.203/24 brd 10.147.52.255 scope global secondary eth4
> <Newly Acquired IP 10.147.52.202 >
> root@r-199-VM:/etc/cloudstack# cat forwardingrules.json
> {
> "10.147.52.202": [
> {
> "internal_ip": "192.168.2.233",
> "internal_ports": "22:22",
> "protocol": "tcp",
> "public_ip": "10.147.52.202",
> "public_ports": "22:22",
> "type": "forward"
> }
> ],
> "id": "forwardingrules"
> < old ip 10.X.203 in the iptables >
> root@r-199-VM:/etc/cloudstack# iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere 10.147.52.202 tcp dpt:ssh
> to:192.168.2.233:22
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> DNAT tcp -- anywhere 10.147.52.202 tcp dpt:ssh
> to:192.168.2.233:22
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere mark match 0x525
> SNAT all -- 192.168.1.0/24 anywhere to:192.168.1.1
> SNAT all -- 192.168.2.0/24 anywhere to:192.168.2.1
> SNAT all -- anywhere anywhere to:10.147.30.113
> SNAT all -- anywhere anywhere to:10.147.52.202
> SNAT all -- anywhere anywhere to:10.147.52.203
> SNAT tcp -- anywhere 10.147.52.202 tcp dpt:ssh
> to:192.168.2.233:22
> Attached cloud.log and Ms log
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
