[Chilli] Coova-Chilli Multi Tenanency Mode

[Luis Ferreira]

Hello everyone. This is my first message to the great Coova community, so
I'll start by give a little help, but describing the same problem in more
detail, my actual fix and a request for a fix/workaround

 

The problem that you are describing is because at start up time, it did not
managed to create all the required iptables rules. For each VLAN, it should
create:

 

-A FORWARD -o vlan10 -j DROP

-A FORWARD -i vlan10 -j DROP 

 

And also

 

-A FORWARD -i tun0 ! -o eth1 -j DROP

-A FORWARD -o tun0 -j ACCEPT

-A FORWARD -i tun0 -j ACCEPT

 

In my implementation, it normally fail to create all the iptables rules
uppon startup. For that reason, I have to apply the following very dirty
solution.

That problem normally appears only at boot time. What I do is

killall -v chilli

and

/etc/init.d/chilli start

to start all of them the proper way.

After that, I've check with iptables if for each vlan, it created 2 rules
regarding vlanXXX and 3 rules regarding tunXXX

 

I would apreciate if someone has a fix/workaround for that, like a different
startup script that would check if all the instances started correctly.

 

 

Best regards,

Luis Ferreira

 

De: chilli-bounces at coova.org [mailto:chilli-bounces at coova.org] Em nome de
Russell Mike
Enviada: quarta-feira, 6 de Fevereiro de 2013 10:58
Para: chilli list; David Bird
Assunto: [Chilli] Coova-Chilli Multi Tenanency Mode

 

Dear David & Community Members Greetings,

This discussion is with respect to that, how to make sure all instances are
up for "CoovaChilli" in multi tenant environment after hardware server
reboots. 

1.) This is ISP environment. We have 10 Coovachill instances running (Multi
Tenanency) using (VLANs 10,20,30,40,50,60,70,80,90,100). When system reboot,
all daemons comes up just fine and start serving users by presenting login
page. We are very very happy from Coova-Chilli implementation. 

2.) BUT SOMETIMES when system reboot and after it has comes up. For example
VLAN30 would not present login page, other NINE(9) instances would be just
fine, working as expected. Then i restart Chilli daemon as solution. Now,
all 10 daemons would come up and start serving just fine again. 

2a) BUT SOMETIME, when i apply the solution (restart Chill daemon) one of
them would not present login page again (it is random VLAN (Sometime
30/80/20 etc..)). 

For example: i restarted the service earlier because VLAN 90 was not
presenting login page, after restart VLAN60 daemon is not presenting login
page. Problem is recoverable, by restarting service more than once.

2b.) When a instance would not present login page. Same time i see that, it
is mounted & listening on the port ("netstat") stuff looks obvious from that
point of view. Tunnel would be created as well, all stuff belongs to that
VLAN (that is not serving web page) exists under "/var/run'chilli* (pid,
ipc, socket, bash script). 

HOW I AM DOING IT: 

Now whenever the Chilli Server is restarted, i manually browse & check if
all daemons are presenting login pages. But eventually, we going to run
minimum 120 daemons. it would not possible to browse 120 pages after every
reboot. Is there better way to handle it? or what could be the auto fix? i
was thinking something like a script that can check the functionality, if
everything did not up restart the daemon again. i understand that we do not
restart data center servers everyday but it happens sometimes due to the
power outage or UPS failed or generator did not come up on time etc.

Thanks / Regards 

RM --- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130206/d6bc189b/attachment.html>