Hi I've been randomly seeing this issue for over a year now. At least I think it might be related.
I am currently on 4.7.1.1, but a few previous releases had this issue too on some of the networks. I've got a half a dozen of networks or so, which are broken and do not allow outgoing traffic despite having the egress rule that allows all traffic out with cidr 0.0.0.0/0. These networks are always broken. Restarting the network with and without the Clean Up option doesnt help nor does removing and adding the Egress rule. In order to fix the outgoing traffic I have to login to the VR in question and manually run: iptables -A FW_OUTBOUND -j ACCEPT Only after this command the egress traffic starts to flow. This procedure has to be repeated EVERY time the router is restarted or recreated for EVERY network which is broken. The rest of the networks are not affected by this issue. I definitely didn't have this issue on the early 4.X releases and this issue probably happened around version 4.4 or 4.5. Andrei ----- Original Message ----- > From: "Rohit Yadav" <[email protected]> > To: "Simon Weller" <[email protected]>, "dev" <[email protected]> > Sent: Thursday, 21 July, 2016 21:13:52 > Subject: Re: 4.9.0 RC2 Status > Hi Will, > > > The issue is that after upgrading the VR from a pre-4.6 environment, the > outbound traffic for guest VMs stop working (where their egress rule was allow > all for 0.0.0.0/0). Along with this, I found that removing allow all 0.0.0.0/0 > egress rule does not remove the rule from VR's filter table. This could be > minor security issue for guest VMs. > > > I think it's a blocker, please help review and test it: > > https://github.com/apache/cloudstack/pull/1614 > > > Regards. > > ________________________________ > From: [email protected] <[email protected]> on behalf of Will > Stevens <[email protected]> > Sent: 21 July 2016 21:43:42 > To: Simon Weller > Cc: [email protected] > Subject: Re: 4.9.0 RC2 Status > > I am waiting on pdube's PR to fix some issues with VPCs (not introduced in > 4.9, but should be fixed in 4.9). > > I am also testing #1613 because I had added #1594 and had to revert it > because I was running into an error consistently ever since. Hopefully > #1613 will run cleanly and I can merge it as well for 4.9. > > Sorry for the delay. Since this release is so huge, it makes sense to fix > as many issues as possible before it ships (especially if we will LTS this > release). > > *Will STEVENS* > Lead Developer > > *CloudOps* *| *Cloud Solutions Experts > 420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6 > w cloudops.com *|* tw @CloudOps_ > > > [email protected] > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > > > On Thu, Jul 21, 2016 at 12:04 PM, Simon Weller <[email protected]> wrote: > >> John, >> >> >> I think we're pending a PR from pdube related to broken VPCs. It sounds >> very much like what we found in our QA environment a few weeks ago. >> >> - Si >> >> ------------------------------ >> *From:* John Burwell <[email protected]> >> *Sent:* Thursday, July 21, 2016 10:55 AM >> *To:* [email protected] >> *Cc:* Will Stevens >> *Subject:* 4.9.0 RC2 Status >> >> Will, >> >> I am inquiring as to the status of 4.9.0 RC2. Are there issues we can >> help resolve in order to get it out? If not, do you have an ETA on when it >> will be cut? >> >> Thanks, >> -John >> [email protected] >> www.shapeblue.com<http://www.shapeblue.com> >> 53 Chandos Place, Covent Garden, London VA WC2N 4HSUK >> @shapeblue >> >> >>
