<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
*Chain neutron-l3-agent-scope (1 references)*<span class=""><br>
pkts bytes target prot opt in out source<br>
destination<br></span>
78 4368 *DROP* all * qr-1ee33f03-23 ::/0<span class=""><br>
::/0 mark match ! 0x4000000/0xffff0000<br>
<br>
Packets pass in chain FORWARD -> neutron-filter-top -> neutron-l3-agent-local -><br>
back to FORWARD -> neutron-l3-agent-FORWARD -> neutron-l3-agent-scope -> DROP.<br>
</span></blockquote>
<br>
This looks similar to <a href="https://bugs.launchpad.net/neutron/+bug/1570122" rel="noreferrer" target="_blank">https://bugs.launchpad.net/neu<wbr>tron/+bug/1570122</a><span class=""><br>
<br></span></blockquote><div><br>Thank you Brian, this is the problem. <br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
IPv4 rules is very similar but works. Ipv6 is blocking for some reason.<br>
</blockquote>
<br></span>
Do you have the same mark/match rules with IPv4, they're just not getting hit?<div class=""><div class="h5"><br></div></div></blockquote><div> </div><div>Yes, IPv4 have this rule and works fine. Adding a similar rule manually with ip6tables the traffic traverses the virtual router. <br></div><div> </div></div></div></div>