Enabling connection between VTEP and MidoNet hosts

By default Neutron includes a security rule on all networks that restricts forwarding only to traffic addressed to IP/MAC of VMs on that network.

By binding a network to physical ports in a VTEP, we’re effectively adding hosts to the L2 segment of this Neutron network that Neutron itself does not know about, and thus traffic addressed to these physical hosts will be dropped.

The following procedure describes changes ton the default ingress security rule in order to allow traffic to hosts on the VTEP.

  1. In the MidoNet CLI find out what the ingress default security rule is by issuing this command:

    midonet> list chain
    chain chain0 name OS_SG_64d9f3df-9875-4896-ad0c-ffc5bba84c5e_INGRESS
    chain chain1 name OS_SG_64d9f3df-9875-4896-ad0c-ffc5bba84c5e_EGRESS
    ...

    Locate the ingress security rule that is assigned to the neutron network. In this case, we’ll use chain0 (OS_SG_64d9f3df-9875-4896-ad0c-ffc5bba84c5e_INGRESS) rule chain, the ingress chain.

  2. List the rules that implement this security rule by issuing this command:

    midonet> chain chain0 list rule
    rule rule0 ethertype 2048 proto 0 tos 0 ip-address-group-src ip-address-group0 fragment-policy unfragmented pos 1 type accept
    rule rule1 ethertype -31011 proto 0 tos 0 ip-address-group-src ip-address-group0 fragment-policy unfragmented pos 2 type accept

    The security group that is responsible for controlling ICMP packets (ethertype 2048=IP) is ip-address-group0.

  3. Now, go ahead and add the IP address of the host on the VTEP to the security group ip-address-group0.

    For example, if the IP address of the host is 172.16.0.3, issue this command:

    midonet> ip-address-group ip-address-group0 add ip address 172.16.0.3
    address 172.16.0.3

You should now be able to ping a host in MidoNet from host 172.16.0.3 on the VTEP (providing they are in the same tunnel zone).

Questions? Discuss on Mailing Lists or Chat.
Found an error? Report a bug.


loading table of contents...