Hello, ### Use case description
Contrail version: 2.20-64 Openstack release: Juno Based on this description https://bugs.launchpad.net/opencontrail/+bug/1365277 I'd like to create a service chain using that scenario VN1---SC1x---VNx---SC2x---VN2. Exactly this bidirectional policy between netA/netB and netD/netE was set up. netA/netB - vnf(FW) - netC - vnf(IDS) - netD/netE I've created following policy: PASS: netA/netB IP(ANY) PORT(ANY) <> netD/netE IP(ANY) PORT(ANY): APPLY SERVICE (FW) (IDS). Each network netX has assigned route target. netB has assigned flag ALLOW_TRANSIT Networks with appropriate configuration, VNFs and network policies were created by contrail heat templates. ### Problem description The packets coming from netA and received on vrouter to which vnf(IDS) is connected to are dropped with "Invalid source" message. Can you let me know should this scenario work with Contrail 2.2? I need only guidelines how to set up it. ### Additional information I've tested below scenario with a success. netA - vnf(FW) - netD - netA - vnf(IDS) - netD BUT unfortunately I need to forward traffic between more than two networks (netA/netB <> netD/netE) without creation of another network policy and pair of VNFs (like this one: netB - vnf(FW) - netE - netB - vnf(IDS) - netE). -- Wojciech Sronek
_______________________________________________ Users mailing list [email protected] http://lists.opencontrail.org/mailman/listinfo/users_lists.opencontrail.org
