[Openstack-operators] How Do I allow IP protocols other than TCP, UDP, or ICMP (such as GRE)through my security group?

Zhang, Kimi (NSN - CN/Cheng Du) kimi.zhang at nsn.com
Wed Aug 14 08:49:41 UTC 2013


Some protocols like SCTP are neither TCP nor UDP, can not match security group setting.

A workaround it to encapsulate those packets into normal TCP/UDP packets by some tunneling/VPN protocols, such as L2TP/IPsec VPN.


Kimi Zhang
+86 186 0800 8182

From: ext Adam Young [mailto:ayoung at redhat.com]
Sent: Wednesday, August 14, 2013 5:58 AM
To: openstack-operators at lists.openstack.org
Subject: Re: [Openstack-operators] How Do I allow IP protocols other than TCP, UDP, or ICMP (such as GRE)through my security group?

On 08/13/2013 04:51 PM, Steven Barnabas wrote:

I have a basic Grizzly installation following these instructions.https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_SingleNode/OpenStack_Grizzly_Install_Guide.rst

Everything is working great, however....

I am trying to send some traffic via a gre tunnel to an IP address of an interface on my instance. This traffic is neither TCP or UDP. How do I allow this traffic through my security group since I can only select TCP, UDP, or ICMP. Is there a allow any any command?


What protocol are you using?  Chances are it is either TCP or UDP.  HTTP is TCP.




Thank you.




Steven Barnabas
Network Engineer
Front Porch, Inc.
209-288-5580
209-652-7733 mobile
www.frontporch.com<http://www.frontporch.com/>







_______________________________________________

OpenStack-operators mailing list

OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130814/70f87dd2/attachment.html>


More information about the OpenStack-operators mailing list