Turn on rp_filter default to disable for console proxy VM, avoid explcit route conflict in DomR

2011-01-18 16:14:56 -08:00 · 2011-01-18 16:14:56 -08:00 · c0fb9be02a
parent e8f89004d9
commit c0fb9be02a
2 changed files with 16 additions and 3 deletions
--- a/server/src/com/cloud/configuration/Config.java
+++ b/server/src/com/cloud/configuration/Config.java
@ -99,7 +99,7 @@ public enum Config {
 	ConsoleProxyRamSize("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.ram.size", "1024", "RAM size (in MB) used to create new console proxy VMs", null),
 	ConsoleProxySessionMax("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.session.max", "50", "The max number of viewer sessions console proxy is configured to serve for", null),
 	ConsoleProxySessionTimeout("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.session.timeout", "300000", "Timeout(in milliseconds) that console proxy tries to maintain a viewer session before it times out the session for no activity", null),
-	ConsoleProxyDisableRpFilter("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.disable.rpfilter", "false", "disable rp_filter on console proxy VM public interface", null),
+	ConsoleProxyDisableRpFilter("Console Proxy", AgentManager.class, Integer.class, "consoleproxy.disable.rpfilter", "true", "disable rp_filter on console proxy VM public interface", null),
 	
 	// ConsoleProxyURLPort("Console Proxy", ManagementServer.class, Integer.class, "consoleproxy.url.port", "80", "Console proxy port for AJAX viewer", null),
 	
--- a/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
+++ b/server/src/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java
@ -1104,10 +1104,23 @@ public class VirtualNetworkApplianceManagerImpl implements VirtualNetworkApplian
                buf.append(" localgw=").append(dest.getPod().getGateway());
                managementNic = nic;
            } else if (nic.getTrafficType() == TrafficType.Control) {
+            	
                // DOMR control command is sent over management server in VMware
                if (dest.getHost().getHypervisorType() == HypervisorType.VmWare) {
-                    buf.append(" mgmtcidr=").append(_mgmt_host);
-                    buf.append(" localgw=").append(dest.getPod().getGateway());
+                	if(s_logger.isInfoEnabled())
+                		s_logger.info("Check if we need to add management server explicit route to DomR. pod cidr: " + dest.getPod().getCidrAddress() + "/" + dest.getPod().getCidrSize()
+                			+ ", pod gateway: " + dest.getPod().getGateway() + ", management host: " + _mgmt_host);
+                	
+                	if(!NetUtils.sameSubnetCIDR(_mgmt_host, dest.getPod().getGateway(), dest.getPod().getCidrSize())) {
+                    	if(s_logger.isInfoEnabled())
+                    		s_logger.info("Add management server explicit route to DomR.");
+
+                		buf.append(" mgmtcidr=").append(_mgmt_host);
+	                    buf.append(" localgw=").append(dest.getPod().getGateway());
+                	} else {
+                    	if(s_logger.isInfoEnabled())
+                    		s_logger.info("Management server host is at same subnet at pod private network, don't add explict route to DomR");
+                	}
                }

                controlNic = nic;