Search Engine: Elastic

Article ID: 132116, created on Jan 23, 2018, last review on Jan 23, 2018

  • Applies to:
  • Operations Automation 7.2

Symptoms

Two Virtual Environments belong to different customers, however, they can communicate to each other over backnet. Configuration on Instance Manager Node side is correct. On Virtualization Node, the following can be seen:

# prlsrvctl privnet list
Name G Netmasks
LEGACY x 192.168.0.0/16
vlan1 192.168.0.1/30 192.168.0.2/30 *
vlan2 192.168.0.10/30 *

UUID STATUS IP_ADDR T NAME
{e98ecb39-3014-4e8c-1111-a9de9ca3bc8c} running 192.168.0.3 CT 1000000.server-1000123-1
{15d65703-c603-485b-2222-780285e288c6} running 192.168.0.2 VM 1000001.server-1000456-1
{1dc48b8e-74a5-42ff-3333-b90f08c35c17} running 192.168.0.1 VM 1000001.server-1000789-1

According to weak privnet logic described in Weak Private Networks, the Virtual Environment with IP 192.168.0.1 should not be able to ping IP 192.168.0.3, but should be able to reach 192.168.0.2. In the case, it can reach both.

The issue can be reproduced by configuring private networks manually:

# prlsrvctl privnet del vlan2
# prlctl exec e98ecb39-3014-4e8c-1111-a9de9ca3bc8c ping 192.168.0.2 # pinging 192.168.0.2 from 192.168.0.3
PING 192.168.0.2 (192.168.0.2) 2(84) bytes of data.
64 bytes from 192.168.0.2: icmp_seq=1 ttl=127 time=192 ms

# prlsrvctl privnet add vlan2 --ipadd '192.168.0.10/30'
<ping works>

# prlsrvctl privnet set vlan2 --ipadd '*'
<ping works>

Cause

The root cause of the issue lies on Virtuozzo side and related to Virtuozzo 7 version. The same configuration on Virtuozzo 6 does not allow VEs from different 'vlans' to ping each other. Direct network connectivity is possible only within one 'vlan'. The issue is reproduced only in Virtuozzo 7.

Resolution

Please contact Virtuozzo Support.

5356b422f65bdad1c3e9edca5d74a1ae caea8340e2d186a540518d08602aa065 e12cea1d47a3125d335d68e6d4e15e07 31987597efff5a3a9ce779cc203bbe5e 1941880841f714e458ae4dc3d9f3062d

Email subscription for changes to this article
Save as PDF