[ovs-dev] [PATCH 1/2] INSTALL.XenServer, INSTALL.RHEL: Add a note for tunnel firewall rules.

Mon, 15 Apr 2013 10:37:53 -0700 

Signed-off-by: Gurucharan Shetty <gshe...@nicira.com>
---
 INSTALL.RHEL      |    6 ++++++
 INSTALL.XenServer |   13 ++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/INSTALL.RHEL b/INSTALL.RHEL
index eaa2e7c..a698fae 100644
--- a/INSTALL.RHEL
+++ b/INSTALL.RHEL
@@ -101,6 +101,12 @@ RHEL.  On RHEL 5, the default RPM source directory is
     in this example: "kmod-openvswitch", "kmod-openvswitch-debug", and
     "kmod-openvswitch-kdump".
 
+A RHEL host has default firewall rules that prevent any Open vSwitch tunnel
+traffic from passing through. If a user configures Open vSwitch tunnels like
+GRE, VXLAN, LISP etc., they will either have to manually add iptables firewall
+rules to allow the tunnel traffic or add it through a startup script (Please
+refer to the "enable-protocol" command in the ovs-ctl(8) manpage).
+
 Red Hat Network Scripts Integration
 -----------------------------------
 
diff --git a/INSTALL.XenServer b/INSTALL.XenServer
index 7a4dd76..e31788a 100644
--- a/INSTALL.XenServer
+++ b/INSTALL.XenServer
@@ -158,7 +158,10 @@ command.  The plugin script does roughly the following:
         * If XAPI is configured for a manager, configures the OVS
           manager to match with "ovs-vsctl set-manager".
 
-The Open vSwitch boot sequence only configures an OVS configuration
+Notes
+-----
+
+* The Open vSwitch boot sequence only configures an OVS configuration
 database manager.  There is no way to directly configure an OpenFlow
 controller on XenServer and, as a consequence of the step above that
 deletes all of the bridges at boot time, controller configuration only
@@ -166,6 +169,14 @@ persists until XenServer reboot.  The configuration 
database manager
 can, however, configure controllers for bridges.  See the BUGS section
 of ovs-controller(8) for more information on this topic.
 
+* The Open vSwitch startup script automatically adds a firewall rule
+to allow GRE traffic. This rule is needed for the XenServer feature
+called "Cross-Host Internal Networks" (CHIN) that uses GRE. If a user
+configures tunnels other than GRE (ex: VXLAN, LISP), they will have
+to either manually add a iptables firewall rule to allow the tunnel traffic
+or add it through a startup script (Please refer to the "enable-protocol"
+command in the ovs-ctl(8) manpage).
+
 Reporting Bugs
 --------------
 
-- 
1.7.9.5

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to