Open Stack

Hi Salman,

On 8/21/19 2:49 PM, Salman Khan wrote:
> Hi Guys,
> 
> I asked this question over #openstack-neutron channel but didn't get any 
> answer, so asking here in a hope that someone might read this email and 
> reply.
> The problem is: I have enabled FWAAS_V2 with DVR and that doesn't seem 
> to work. I debugged things down to router namespaces and it looks like 
> iptables rules are applied to rfp-<network-id> interface which doesn't 
> exist in that namespace. So rules are completely wrong as they are 
> applied to an interface that doesn't exist, I mean there is rfp-* 
> interface but the <network-id> that fwaas expecting is not what it 
> should be. I tried applying the rules to qr-* interfaces in the 
> namespace but that didn't work as well, packets are dropping on 
> "invalid" state rule. That's probably because of nat rules from dvr.
> Can someone please help me to understand this behaviour. Is it really 
> suppose to work or not. If there is any bug or fix pending or there is 
> any work ongoing to support this.

Can you tell what version of neutron/neutron-fwaas you are using?

Short of that I believe it should work, the only bug I found that seems 
related and was fixed recently (end of 2018) was 
https://bugs.launchpad.net/neutron/+bug/1762454 so maybe take a look at 
that and see if is the same thing.

Otherwise maybe someone on the Fwaas team has seen it?

-Brian