On 08/31/2016 07:00 AM, Jorge Luiz Correa wrote:
*Chain neutron-l3-agent-scope (1 references)*
pkts bytes target prot opt in out source
destination
78 4368 *DROP* all * qr-1ee33f03-23 ::/0
::/0 mark match ! 0x4000000/0xffff0000
Packets pass in chain FORWARD -> neutron-filter-top ->
neutron-l3-agent-local ->
back to FORWARD -> neutron-l3-agent-FORWARD -> neutron-l3-agent-scope ->
DROP.
This looks similar to https://bugs.launchpad.net/neutron/+bug/1570122
<https://bugs.launchpad.net/neutron/+bug/1570122>
Thank you Brian, this is the problem.
IPv4 rules is very similar but works. Ipv6 is blocking for some reason.
Do you have the same mark/match rules with IPv4, they're just not getting
hit?
Yes, IPv4 have this rule and works fine. Adding a similar rule manually with
ip6tables the traffic traverses the virtual router.
So is the ip6tables rule just wrong? Feel free to add any info to the bug that
might help fix this.
Thanks,
-Brian
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
