Ask Your Question

Forwarding between two instances via shorewall over VXLAN

asked 2014-11-18 10:50:32 -0500

bishoy gravatar image

updated 2014-11-21 10:17:46 -0500

smaffulli gravatar image

HI All, I have my openstack network type VXLAN and for some reason I have an instance connected to the a private network which is routed to external one and another interface in a single private network not reachable to the external one.

This instance has a shorewall and forwards traffic from and to the single private network and the instances in there.

So the problem is that when you try to ping from any instance on the single private network it reaches the machine "the one that acts as a firewall" but the ping doesn't come back to the instance.

I believe that these data is dropped because I am using VXLAN and what actually happens that the ping starts from the first vxlan(single private net) and goes to firewall(the other vxlan network routed to external) and then when it comes back the neutron drop it because it's from the different vxlan than the one is routed to the external. But I am not sure if that true? I'm thinking of connecting the two networks in a bridge but this is really not practical.

I believe that the only was to fix that is to use GRE tunnels and This is not acceptable. Gre tunnels is unreliable networking for production. Any suggestions??

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-06-27 05:55:45 -0500

Bellow gravatar image

Does any one have feedback on that? Has anyone come across similar issue?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-11-18 10:50:32 -0500

Seen: 1,513 times

Last updated: Nov 21 '14