Forwarding between two instances via shorewall over VXLAN

asked 2014-11-18 10:50:32 -0600

bishoy gravatar image

updated 2014-11-21 10:17:46 -0600

smaffulli gravatar image

HI All, I have my openstack network type VXLAN and for some reason I have an instance connected to the a private network which is routed to external one and another interface in a single private network not reachable to the external one.

This instance has a shorewall and forwards traffic from and to the single private network and the instances in there.

So the problem is that when you try to ping from any instance on the single private network it reaches the machine "the one that acts as a firewall" but the ping doesn't come back to the instance.

I believe that these data is dropped because I am using VXLAN and what actually happens that the ping starts from the first vxlan(single private net) and goes to firewall(the other vxlan network routed to external) and then when it comes back the neutron drop it because it's from the different vxlan than the one is routed to the external. But I am not sure if that true? I'm thinking of connecting the two networks in a bridge but this is really not practical.

I believe that the only was to fix that is to use GRE tunnels and This is not acceptable. Gre tunnels is unreliable networking for production. Any suggestions??

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-06-27 05:55:45 -0600

Bellow gravatar image

Does any one have feedback on that? Has anyone come across similar issue?

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-11-18 10:50:32 -0600

Seen: 1,541 times

Last updated: Nov 21 '14