GitHub user tatay188 closed the discussion with a comment: Network Usage & Routed Mode VR's
Something interesting happened, I use the command: ! **nft list ruleset | more** ! and the VR went down. It restarted byitself; however BGP did not come up and the BGP daemon dissapeared, no vtysh, took me an hour to solve the issue - have to change to the default ACL allow, then reset the VPC, Network and finally the Admin have to stop and start the Vrouter In that order, restarting the Vrouter alone by the admin did not work, any other combination did not work either. Once backup I put back the Custom ACL, using the same Cisco logic. Blocking Ingres to those IP addresses trying to attack our systems: 1 deny ingress Specific1 P/mask 2 deny ingress Specific2 range of IPs/mask 3. 20. ingress allow all 21 egress allow all The ETH2 has all ingress list, I am afraid to touch anything else as this a production VPC, and I did not expect the "nft list ruleset | more" was going to be this dangerous. It's a big vrouter, then memory cpu and traffic should not be a problem. GitHub link: https://github.com/apache/cloudstack/discussions/11299#discussioncomment-16854220 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
