[neutron] OpenvSwitch firewall sctp getting dropped
jlibosva at redhat.com
Mon Jul 29 20:31:56 UTC 2019
On 29/07/2019 17:38, thuanlk at viettel.com.vn wrote:
> I have installed Openstack Queens on CentOs 7 with OvS and I recently used
> the native openvswitch firewall to implement SecusiryGroup. The native OvS
> firewall seems to work just fine with TCP/UDP traffic but it does not
> forward any SCTP traffic going to the VMs no matter how I change the
> security groups, But it run if i disable port security completely or use
> iptables_hybrid firewall driver. What do I have to do to allow SCTP packets
> to reach the VMs?
You need to load kernel module for netfilter that supports sctp.
Depending on the kernel you're using, it could be either compiled in or
compiled as a module. You can try to
to see if it fixes the issue for you.
More information about the openstack-discuss