Address scopes allow traffic to go across a router without performing any NAT. The rules you see there ensure that traffic isn't routed directly if it crosses from one address scope to another.
On Wed, Mar 1, 2017 at 7:21 AM, zhi <changzhi1...@gmail.com> wrote: > Hi, all. > > I have some questions about l3 address scope in neutron.I hope that > someone could give me some answers. > > I set up a devstack environment and it uses the feature of l3 address > scope by following the document [1]. After doing those steps, I can find > some iptables rules in namespace, showing like this: > > root@devstack:~# iptables-save |grep neutron-l3-agent-scope > :neutron-l3-agent-scope - [0:0] > -A neutron-l3-agent-PREROUTING -j neutron-l3-agent-scope > -A neutron-l3-agent-scope -i qr-6d393225-2e -j MARK --set-xmark > 0x4010000/0xffff0000 > -A neutron-l3-agent-scope -i qr-d257abb8-e1 -j MARK --set-xmark > 0x4000000/0xffff0000 > -A neutron-l3-agent-scope -i qg-f64c7892-1d -j MARK --set-xmark > 0x4010000/0xffff0000 > :neutron-l3-agent-scope - [0:0] > -A neutron-l3-agent-FORWARD -j neutron-l3-agent-scope > -A neutron-l3-agent-scope -o qr-6d393225-2e -m mark ! --mark > 0x4010000/0xffff0000 -j DROP > -A neutron-l3-agent-scope -o qr-d257abb8-e1 -m mark ! --mark > 0x4000000/0xffff0000 -j DROP > > What does these iptables rules used for ? In my opinion, by reading these > rules, I can get some informations : any input traffic ( qr and qg devices > ) will be marked and we only accept these marked traffic, isn't it? > > What the purpose of the l3 address scope? > > What can we benefit from l3 address scope? > > > Thanks > Zhi Chang > > [1]: https://docs.openstack.org/draft/networking-guide/ > config-address-scopes.html > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
