GitHub user tatay188 edited a comment on the discussion: Network Usage & Routed Mode VR's
Something interesting happened, I use the command: ! **nft list ruleset | more** ! and the VR went down. It restarted byitself; however BGP did not come up and the BGP daemon dissapeared, no vtysh, took me an hour to solve the issue - have to change to the default ACL allow, then reset the VPC, Network and finally the Admin have to stop and start the Vrouter In that order, restarting the Vrouter alone by the admin did not work, any other combination did not work either. Once backup I put back the Custom ACL, using the same Cisco logic. Blocking Ingres to those IP addresses trying to attack our systems: 1 deny ingress Specific1 P/mask 2 deny ingress Specific2 range of IPs/mask 3. 20. ingress allow all 21 egress allow all However before it went down i was able to see The ETH2 has all ingress list, not in the right order as I have it in the UI. I am afraid to touch anything else as this a production VPC, and I did not expect the "nft list ruleset | more" was going to be this dangerous. It's a big vrouter, then memory cpu and traffic should not be a problem. I am building another test routed-VPC to run some additional tests. GitHub link: https://github.com/apache/cloudstack/discussions/11299#discussioncomment-16854220 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
