Good Morning Ask Openstack,

Today I have a fairly major problem, I have to instances on my openstack setup both attached to the same networks (BlueReef-PublicNet and BlueReef-ServiceNet). Instance A is setup to be a gateway for network trafice and instance is setup to use A as it's default gateway via BlueReef-ServiceNet.

When I try to do anything internet based I can see the traffic passing through the gateway, out the other side and the response coming back to the gateway, the gateway sends it back to instance B but it never gets there.

Some where along the way the packets are being dropped on BlueReef-ServiceNet but that thing is, if I do a ping or arping to or from the gateway I get a response perfectly fine.

The network in my setup are VLANs, BlueReef-Public net being VLAN 500 and is an external network, BlueReef-Service net is VLAN 501 and doesn't touch the internet what so ever.

If anyone at all can help here I would much appreciate it!



What is the reason not to create Neutron router ?

Create external network matching BlueReef-PublicNet and gateway to external on the router (VLAN)
Create tenant's network via neutron CLI and attach as interface to router (VLAN)
The reason we aren't using a neutron router is because we are testing a product that is supposed to handle the traffic coming through

Did you find a solution? I have the same problem here: https://ask.openstack.org/en/question...

From what I remember, the issue originated from protects implemented by Neutron on the TAP interface to prevent MAC and IP address spoofing. We no longer face the issue because we have turned off security groups and firewalling.

