If I understand network configuration correctly - you are not using VLANs in reality, because you don't add tag to your traffic. The same for Cisco switch - it just listens on different ports. Traffic for public/private is untagged. I am not 100% sure, because my set-up is based on single NIC, but probably you need to assign IP to your bridge in order to work correctly.
The other option I can suggest - try to look into Cisco switch configuration and see if "ARP proxy" is enabled for your public port. Physically you have 2 different HW interfaces and none is configured to have IP - how packet will know which interface to take? Try to run "arp -n" in order to see if your server/client sees the other side. Vadim. -----Original Message----- From: john.ple...@gmail.com [mailto:john.ple...@gmail.com] On Behalf Of John Pletka Sent: Tuesday, October 07, 2014 9:18 PM To: users@cloudstack.apache.org Subject: Re: VMs unable to reach public network One other oddity - output from "route -n" on the secondary storage VM. It's creating routes for the public mgmt service that route back through the private VLAN gateway. route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 XX.47.90.1 0.0.0.0 UG 0 0 0 eth2 10.1.40.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 10.1.40.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 XX.47.90.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 XX.47.90.4 10.1.40.1 255.255.255.255 UGH 0 0 0 eth1 On Tue, Oct 7, 2014 at 2:07 PM, John Pletka <jple...@abraxis.com> wrote: > I have a new CloudStack install and am facing the situation where > guests can't access the public network. It assigns the public IP and > gateway correctly, but when I ssh into the VM, it can only reach the private > side. > Specifically, I'm testing the secondary storage VM. Sorry for the > config dump below, but hopefully something will stand out. > > For my setup I have: > 1) Cisco 4948 switch. 1/2 the ports are a private VLAN 10.1.40.0. 1/2 > the ports are public and connect upstream to a router. > 2) 3 host machines running XenServer 6.2 with dual NICs. ETH0 -> > private VLAN, ETH1=> public side of the switch > 3) The Management is on a 4th server, dual nic and communicates to > public and private fine > 4) Each of the host machines has a private address assigned to xenbr0 > (10.1.40.4, 10.1.40.5, 10.1.40.6). Gateway is 10.1.40.1, which is > owned by the switch VLAN > 5) The Public range is setup as xx.47.90.0/24 (.10-.254 available to > guests) > 6) The host servers can't reach the public network because I have not > assigned a public address to xenbr1 > > ############# > #Here is the network setup of the host servers: > ############# > xe network-list > uuid ( RO) : 486aabce-1215-6e5a-b2d7-1b4c433b8728 > name-label ( RW): Host internal management network > name-description ( RW): Network on which guests will be assigned a > private link-local IP address which can be used to talk XenAPI > bridge ( RO): xenapi > > uuid ( RO) : c56c81c5-a29e-c68f-bb3d-b6393ce5ba20 > name-label ( RW): cloud_link_local_network > name-description ( RW): link local network used by system vms > bridge ( RO): xapi0 > > > uuid ( RO) : ce61e701-84a2-0699-421e-22022ffb901f > name-label ( RW): cloud-private > name-description ( RW): > bridge ( RO): xenbr0 > > uuid ( RO) : dab93467-688e-871d-f4f8-3cb27e759a7c > name-label ( RW): cloud-public > name-description ( RW): > bridge ( RO): xenbr1 > > ############# > # In the CloudStack management, it give the following info for the > secondary storage VM ############# TypeSecondary Storage > VMZoneATL01Public IP AddressXX.47.90.103Private IP > Address10.1.40.100Link Local IP > Address169.254.1.159Hostxenserver03Gateway > XX.47.90.1 > > ##################### > # on the VM itself, here is the ifconfig. Strangely it has two IP > addresses # assigned to the management network, in addition to the > public one ###################### ifconfig > eth0 Link encap:Ethernet HWaddr 0e:00:a9:fe:01:9f > inet addr:169.254.1.159 Bcast:169.254.255.255 Mask:255.255.0.0 > inet6 addr: fe80::c00:a9ff:fefe:19f/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:955 errors:0 dropped:0 overruns:0 frame:0 > TX packets:701 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:68196 (66.5 KiB) TX bytes:95098 (92.8 KiB) > Interrupt:25 > > eth1 Link encap:Ethernet HWaddr 06:5d:94:00:00:45 > inet addr:10.1.40.100 Bcast:10.1.40.255 Mask:255.255.255.0 > inet6 addr: fe80::45d:94ff:fe00:45/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:420976 errors:0 dropped:0 overruns:0 frame:0 > TX packets:42132 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:24655099 (23.5 MiB) TX bytes:2975996 (2.8 MiB) > Interrupt:26 > > eth2 Link encap:Ethernet HWaddr 06:bb:64:00:01:22 > inet addr:XX.47.90.103 Bcast:XX.47.90.255 Mask:255.255.255.0 > inet6 addr: fe80::4bb:64ff:fe00:122/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:367360 errors:0 dropped:0 overruns:0 frame:0 > TX packets:13777 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:21909923 (20.8 MiB) TX bytes:578874 (565.3 KiB) > Interrupt:27 > > eth3 Link encap:Ethernet HWaddr 06:26:2c:00:00:92 > inet addr:10.1.40.177 Bcast:10.1.40.255 Mask:255.255.255.0 > inet6 addr: fe80::426:2cff:fe00:92/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:381109 errors:0 dropped:0 overruns:0 frame:0 > TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:22294465 (21.2 MiB) TX bytes:478 (478.0 B) > Interrupt:28 > > > >
