subject:"\[onap\-discuss\] Is there a way to confirm correct spin\-up of vFW stack"

Re: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack

2017-06-30 Thread Netaji Surve

Hi Josef,

We faced similar issue while working on vFW scenario. What we observed in our 
case is that the iptables were having filtering rules due to which packets are 
getting filtered.
We cleared the iptable rules on pg, fw, sink by using following commands:

#clear iptables
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

You can check iptables using "iptables -L -v" command.

Second possibility why packets are not flowing is the port security in your 
openstack neutron configuration Is enable. Port security should be disable, you 
will need admin rights for openstack.

Thanks,
Netaji Surve.

From: Avdhut Kholkar
Sent: Friday, June 30, 2017 10:31 AM
To: Netaji Surve 
Subject: FW: [onap-discuss] Is there a way to confirm correct spin-up of vFW 
stack



Regards,
Avdhut Kholkar

From: 
onap-discuss-boun...@lists.onap.org 
[mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Josef Reisinger
Sent: Thursday, June 29, 2017 7:18 PM
To: onap-discuss 
>
Subject: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack

I asked the following uestion below under 
https://wiki.onap.org/questions/8227972/is-there-a-way-to-confirm-correct-spin-up-of-vfw-stack.

I have spun up a stack in Openstack Ocata containing the three VMs for the 
firewall demo. I am able to connect to 
http://:667/ and can see some graphics. But 
there is no traffic at all. I can see in pgn & fwl that there is some VPN setup 
with vpp.. but I cannot see any real traffic on (un)protected_network.

I used

curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: 
application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 
9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": 
[{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", 
"is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", 
"is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"},{"id":"fw_udp6", 
"is-enabled":"true"},{"id":"fw_udp7", "is-enabled":"true"},{"id":"fw_udp8", 
"is-enabled":"true"},{"id":"fw_udp9", "is-enabled":"true"},{"id":"fw_udp10", 
"is-enabled":"true"}]}}' 
"http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams;

to trigger some messages ... with no success. Is there any documentation 
available which helps to understand what the vFW stack does?

Mit freundlichen Grüßen / Kind regards
Josef Reisinger
When wisdom comes to call, there's nobody listening at all - Pendragon / Man Of 
Nomadic Traits

IBM Sales & Distribution, Communications Sector
Certified IT-Architect Telecommunications
IBM Certified Telecommunications Industry ITA
Lehrbeauftragter an der Hochschule Fresenius

IBM Deutschland
Godesberger Allee 127
53175 Bonn Beuel

Phone:+49 151 1426 4559
Mobile:  +49-(0) 151 1426 4559
E-Mail:  josef.reisin...@de.ibm.com





This message and the information contained herein is proprietary and 
confidential and subject to the Amdocs policy statement,

you may review at https://www.amdocs.com/about/email-disclaimer 

___
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss

Re: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack

2017-06-29 Thread PLATANIA, MARCO (MARCO)

Hi Josef,

I replied to your comment. Please see below.

Please make sure that your OpenStack security group has the ports open like this
Ingress

IPv4

TCP

1 - 65535

0.0.0.0/0

-

Delete Rule


Ingress

IPv4

TCP

22 (SSH)

0.0.0.0/0

-

Delete Rule


Ingress

IPv4

UDP

1 - 65535

0.0.0.0/0

-

Delete Rule


Ingress

IPv4

UDP

53

0.0.0.0/0

-

Also, could you run these commands:
in the packet generator: tcpdump -i eth1
in the firewall: tcpdump -i eth2
You should see traffic flowing through:
14:16:11.384577 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 
120
14:16:11.484337 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 
120
14:16:11.584315 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 
120
14:16:11.684496 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 
120
14:16:11.784383 IP 192.168.10.200.15320 > 192.168.20.250.http-alt: UDP, length 
120

Please let us know.

Marco

From:  on behalf of Josef Reisinger 

Date: Thursday, June 29, 2017 at 9:47 AM
To: onap-discuss 
Subject: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack

I asked the following uestion below under 
https://wiki.onap.org/questions/8227972/is-there-a-way-to-confirm-correct-spin-up-of-vfw-stack.

I have spun up a stack in Openstack Ocata containing the three VMs for the 
firewall demo. I am able to connect to http://:667/ and can see some 
graphics. But there is no traffic at all. I can see in pgn & fwl that there is 
some VPN setup with vpp.. but I cannot see any real traffic on 
(un)protected_network.

I used

curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: 
application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 
9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": 
[{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", 
"is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", 
"is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"},{"id":"fw_udp6", 
"is-enabled":"true"},{"id":"fw_udp7", "is-enabled":"true"},{"id":"fw_udp8", 
"is-enabled":"true"},{"id":"fw_udp9", "is-enabled":"true"},{"id":"fw_udp10", 
"is-enabled":"true"}]}}' 
"http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams"

to trigger some messages ... with no success. Is there any documentation 
available which helps to understand what the vFW stack does?

Mit freundlichen Grüßen / Kind regards
Josef Reisinger
When wisdom comes to call, there's nobody listening at all - Pendragon / Man Of 
Nomadic Traits

IBM Sales & Distribution, Communications Sector
Certified IT-Architect Telecommunications
IBM Certified Telecommunications Industry ITA
Lehrbeauftragter an der Hochschule Fresenius

IBM Deutschland
Godesberger Allee 127
53175 Bonn Beuel

Phone:+49 151 1426 4559
Mobile:  +49-(0) 151 1426 4559
E-Mail:  josef.reisin...@de.ibm.com





___
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss

[onap-discuss] Is there a way to confirm correct spin-up of vFW stack

2017-06-29 Thread Josef Reisinger

I asked the following uestion below under 
https://wiki.onap.org/questions/8227972/is-there-a-way-to-confirm-correct-spin-up-of-vfw-stack
.

I have spun up a stack in Openstack Ocata containing the three VMs for the 
firewall demo. I am able to connect to http://:667/ and can see 
some graphics. But there is no traffic at all. I can see in pgn & fwl that 
there is some VPN setup with vpp.. but I cannot see any real traffic on 
(un)protected_network.
I used
curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: 
application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 
9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": 
[{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", 
"is-enabled":"true"},{"id":"fw_udp3", 
"is-enabled":"true"},{"id":"fw_udp4", 
"is-enabled":"true"},{"id":"fw_udp5", 
"is-enabled":"true"},{"id":"fw_udp6", 
"is-enabled":"true"},{"id":"fw_udp7", 
"is-enabled":"true"},{"id":"fw_udp8", 
"is-enabled":"true"},{"id":"fw_udp9", 
"is-enabled":"true"},{"id":"fw_udp10", "is-enabled":"true"}]}}' "
http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams
"
to trigger some messages ... with no success. Is there any documentation 
available which helps to understand what the vFW stack does?

Mit freundlichen Grüßen / Kind regards 
Josef Reisinger 
When wisdom comes to call, there's nobody listening at all - Pendragon / 
Man Of Nomadic Traits 
IBM Sales & Distribution, Communications Sector
Certified IT-Architect Telecommunications
IBM Certified Telecommunications Industry ITA
Lehrbeauftragter an der Hochschule Fresenius
IBM Deutschland 
Godesberger Allee 127 
53175 Bonn Beuel
Phone:+49 151 1426 4559 
Mobile:  +49-(0) 151 1426 4559 
E-Mail:  josef.reisin...@de.ibm.com 





___
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss

Re: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack

Re: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack

[onap-discuss] Is there a way to confirm correct spin-up of vFW stack

3 matches

Site Navigation

Mail list logo

Footer information