> I haven't been able to reproduce it either, but it's unclear how packets > would get into a VM on an island since there is no router interface, and > the VM can't respond even if it did get it. > > I do see outbound pings from the connected VM get to eth0, hit the > masquerade rule, and continue on their way. But those packets get > dropped at my ISP since they're in the 10/8 range, so perhaps something > in the datacenter where this is running is responding? Grasping at > straws is right until we see the results of Armando's test patch.
Right, that's what I was thinking when I said "something with the provider" in my other reply. A provider could potentially always reflect 10/8 back at you to eliminate the possibility of ever escaping like that, which would presumably come back, hit the 10.1/20 route that we have and continue on in. I'm not entirely sure why that's not being hit right now (i.e. before this change), but I'm less familiar with the current state of the art than I am this patch. --Dan __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
