Anda, I don't run Openstack but I think the router you are looking for isn't applicable with Contrail. Contrail has routers, but they are installed on every compute node as a 'vRouter', much like a vSwitch from VMware or OVS. The difference is that in addition to the layer 2 switching, the vRouter also routes traffic between virtual networks. When you add a policy that defines SRC A can talk to SRC B, the appropriate routes are automatically imported for you.
Your traffic flow sounds like it's working as intended. When you create a permitted flow from VN1_SRV->VN2_SRV, the return flow from VN2_SRV->VN1_SRV is automatically generated for you. HTH, Doug On Fri, Jul 21, 2017 at 2:48 AM, Anda Nicolae <anico...@lenovo.com> wrote: > Hello, > > > > I have a setup of 4 VMs: one OpenStack node, one Contrail controller node > and 2 Contrail compute nodes. > > Contrail version I am using is 3.2.4.0 version. All the 4 VMs use CentOS > 7.2. > > > > I have created 2 virtual networks, VN1 and VN2. I have also created 2 > virtual machines, VM1 having an IP address from VN1 and VM2 having an IP > address from VN2. > > By default, ping between VM1 and VM2 is not working since VNs in Contrail > are isolated from one another. > > > > I have added a network policy : Protocol : ANY, Source VN1, Destination > VN2, unidirectional (from VN1 to VN2 only), port: ANY. > > I added the policy to both VN1 and VN2 and ping is working. > > > > My questions are: > > 1. Is it normal that echo request (from ping) arrives at its destination > since I have 2 virtual networks that are not connected via a router, but > have a network policy? > > 2. Why does echo reply (from ping) arrive at its destination, since the > network policy is unidirectional (from VN1 to VN2 only)? > > > > > > Thanks, > > Anda > > _______________________________________________ > Dev mailing list > Dev@lists.opencontrail.org > http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org > > -- *Doug Lardo *// *Riot Games* // c: 818.620.7046 // summoner: Riot Antares Q: Why is this email 5 sentences or less? A: http://five.sentenc.es
_______________________________________________ Dev mailing list Dev@lists.opencontrail.org http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org
