Can you also configure the the src and dest VNs in the policy ? Vedu
From: Suresh Kumar S <[email protected]<mailto:[email protected]>> Date: Friday, June 23, 2017 at 12:35 PM To: Vedamurthy Ananth Joshi <[email protected]<mailto:[email protected]>> Cc: Dev <[email protected]<mailto:[email protected]>>, OpenContrail Users List - 2 <[email protected]<mailto:[email protected]>> Subject: Re: [Users] Network Policy Hi, Just verified this in 3.2, Scenario1 works fine. Scenario2, Failed. I mean, Network policy is not updated in the ACL List of the Virtual Network. ACL List contains the default entries (ALLOW all from the Same Virtual Network). The Network Policy rules which i created is missing in the ACL List. Thanks suresh. ________________________________ From: "Vedamurthy Ananth Joshi" <[email protected]<mailto:[email protected]>> To: "Suresh Kumar S" <[email protected]<mailto:[email protected]>>, "Dev" <[email protected]<mailto:[email protected]>>, "users" <[email protected]<mailto:[email protected]>> Sent: Friday, June 23, 2017 7:24:05 AM Subject: Re: [Users] Network Policy Both are valid depending on what you want to do In the second scenario, attaching the Vns to the router itself would enable connectivity between the Vns. A network policy could be used on top of it to selectively allow/disallow traffic Vedu From: Users <[email protected]<mailto:[email protected]>> on behalf of OpenContrail Users List - 2 <[email protected]<mailto:[email protected]>> Reply-To: Suresh Kumar S <[email protected]<mailto:[email protected]>> Date: Friday, June 23, 2017 at 10:38 AM To: Dev <[email protected]<mailto:[email protected]>>, OpenContrail Users List - 2 <[email protected]<mailto:[email protected]>> Subject: [Users] Network Policy Hi, What is valid scenario to test Network Policy in opencontrail? My seup: contrail 3.2 + openstack Mitaka Scenario1: 2 Virtual Networks, 1 VM on each Virtual Network. Create a network policy which allows traffic between the virtual networks (protocol:any,action:pass, direction: <>) Attach the network policy to both virtual networks. Test the ping between the VMs. Scenario2: 2 Virtual Networks, 1 VM on each Virtual Network. Create a Router (No Gateway), attach both virtual networks Create a network policy which allows traffic between the virtual networks (protocol:any,action:pass, direction: <>) Attach the network policy to both virtual networks. Test the ping between the VMs. Which scenario is the valid one ? Thanks Suresh.
_______________________________________________ Users mailing list [email protected] http://lists.opencontrail.org/mailman/listinfo/users_lists.opencontrail.org
