GitHub user automagics closed a discussion: Traffic to VIP not reaching instance
We’re running into an issue on CloudStack 4.20.1 with a setup where we’re using keepalived and a VIP between two KVM instances in a shared guest network. Both instances have their own NIC with a static IP, and there’s a VIP in the same subnet that’s managed by keepalived. The VIP floats between the two VMs, but it’s not assigned statically to either NIC in CloudStack. It only exists inside the VMs when keepalived assigns it. When the VIP is active on any of the instances, we can’t connect to it. The security groups that are assigned to the instances allow all traffic (just for testing purposes). We ran tcpdump on the CloudStack host, and traffic to the VIP does arrive at the host. But inside the VM that currently holds the VIP, there’s nothing. The traffic never gets there. So our conclusion is: since the VIP isn’t defined in CloudStack itself, it looks like traffic to that IP isn’t forwarded to the instance, even though the IP is active on the interface from inside the VM. Some extra context: - Network type: Shared - VLAN-backed - Guest traffic type - CIDR/netmask/gateway are all correctly configured - The VIP is in the same /24 as the two static IPs - Hypervisor: KVM We’re wondering: - Is this expected behavior? - Is there a way to make CloudStack forward traffic for IPs that aren’t explicitly assigned to a NIC? - Or is there another approach recommended for using keepalived/VRRP-style failover with floating IPs? Thanks in advance! GitHub link: https://github.com/apache/cloudstack/discussions/11271 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
