Hi guys, we are deploying: havana + OVS on vlan mode + neutron using this EXACT production schema : http://docs.openstack.org/network-admin/admin/content/figures/2/figures/under-the-hood-scenario-2-ovs-compute.png Since we are using this schema, im gonna reffer about devices as they are named in the picture. When an instance gets created, the network defined uses the GW where the vlan is created on a switch, so when the VM tries to access any other network packets go through all the taps, and bridges inside de compute and get to the default gw where it gets routed. Regarding metadata, the instances cant access the metadata, so i issue the regular DNAT iptables rule to be able to acces it : iptables -t nat -A neutron-openvswi-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination [CONTROLLER-IP]:8775 I see the original package exit the TAP, the DNATED package incoming the qbrXXX but the package never hits the qvbXXXX interface and we dont have an idea why, since it doesnt seems to be an iptables issue. can anyone help me ? * alejandrito @catintheroof* -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20131115/d90ba288/attachment.html>
