Contrail

 View Only
last person joined: 12 days ago 

Get answers on the Contrail portfolio and share your expertise.
  • 1.  Firefly service chaining

    Posted 08-11-2014 04:55

    Hi,

     

    I'm trying to get service chaining with a firefly for NAT purpose only. I've followed the process available at http://opencontrail.org/how_to_enable_dynamic_network-based_services however with little luck.

     

    My setup includes 2 x controller / compute nodes. The server sitting in the internal side of the network is in compute node 1, the firewall / nat node is in compute 2. My host is in the public network wich is learned from the MX gateway.

     

    The fw has 3 interfaces: mgmt, left, right.

    Fw as 'transparent' mode, I can see all the flows, access all addresses where applicable.

    If the service is set as 'In-network' I cannot reach any of the addresses however the fw can reach all addresses. This also disables the access to any fw service such as NAT.

     

    The service purpose is to have a host in the public zone to ssh to a server in the internal network.

    I hope the community can help me on this.

     

    Cheers!



  • 2.  RE: Firefly service chaining
    Best Answer

    Posted 08-29-2014 00:56

    I managed to get this fixed by creating a pure L2 vNW between my server and the firewall (running in transparent mode).