Problem with the VNet Firewall

Ah, of course - If you're using EVPN you need to allow traffic for the underlay network in the forward chain.. since otherwise packets won't get forwarded to the other node where the VM is hosted.
 
shanreich said:
Ah, of course - If you're using EVPN you need to allow traffic for the underlay network in the forward chain.. since otherwise packets won't get forwarded to the other node where the VM is hosted.
Click to expand...
ok....

What should those rules look like? I also noticed that now even disabling fw at the DC level no traffic is allowed. This did work before.
 
It'd be really nice to get a picture of your configuration at this point:

Code: 
cat /etc/pve/sdn/firewall/*.fw
cat /etc/pve/firewall/cluster.fw

# from both nodes
cat /etc/network/interfaces.d/sdn
cat /etc/frr/frr.conf

ip a
ip r

cat /etc/pve/sdn/local/host.fw
 
AlexBaldwin said:
Shane, Should I open this as a ticket under my support agreement?
Click to expand...
Sorry for my silence, I was a bit busy the last few days. I took a quick look at the network configuration and nothing stood out immediately. We might have to do some additional debugging via nft monitor. If this is a critical issue then please open a support ticket.
 
I don't know anything about NFT, but i can open a ticket if your not available to continue, I just didn't know what of this stuff support will address and which is pre-support
 
You must log in or register to reply here.
Top Bottom
Back