Chiradeep, Currently, net.ipv4.conf.default.rp_filer is set to 1 in systemvm/debian/config/etc/sysctl.conf. Should it be modified to be 0?
Thanks, -John On Oct 4, 2012, at 6:09 PM, Chiradeep Vittal <chiradeep.vit...@citrix.com> wrote: > It is disabled in sysctl.conf, not sure how it gets re-enabled. See > patches/systemvm/debian/config/etc/init.d/cloud-early-config (function > disable_rpfilter). > Perhaps it is interface-specific rather than "all". > > On 10/4/12 2:39 PM, "John Burwell" <jburw...@basho.com> wrote: > >> Ahmad, >> >> You were correct on the rp_filter issue. Once disabled, the SSVM was >> able to connect outbound to S3, as well as, any host reachable from >> devcloud. I noticed that rp_filter is disabled in sysctl.conf yet it is >> somehow being enabled at runtime. Is this behavior intended? >> >> Thanks, >> -John >> >> On Oct 4, 2012, at 1:07 PM, Ahmad Emneina <ahmad.emne...@citrix.com> >> wrote: >> >>> On 10/4/12 9:16 AM, "John Burwell" <jburw...@basho.com> wrote: >>> >>>> Kelcey, >>>> >>>> I am a bit confused about how secstorage.allowed.internal.sites is used >>>> which stems to lack of knowledge regarding the devcloud network >>>> configuration. Also, is there documentation available for setting up >>>> such a NAT? >>>> >>>> As a point of clarification to my original question, I am working in >>>> the >>>> devcloud environment (using the OVA downloaded from the wiki) where I >>>> need to get the SSVM to connect to S3 or to a local VirtualBox VM >>>> running >>>> an S3-compatible object store. Thus far, I have been unable to get >>>> devcloud to bring up a second NIC on a host-only network. I have >>>> attempted to setup an advanced network configuration as follows: >>>> >>>> Physical Network with VLAN isolation method >>>> Management Server: 10.0.2.15 -> Gateway: 10.0.2.2 >>>> Storage Network: 10.0.2.50-10.0.2.59 -> Gateway 10.0.2.2 on VLAN0 >>>> Management Network: 10.0.2.200-10.0.2.220 -> Gateway 10.0.2.2 >>>> Public Network: 10.0.2.100-10.0.2.199 -> VLAN0 >>> >>> The issue that gets created here is you get system vm's that are >>> multi-homed. Your system vm's get a nic (leg) on each network... But >>> that >>> network is one and the same. Why this is an issue is rp_filter is >>> enabled >>> by default on the system vm's, message comes in on one of those nics, >>> but >>> it's default route out is another nic... Thus blocking the response. >>> >>> Ideally you'd use a basic zone for this kind of configuration, or else >>> you'll end up having to log into the system vm's every time a new one is >>> spawned and disabling rp_filter for the nics. You might want to test >>> this, >>> by logging in and disabling rp_filter on the nics and see if things >>> start >>> working as expected. >>> >>> >>>> >>>> Obviously, my network configuration is incorrect, but I have the >>>> reached >>>> the limits of my CloudStack and Xen knowledge to identify the >>>> problem(s). >>>> >>>> Given this information, what is the best way to give the SSVM access to >>>> the Internet and/or a VirtualBox host-only network? >>>> >>>> Thank you for your help, >>>> -John >>>> >>>> On Oct 3, 2012, at 10:39 PM, "Kelceydamage@bbits" <kel...@bbits.ca> >>>> wrote: >>>> >>>>> The the secondary storage VM can be NATed to from any network router, >>>>> however the console proxy does not work over NAT. >>>>> >>>>> Sent from my iPhone >>>>> >>>>> On Oct 3, 2012, at 7:32 PM, Edison Su <edison...@citrix.com> wrote: >>>>> >>>>>> System vm will have 4 nics, eth2 is on the public network, eth1 is >>>>>> the >>>>>> private(mgt) network. >>>>>> The IP address of eth2 is got from pod configuration: in one of IP >>>>>> address range ["startip", "endip"] in createPod API. >>>>>> The IP address of eth1 is got from guest network, if it's basic >>>>>> network mode, this IP range is configured by createVlanIpRanges API >>>>>> SSVM will connect to mgt server through eth1(mgt server's ip address >>>>>> is configured to route through eth1), and download template from >>>>>> eth2. >>>>>> What's your specific issue about network configuration? >>>>>> >>>>>>> -----Original Message----- >>>>>>> From: John Burwell [mailto:jburw...@basho.com] >>>>>>> Sent: Wednesday, October 03, 2012 7:11 PM >>>>>>> To: cloudstack-dev@incubator.apache.org >>>>>>> Subject: SSVM Network Configuration >>>>>>> >>>>>>> All, >>>>>>> >>>>>>> How do you configure networking to permit the SSVM to connect to the >>>>>>> public Internet or another internal network? I have been trying to >>>>>>> understand the network configuration from the documentation, but am >>>>>>> missing something in my configuration attempt. >>>>>>> >>>>>>> Thank you for your assistance, >>>>>>> -John >>>> >>>> >>> >>> >>> -- >>> Æ >>> >>> >>> >> >
