[openstack-dev] [Neutron] VPNaaS and DVR compatibility

Sergey Kolekonov skolekonov at mirantis.com
Thu Aug 20 11:15:57 UTC 2015


Thanks for the link, Sean.

No, it doesn't seem to resolve the issue with FWaaS.
BTW, I have the following cluster:
- OpenStack Kilo (including *aaS) from the latest stable/kilo branches
- 2 networks nodes
- 1 compute node
Ubuntu 14.04, ML2+OVS, vxlan segmentation.
All nodes are KVM VMs.

So with the patch you provided I observe firewall rules both in
SNAT/qrouter namespaces on network nodes, but still no rules on the compute
node when instances have floating IPs assigned.
So traffic just goes without any restrictions.

On Mon, Aug 17, 2015 at 9:15 PM, Sean M. Collins <sean at coreitpro.com> wrote:

> On Mon, Aug 17, 2015 at 10:42:18AM EDT, Sergey Kolekonov wrote:
> > BTW, the similar situation is with FWaaS [1]
> >
> > [1] https://bugs.launchpad.net/neutron/+bug/1485509
>
> Can you take a look at the following patch?
>
> https://review.openstack.org/203493
>
> If it resolves the issue I may need to re-think my -1, and we may need
> to restore it.
>
> --
> Sean M. Collins
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Regards,
Sergey Kolekonov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150820/ad083e96/attachment.html>


More information about the OpenStack-dev mailing list