Contrail

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Firefly service chaining

    Posted 08-11-2014 04:55

    Hi,

     

    I'm trying to get service chaining with a firefly for NAT purpose only. I've followed the process available at http://opencontrail.org/how_to_enable_dynamic_network-based_services however with little luck.

     

    My setup includes 2 x controller / compute nodes. The server sitting in the internal side of the network is in compute node 1, the firewall / nat node is in compute 2. My host is in the public network wich is learned from the MX gateway.

     

    The fw has 3 interfaces: mgmt, left, right.

    Fw as 'transparent' mode, I can see all the flows, access all addresses where applicable.

    If the service is set as 'In-network' I cannot reach any of the addresses however the fw can reach all addresses. This also disables the access to any fw service such as NAT.

     

    The service purpose is to have a host in the public zone to ssh to a server in the internal network.

    I hope the community can help me on this.

     

    Cheers!



  • 2.  RE: Firefly service chaining
    Best Answer

    Posted 08-29-2014 00:56

    I managed to get this fixed by creating a pure L2 vNW between my server and the firewall (running in transparent mode).