Document how to allow ipip traffic with calico on OpenStack
This commit is contained in:
parent
a498cc223b
commit
a49e06b54b
1 changed files with 9 additions and 0 deletions
|
@ -169,3 +169,12 @@ By default the felix agent(calico-node) will abort if the Kernel RPF setting is
|
||||||
```
|
```
|
||||||
calico_node_ignorelooserpf: true
|
calico_node_ignorelooserpf: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Note that in OpenStack you must allow `ipip` traffic in your security groups,
|
||||||
|
otherwise you will experience timeouts.
|
||||||
|
To do this you must add a rule which allows it, for example:
|
||||||
|
|
||||||
|
```
|
||||||
|
neutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4t
|
||||||
|
neutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4t
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in a new issue