With VR + VNF + L2 Network, the VMs in L2 Network cannot be reached from the Internet (But the opposite is possible) #9791
Description
ISSUE TYPE
- Bug Report
COMPONENT NAME
VR + VNF
CLOUDSTACK VERSION
4.19.1
CONFIGURATION
Advanced Networking
VPC
VNF + L2 Network
OS / ENVIRONMENT
SUMMARY
We have 1 VPC and 1 L2 Network connected together with a VNF (PFsense) in between.
Results Summary:
- Test 1: From L2 VM (10.26.8.230) to VPC VM (10.26.1.250) - PASS
- Test 2: From VPC VM (10.26.1.250) to L2 VM (10.26.8.230) - FAILED
- Test 3: From L2 VM (10.26.8.230) to Private Gateway VM (10.88.5.82) - PASS
- Test 4: From Private Gateway VM (10.88.5.82) to L2 VM (10.26.8.230) - FAILED
Background:
We’ve allowed any on the VNF firewall rules as attached in the screenshot below:
Traffic is allowed any on 10.26.1.254 interface
Traffic is allowed any on 10.26.8.254
We then run some tests.
Test 1: From L2 VM (10.26.8.230) to VPC VM (10.26.1.250)
Results: Ping and traceroute test from 10.26.8.230 to 10.26.1.250 works as expected. (PASS)
Test 2: From VPC VM (10.26.1.250) to L2 VM (10.26.8.230)
Results: Ping and traceroute test from 10.26.1.250 to 10.26.8.230 is not possible (FAILED)
Test 3: From L2 VM (10.26.8.230) to Private Gateway VM (10.88.5.82)
Results: Ping and traceroute test from 10.26.8.230 to 10.88.5.82 works as expected (PASS)
Test 4: From Private Gateway VM (10.88.5.82) to L2 VM (10.26.8.230)
Results: Ping and traceroute test from 10.88.5.82 to 10.26.8.230 does not work (FAILED)
We've been trying to debug Tests 2 and 4 for a while now with no sucess. Anyone has any ideas?
Or is Cloudstack designed not to allow this to be possible?
STEPS TO REPRODUCE
NA
EXPECTED RESULTS
Tests 2 and 4 should be able to work
ACTUAL RESULTS
Tests 2 and 4 does not work