GitHub user weizhouapache closed the discussion with a comment: Network Usage & Routed Mode VR's
> Something interesting happened, I use the command: ! **nft list ruleset | > more** ! and the VR went down. It restarted byitself; however BGP did not > come up and the BGP daemon dissapeared, no vtysh, took me an hour to solve > the issue - have to change to the default ACL allow, then reset the VPC, > Network and finally the Admin have to stop and start the Vrouter In that > order, restarting the Vrouter alone by the admin did not work, any other > combination did not work either. > > Once backup I put back the Custom ACL, using the same Cisco logic. Blocking > Ingres to those IP addresses trying to attack our systems: 1 deny ingress > Specific1 P/mask 2 deny ingress Specific2 range of IPs/mask 3. 20. ingress > allow all 21 egress allow all > > However before it went down i was able to see The ETH2 has all ingress list, > not in the right order as I have it in the UI. I am afraid to touch anything > else as this a production VPC, and I did not expect the "nft list ruleset | > more" was going to be this dangerous. It's a big vrouter, then memory cpu and > traffic should not be a problem. I am building another test routed-VPC to run > some additional tests. @tatay188 just to confirm, did you restart the VR from inside the VR (by `reboot` or `shutdown -r`, etc), or restart it on CloudStack UI or via API ? GitHub link: https://github.com/apache/cloudstack/discussions/11299#discussioncomment-16854735 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
