Document how to allow ipip traffic with calico on OpenStack

This commit is contained in:
oz123 2018-04-19 15:46:42 +02:00 committed by Oz N Tiram
parent a498cc223b
commit a49e06b54b

View file

@ -169,3 +169,12 @@ By default the felix agent(calico-node) will abort if the Kernel RPF setting is
``` ```
calico_node_ignorelooserpf: true calico_node_ignorelooserpf: true
``` ```
Note that in OpenStack you must allow `ipip` traffic in your security groups,
otherwise you will experience timeouts.
To do this you must add a rule which allows it, for example:
```
neutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4t
neutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4t
```