Re: [Openstack] [neutron] User documentation for Neutron's Firewall-as-a-Service (FWaaS)?

2016-01-12 Thread James Denton
Old (and undesirable) behavior was to apply the ‘firewall’ with all tenant routers. Using --router allows you to apply the ‘firewall’ with one or more specified routers. IIRC, there’s nothing special needed to utilize this other than to have the FWaaS driver and extension enabled. James > On

Re: [Openstack] [neutron] User documentation for Neutron's Firewall-as-a-Service (FWaaS)?

2016-01-12 Thread Mike Spreitzer
> From: Matt Kassawara > To: Mike Spreitzer/Watson/IBM@IBMUS > Cc: "openstack@lists.openstack.org" > Date: 01/12/2016 12:16 PM > Subject: Re: [Openstack] [neutron] User documentation for Neutron's > Firewall-as-a-Service (FWaaS)? > > Not really... :/ > > On Tue, Jan 12, 2016 at 9:43 AM, Mike S

Re: [Openstack] [neutron] User documentation for Neutron's Firewall-as-a-Service (FWaaS)?

2016-01-12 Thread Matt Kassawara
Not really... :/ On Tue, Jan 12, 2016 at 9:43 AM, Mike Spreitzer wrote: > Is there any user documentation for FWaaS besides > *http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview* >

[Openstack] [neutron] User documentation for Neutron's Firewall-as-a-Service (FWaaS)?

2016-01-12 Thread Mike Spreitzer
Is there any user documentation for FWaaS besides http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview ? That one is a bit skimpy and, I suspect, a little outdated. For example, `neutron help firewall-create` mentions an option, `--rout

[Openstack] security groups not working on one compute node

2016-01-12 Thread Akshay Kumar Sanghai
Hi, I am running a kilo openstack setup with 3 nodes, 1 controller and 2 compute. Suppose i have 2 VMs , vm1 on compute node1 and vm2 on compute node2 . When i change the security groups for vm1 when vm is running ,then i can see the change is implemented. But for vm2 ,change is not implemented whi

[Openstack] [Issue in case of multi neutron server]

2016-01-12 Thread Nguyen Hoai Nam
Hi everyone. I have a problem when I build environment with multi neutron server: This is topology: http://codepad.org/ff0debPB After I built topology. I can create subnets on only one network that duplicated CIDR. AT SAME TIMMING. How to reproduce: Step 1: Create a network $ neutron net-create

[Openstack] Weird ARP responses in a Neutron managed openvswitch environment

2016-01-12 Thread Steffens, Michael
Hello, does anyone have an idea what the following failure could be caused by? In summary: guest VMs connected to a tenant network are receiving bogus ARP responses. These are mapping unused IP addresses to virtual bridge ports belonging to other ports on the same compute host. We are using Ki

Re: [Openstack] [keystone] syslog message format for API calls?

2016-01-12 Thread Simon Pasquier
Hi John, AFAIK the answer is no. If you run Keystone with Apache then you can get the API calls from the Apache access logs. Regards, Simon On Tue, Jan 12, 2016 at 7:09 AM, John Stanford wrote: > Hi, > > I’m trying to sort out a Kilo Keystone log formatting issue. Other > services (nova, cinder