Hi Josef, We faced similar issue while working on vFW scenario. What we observed in our case is that the iptables were having filtering rules due to which packets are getting filtered. We cleared the iptable rules on pg, fw, sink by using following commands:
#clear iptables iptables -F iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT You can check iptables using "iptables -L -v" command. Second possibility why packets are not flowing is the port security in your openstack neutron configuration Is enable. Port security should be disable, you will need admin rights for openstack. Thanks, Netaji Surve. From: Avdhut Kholkar Sent: Friday, June 30, 2017 10:31 AM To: Netaji Surve <netaji.su...@amdocs.com> Subject: FW: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack Regards, Avdhut Kholkar From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of Josef Reisinger Sent: Thursday, June 29, 2017 7:18 PM To: onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: [onap-discuss] Is there a way to confirm correct spin-up of vFW stack I asked the following uestion below under https://wiki.onap.org/questions/8227972/is-there-a-way-to-confirm-correct-spin-up-of-vfw-stack. I have spun up a stack in Openstack Ocata containing the three VMs for the firewall demo. I am able to connect to http://<sink-ip>:667/<http://%3csink-ip%3e:667/> and can see some graphics. But there is no traffic at all. I can see in pgn & fwl that there is some VPN setup with vpp.. but I cannot see any real traffic on (un)protected_network. I used curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"},{"id":"fw_udp6", "is-enabled":"true"},{"id":"fw_udp7", "is-enabled":"true"},{"id":"fw_udp8", "is-enabled":"true"},{"id":"fw_udp9", "is-enabled":"true"},{"id":"fw_udp10", "is-enabled":"true"}]}}' "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams" to trigger some messages ... with no success. Is there any documentation available which helps to understand what the vFW stack does? Mit freundlichen Grüßen / Kind regards Josef Reisinger When wisdom comes to call, there's nobody listening at all - Pendragon / Man Of Nomadic Traits IBM Sales & Distribution, Communications Sector Certified IT-Architect Telecommunications IBM Certified Telecommunications Industry ITA Lehrbeauftragter an der Hochschule Fresenius IBM Deutschland Godesberger Allee 127 53175 Bonn Beuel Phone: +49 151 1426 4559 Mobile: +49-(0) 151 1426 4559 E-Mail: josef.reisin...@de.ibm.com<mailto:josef.reisin...@de.ibm.com> This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://www.amdocs.com/about/email-disclaimer <https://www.amdocs.com/about/email-disclaimer>
_______________________________________________ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss