Browse Source
Merge pull request #2687 from noris-network/master
Document how to allow ipip traffic with calico on OpenStack
pull/2695/head
Aivars Sterns
6 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
9 additions and
0 deletions
-
docs/calico.md
|
|
|
@ -169,3 +169,12 @@ By default the felix agent(calico-node) will abort if the Kernel RPF setting is |
|
|
|
``` |
|
|
|
calico_node_ignorelooserpf: true |
|
|
|
``` |
|
|
|
|
|
|
|
Note that in OpenStack you must allow `ipip` traffic in your security groups, |
|
|
|
otherwise you will experience timeouts. |
|
|
|
To do this you must add a rule which allows it, for example: |
|
|
|
|
|
|
|
``` |
|
|
|
neutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4t |
|
|
|
neutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4t |
|
|
|
``` |
