On 29/07/2019 17:38, thuanlk@viettel.com.vn wrote:
I have installed Openstack Queens on CentOs 7 with OvS and I recently used the native openvswitch firewall to implement SecusiryGroup. The native OvS firewall seems to work just fine with TCP/UDP traffic but it does not forward any SCTP traffic going to the VMs no matter how I change the security groups, But it run if i disable port security completely or use iptables_hybrid firewall driver. What do I have to do to allow SCTP packets to reach the VMs?
You need to load kernel module for netfilter that supports sctp. Depending on the kernel you're using, it could be either compiled in or compiled as a module. You can try to modprobe ip_conntrack_proto_sctp to see if it fixes the issue for you. Kuba