Uploaded image for project: 'CloudStack'
  1. CloudStack
  2. CLOUDSTACK-9393

Wrong information returned for CheckS2SVpnConnectionsCommand when more than one S2S VPN connection exists between a VPC VR, to other VPC VR's

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 4.5.2
    • None
    • Network Controller
    • Security Level: Public (Anyone can view this level - this is the default.)
    • None

    Description

      Its is observed that when there is more that one VPC VR connections originating or terminating from a VPC VR, status of CheckS2SVpnConnectionsCommand is not correct. For e.g, if there are 3 VPC A,B,C exists, with following s2s connections

      A->B
      B->A
      A->C
      C->A

      I this case , VPC VR at site A, has two connections. In which case following error message are noticed.

      ========================================================
      2016-05-17 00:00:24,402 DEBUG [c.c.a.t.Request] (DirectAgent-411:ctx-8676f24f) Seq 231-106960491150353746: Processing: { Ans: , MgmtId: 345050463794, via: 231, Ver: v1, Flags: 110, [{"com. cloud.agent.api.CheckS2SVpnConnectionsAnswer":{"ipToConnected":{},"ipToDetail":{},"details":"whack: Pluto is not running (no \"/var/run/pluto/pluto.ctl\")\n130.185.66.25:11:ISAKMP SA NOT found but checking IPsec;IPsec SA not found;Site-to-site VPN have not connected&whack: Pluto is not running (no \"/var/run/pluto/pluto.ctl\")\n80.69.130.108:11:ISAKMP SA NOT found but checking IPsec; IPsec SA not found;Site-to-site VPN have not connected&whack: Pluto is not running (no \"/var/run/pluto/pluto.ctl\")\n80.69.130.104:11:ISAKMP SA NOT found but checking IPsec;IPsec SA not found; Site-to-site VPN have not connected&","result":true,"wait":0}}] }
      572 2016-05-17 00:00:24,402 DEBUG [c.c.a.t.Request] (RouterStatusMonitor-1:ctx-d689a0dd) Seq 231-106960491150353746: Received: { Ans: , MgmtId: 345050463794, via: 231, Ver: v1, Flags: 110,

      { CheckS2SVpnConnectionsAnswer }

      }
      573 2016-05-17 00:00:24,402 DEBUG [c.c.a.m.AgentManagerImpl] (RouterStatusMonitor-1:ctx-d689a0dd) Details from executing class com.cloud.agent.api.CheckS2SVpnConnectionsCommand: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
      ========================================================

      Also on noticing state change, management server is expected to update the state in the DB. It is observed that state never gets updated in the DB and management server keeps raising alert and debug messages on every CheckRouterTask.

      As seen in the below snip there is state change detected in CheckRouterTask, but never gets updated in the DB.

      ========================================================
      2016-05-17 17:02:54,803 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-a25222f7) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:03:24,271 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-548194b9) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:03:24,639 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-548194b9) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:03:54,174 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-fab8498a) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:03:54,527 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-fab8498a) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:04:24,026 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-38c04ff4) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:04:24,419 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-38c04ff4) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:04:54,060 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-67809600) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:04:54,419 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-67809600) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:05:23,981 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-7c3107b2) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:05:24,357 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-7c3107b2) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:05:54,422 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-17a7b2aa) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:05:54,792 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-17a7b2aa) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:06:24,134 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-ade040c6) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:06:24,510 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-ade040c6) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      2016-05-17 17:06:53,996 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-20095156) Site-to-site Vpn Connection to VPN-80.69.130.108 on router b-8081-VM(id: 8081) just switch from Connected to Disconnected
      2016-05-17 17:06:54,427 INFO [c.c.n.r.VirtualNetworkApplianceManagerImpl] (RouterStatusMonitor-1:ctx-20095156) Site-to-site Vpn Connection to VPN-80.69.130.108 on router r-8083-VM(id: 8083) just switch from Disconnected to Connected
      ========================================================

      Attachments

        Activity

          People

            Unassigned Unassigned
            muralireddy Murali Mohan Reddy
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: