[openstack-dev] [neutron] vxlan port iptables configuration
Kevin Benton
blak111 at gmail.com
Sat Sep 20 00:06:00 UTC 2014
This is the responsibility of the deployment tool. The iptables
firewall driver only handles firewall rules for the VM ports.
On Fri, Sep 19, 2014 at 6:28 AM, Andreas Scheuring
<scheuran at linux.vnet.ibm.com> wrote:
> Hi
> I just was playing around with various neutron-openvswitch-agent vxlan
> configurations. The default port for vxlan traffic is 4789. I had
> expected that when the neutron-openvswitch-agent reads the configured
> vxlan port (or gets the default) it also would add an iptables rule to
> allow incoming traffic via this port. But this did not happen.
>
>
> Is it because such an iptables setup is to be considered as hypervisor
> setup which is not done by openstack? Or should this be the job of the
> firewall driver (in my case ovshybridiptablesfirewall driver)?
>
> Any thoughts on this?
>
> Thanks
>
>
> --
> Andreas
> (irc: scheuran)
>
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Kevin Benton
More information about the OpenStack-dev
mailing list