Re: [openstack-dev] [Neutron] VPNaaS and DVR compatibility
Thanks for the link, Sean. No, it doesn't seem to resolve the issue with FWaaS. BTW, I have the following cluster: - OpenStack Kilo (including *aaS) from the latest stable/kilo branches - 2 networks nodes - 1 compute node Ubuntu 14.04, ML2+OVS, vxlan segmentation. All nodes are KVM VMs. So with the patch you provided I observe firewall rules both in SNAT/qrouter namespaces on network nodes, but still no rules on the compute node when instances have floating IPs assigned. So traffic just goes without any restrictions. On Mon, Aug 17, 2015 at 9:15 PM, Sean M. Collins s...@coreitpro.com wrote: On Mon, Aug 17, 2015 at 10:42:18AM EDT, Sergey Kolekonov wrote: BTW, the similar situation is with FWaaS [1] [1] https://bugs.launchpad.net/neutron/+bug/1485509 Can you take a look at the following patch? https://review.openstack.org/203493 If it resolves the issue I may need to re-think my -1, and we may need to restore it. -- Sean M. Collins __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Regards, Sergey Kolekonov __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] VPNaaS and DVR compatibility
BTW, the similar situation is with FWaaS [1] [1] https://bugs.launchpad.net/neutron/+bug/1485509 On Fri, Aug 7, 2015 at 4:07 AM, shihanzhang ayshihanzh...@126.com wrote: I have same question, I have filed a bug on launchpad: https://bugs.launchpad.net/neutron/+bug/1476469, who can help to clarify it? Thanks, Hanzhang, shi At 2015-08-05 00:33:05, Sergey Kolekonov skoleko...@mirantis.com wrote: Hi, I'd like to clarify a situation around VPNaaS and DVR compatibility in Neutron. In non-DVR case VMs use a network node to access each other and external network. So with VPNaaS enabled we just have additional setup steps performed on network nodes to establish VPN connection between VMs. With DVR enabled two VMs from different networks (or even clouds) should still reach each other through network nodes, but if floating IPs are assigned, this doesn't work. So my question is: is it expected and if yes are there any plans to add full support for VPNaaS on DVR-enabled clusters? Thank you. -- Regards, Sergey Kolekonov __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Regards, Sergey Kolekonov __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] VPNaaS and DVR compatibility
On Mon, Aug 17, 2015 at 10:42:18AM EDT, Sergey Kolekonov wrote: BTW, the similar situation is with FWaaS [1] [1] https://bugs.launchpad.net/neutron/+bug/1485509 Can you take a look at the following patch? https://review.openstack.org/203493 If it resolves the issue I may need to re-think my -1, and we may need to restore it. -- Sean M. Collins __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Neutron] VPNaaS and DVR compatibility
I have same question, I have filed a bug on launchpad: https://bugs.launchpad.net/neutron/+bug/1476469, who can help to clarify it? Thanks, Hanzhang, shi At 2015-08-05 00:33:05, Sergey Kolekonov skoleko...@mirantis.com wrote: Hi, I'd like to clarify a situation around VPNaaS and DVR compatibility in Neutron. In non-DVR case VMs use a network node to access each other and external network. So with VPNaaS enabled we just have additional setup steps performed on network nodes to establish VPN connection between VMs. With DVR enabled two VMs from different networks (or even clouds) should still reach each other through network nodes, but if floating IPs are assigned, this doesn't work. So my question is: is it expected and if yes are there any plans to add full support for VPNaaS on DVR-enabled clusters? Thank you. -- Regards, Sergey Kolekonov__ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [Neutron] VPNaaS and DVR compatibility
Hi, I'd like to clarify a situation around VPNaaS and DVR compatibility in Neutron. In non-DVR case VMs use a network node to access each other and external network. So with VPNaaS enabled we just have additional setup steps performed on network nodes to establish VPN connection between VMs. With DVR enabled two VMs from different networks (or even clouds) should still reach each other through network nodes, but if floating IPs are assigned, this doesn't work. So my question is: is it expected and if yes are there any plans to add full support for VPNaaS on DVR-enabled clusters? Thank you. -- Regards, Sergey Kolekonov __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
