FWAAS V2 doesn't work with DVR

Salman Khan engrsalmankhan at gmail.com
Wed Aug 21 18:49:29 UTC 2019


Hi Guys,

I asked this question over #openstack-neutron channel but didn't get any
answer, so asking here in a hope that someone might read this email and
reply.

The problem is: I have enabled FWAAS_V2 with DVR and that doesn't seem to
work. I debugged things down to router namespaces and it looks like
iptables rules are applied to rfp-<network-id> interface which doesn't
exist in that namespace. So rules are completely wrong as they are applied
to an interface that doesn't exist, I mean there is rfp-* interface but the
<network-id> that fwaas expecting is not what it should be. I tried
applying the rules to qr-* interfaces in the namespace but that didn't work
as well, packets are dropping on "invalid" state rule. That's probably
because of nat rules from dvr.
Can someone please help me to understand this behaviour. Is it really
suppose to work or not. If there is any bug or fix pending or there is any
work ongoing to support this.


Regards,

Salman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190821/44fb1c54/attachment.html>


More information about the openstack-discuss mailing list