ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
Advanced Zone, Network VPC
OS / ENVIRONMENT
Cloudstack 4.18 on KVM
Multiple /27 IP's for Public
SUMMARY
Unable to Reach Public IP, which is in same deployment from VM's deployed in VPC
STEPS TO REPRODUCE
Cloudstack deployment is having multiple /27 IP addresses added to public Range. Deploy A VPC and acquire Multiple public IP from each /27 subnet. From any of the VM's deployed in the VPC we are not able to reach the above public IP's except one.
checked the VPC router and the routing table is added as below
default via 99.127.xxx.65 dev eth1
10.20.1.0/24 dev eth5 proto kernel scope link src 10.20.1.1
10.20.2.0/24 dev eth6 proto kernel scope link src 10.20.2.1
169.254.0.0/16 dev eth0 proto kernel scope link src 169.254.198.170
99.127.xxx.32/27 dev eth2 proto kernel scope link src 99.127.xxx.51
99.127.xxx.64/27 dev eth1 proto kernel scope link src 99.127.xxx.93
99.127.xxx.96/27 dev eth3 proto kernel scope link src 99.127.xxx.125
From any VM's in VPC I can reach 99.127.xxx.64/27 subnet. Remaining public subnets are not reachable. From the VM We tried to ping the IP 99.127.xxx.107 (Firewall was Open to public for ICMP), but not pinging
On capturing the packets we could see that packets are leaving the source network and its reaching VR with IP 99.127.xxx.107 but no response is received.
Packet Capture at source VPC router
03:34:16.950824 IP css1-cks-shared-1-node-18bb5b445d5 > 99.127.xxx.107: ICMP echo request, id 7168, seq 0, length 64
03:34:17.950957 IP css1-cks-shared-1-node-18bb5b445d5 > 99.127.xxx.107: ICMP echo request, id 7168, seq 1, length 64
Received packets at 99.127.xxx.107 VR
03:34:16.950549 IP 10.20.2.137 > 99.127.xxx.107: ICMP echo request, id 7168, seq 0, length 64
03:34:16.951536 IP 99.127.xxx.107 > 10.20.2.137: ICMP echo reply, id 7168, seq 0, length 64
03:34:17.950598 IP 10.20.2.137 > 99.127.xxx.107: ICMP echo request, id 7168, seq 1, length 64
03:34:17.951405 IP 99.127.xxx.107 > 10.20.2.137: ICMP echo reply, id 7168, seq 1, length 64
On above we could see that the source IP address is marked as '10.20.2.137' and from the 99.127.xxx.107 router this Private IP will not be reachable. Ideally It should be the Public IP address of VPC.
Please let us know your comments on this.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
OS / ENVIRONMENT
SUMMARY
Unable to Reach Public IP, which is in same deployment from VM's deployed in VPC
STEPS TO REPRODUCE
Cloudstack deployment is having multiple /27 IP addresses added to public Range. Deploy A VPC and acquire Multiple public IP from each /27 subnet. From any of the VM's deployed in the VPC we are not able to reach the above public IP's except one.
checked the VPC router and the routing table is added as below
From any VM's in VPC I can reach 99.127.xxx.64/27 subnet. Remaining public subnets are not reachable. From the VM We tried to ping the IP 99.127.xxx.107 (Firewall was Open to public for ICMP), but not pinging
On capturing the packets we could see that packets are leaving the source network and its reaching VR with IP 99.127.xxx.107 but no response is received.
Packet Capture at source VPC router
Received packets at 99.127.xxx.107 VR
On above we could see that the source IP address is marked as '10.20.2.137' and from the 99.127.xxx.107 router this Private IP will not be reachable. Ideally It should be the Public IP address of VPC.
Please let us know your comments on this.