cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Gomez <>
Subject Cloudstack 4.9.2, Error on routes on systemvm
Date Fri, 09 Jun 2017 07:02:38 GMT
Hi all,

We are trying to upgrade our PRE environment from 4.5.2 to to check
the behaviour and apply on our production environment.

I have noticed two problems on the new installation, one of them is that I
can't access the VMs console via the console proxy VM (the other will
arrive on other request ;)

Analyzing the problem I noticed that a new routes are added on systemvm,
for private networks:

root@s-262-VM:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface         UG    0      0        0
*       UG    0      0        0
eth1* U     0      0        0
*     UG    0      0        0
*     UG    0      0        0
eth1*   U     0      0        0 eth1   U     0      0        0 eth3

(Public IPs are not real)

And searching into the systemvm scripts I realized that there is a script
"/etc/init.d/*cloud-early-config*" which is responsible of those new
routes, and more concretely, on the funciont
"setup_system_rfc1918_internal", that is called when setting the Console
proxy and Secondary Storage VM.

setup_system_rfc1918_internal() {
*  echo "$public_ip" | grep -E
  if [ "$?" == "0" ]; then
     log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause
$public_ip is RFC1918."
     log_it "Setting up route of RFC1918 space to $LOCAL_GW"
     # Setup general route for RFC 1918 space, as otherwise it will be sent
     # the public gateway and not work
     # More specific routes that may be set have preference over this
generic route.
     ip route add via $LOCAL_GW
     ip route add via $LOCAL_GW
     ip route add via $LOCAL_GW

The problem on our environment is that we use real public IPs for public
network, but we use private addresses for internal use (10.x.0.0/16). In
this case, the "if" statement will enter into the "else" block, and the
private routes are added, one of them is, that includes our
private "public" network (10.x.0.0/16).

When I try to access the VM console, the console proxy is redirecting my
network traffic through the management network, and in consecuense I can't
reach the console due the routing rule:       UG    0      0        0 eth1

Dones anyone know how to avoid this behaviour?

Thanks in advanced.

Best regards,
Sebastián Gómez

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message