ISSUE TYPE

• Bug Report

COMPONENT NAME

VR + VNF

CLOUDSTACK VERSION

4.19.1

CONFIGURATION

Advanced Networking
VPC
VNF + L2 Network

OS / ENVIRONMENT

SUMMARY

We have 1 VPC and 1 L2 Network connected together with a VNF (PFsense) in between.

Results Summary:

• Test 1: From L2 VM (10.26.8.230) to VPC VM (10.26.1.250) - PASS
• Test 2: From VPC VM (10.26.1.250) to L2 VM (10.26.8.230) - FAILED
• Test 3: From L2 VM (10.26.8.230) to Private Gateway VM (10.88.5.82) - PASS
• Test 4: From Private Gateway VM (10.88.5.82) to L2 VM (10.26.8.230) - FAILED

Background:
We’ve allowed any on the VNF firewall rules as attached in the screenshot below:

Traffic is allowed any on 10.26.1.254 interface

Traffic is allowed any on 10.26.8.254

We then run some tests.

Test 1: From L2 VM (10.26.8.230) to VPC VM (10.26.1.250)

Results: Ping and traceroute test from 10.26.8.230 to 10.26.1.250 works as expected. (PASS)

Test 2: From VPC VM (10.26.1.250) to L2 VM (10.26.8.230)

Results: Ping and traceroute test from 10.26.1.250 to 10.26.8.230 is not possible (FAILED)

Test 3: From L2 VM (10.26.8.230) to Private Gateway VM (10.88.5.82)

Results: Ping and traceroute test from 10.26.8.230 to 10.88.5.82 works as expected (PASS)

Test 4: From Private Gateway VM (10.88.5.82) to L2 VM (10.26.8.230)

Results: Ping and traceroute test from 10.88.5.82 to 10.26.8.230 does not work (FAILED)

We've been trying to debug Tests 2 and 4 for a while now with no sucess. Anyone has any ideas?
Or is Cloudstack designed not to allow this to be possible?

STEPS TO REPRODUCE

NA

EXPECTED RESULTS

Tests 2 and 4 should be able to work

ACTUAL RESULTS

Tests 2 and 4 does not work