Nevermind, found the use of custom routing tables. In case someone want to refer, hints are here:
https://github.com/apache/cloudstack/pull/2514#issuecomment-382510915 Jayapal and others - I've another one, is there a way to do routing without marking packets at all, even in case of VRs with additional public interfaces? - Rohit <https://cloudstack.apache.org> ________________________________ From: Rohit Yadav <rohit.ya...@shapeblue.com> Sent: Wednesday, April 18, 2018 10:39:02 PM To: dev@cloudstack.apache.org; us...@cloudstack.apache.org Subject: [DISCUSS] Why we MARK packets? All, I could not find any history around 'why' we MARK or CONNMARK packets in mangle table in VRs? I found an issue in case of VPCs where `MARK` iptable rules failed hair-pin nat (as described in this PR: https://github.com/apache/cloudstack/pull/2514) The valid usage I found was wrt VPN_STATS, however, the usage is not exported at all, it is commented: https://github.com/apache/cloudstack/blob/master/systemvm/debian/opt/cloud/bin/vpc_netusage.sh#L141 Other than for debugging purposes in the VR, marking packets and connections I could not find any valid use. Please do share if you're using marked packets (such as VPN ones etc) outside of VR scope? I propose we remove MARK on packets which is cpu intensive and slows the traffic (a bit), instead CONNMARK can still be used to mark connections and debug VRs without actually changing the packet marking permanently. Thoughts? - Rohit <https://cloudstack.apache.org> rohit.ya...@shapeblue.com www.shapeblue.com<http://www.shapeblue.com> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue rohit.ya...@shapeblue.comĀ www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
