GitHub user remibergsma opened a pull request:
https://github.com/apache/cloudstack/pull/1214
Setup routes for RFC 1918 ip space
Setup general route for RFC 1918 space, as otherwise it will be sent to the
public gateway and likely to be dropped (internet providers do not route ip
space that is meant for internal use). More specific routes that may be set
have preference over this generic routes so this works even with private ranges
used for public ip space (as shown below).
When using an internal DNS server some hosts may resolve to an RFC 1918 ip
address. The SSVM has a default gw to public so if it has no route for this ip
address space, it will not work. This PR makes generic RFC 1918 (so all
internal ip adresses like 10.0.0.10 etc) to the local management gateway. This
makes them reachable. Without this fix, it is sent upstream and it is dropped
there.
Should there be a more generic route (smaller prefix), this has preference
over the generic routes.
Example in my dev environment:
```
root@v-1-VM:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
0.0.0.0 192.168.23.1 0.0.0.0 UG 0 0 0 eth2
10.0.0.0 192.168.22.1 255.0.0.0 UG 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
172.16.0.0 192.168.22.1 255.240.0.0 UG 0 0 0 eth1
192.168.0.0 192.168.22.1 255.255.0.0 UG 0 0 0 eth1
192.168.22.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.23.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
```
Route `192.168.0.0/16` goes via `eth1` but `192.168.23.0/24` is more
specific and has preference and goes via `eth2`. It works:
```
root@v-1-VM:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 48 data bytes
56 bytes from 8.8.8.8: icmp_seq=0 ttl=49 time=7.179 ms
^C--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 7.179/7.179/7.179/0.000 ms
```
This solves a lot of the 'internal resolving' issues we face.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/remibergsma/cloudstack rfc1918_route
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1214.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1214
----
commit 155c16b67624d3a7babe796c0e7152771028d978
Author: Remi Bergsma <git...@remi.nl>
Date: 2015-12-10T16:50:45Z
Setup routes for RFC 1918 ip space
Setup general route for RFC 1918 space, as otherwise it will be sent to
the public gateway and not work. More specific routes that may be set
have preference over this generic routes.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
