Ask Your Question
0

iptables rule in controller blocking the LBAAS functionality!

asked 2016-05-12 03:47:56 -0500

Vinoth gravatar image

Hi,

I have liberty rdo setup up and running. I recently added the LBAAS component to the existing working setup but the LBAAS is not working as expected. I can reach the LBAAS VIP from the VM I have added in the pool. But unable to reach the LBAAS from the router and anywhere.

After analysing we found the below Iptables rules were blocking the traffic to LBAAS VIP.

Chain neutron-linuxbri-sg-fallback (2 references)
num  target     prot opt source               destination
1    DROP       all  --  anywhere             anywhere             / Default drop rule for unmatched traffic. /

Once I remove the above iptable chain then everything working fine. This same chain recreated when I restart the neutron services.

Can anyone help me with any suggestion? Do I wanna add any new iptables rule manually for using LBAAS in openstack controller?

Thanks,

Vinoth

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-05-12 11:18:25 -0500

Vinoth gravatar image

Hi,

Adding "ALLOW' all traffic" rule in the existing Default security has solved the issue for me. In my case, only "default security group" applies to LBAAS demon created.

In normal case whatever the security group we are added to the VMs (member pool VMs) should be applied to the VIP demon as well but In our case, only "default" security group applies.

So the fix is to add the rule in the default security group to allow appropriate traffic.

Thanks,

Vinoth Kumar Selvaraj

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-05-12 03:47:56 -0500

Seen: 144 times

Last updated: May 12 '16