Merge pull request #2687 from noris-network/master

Document how to allow ipip traffic with calico on OpenStack
This commit is contained in:
Aivars Sterns 2018-04-21 10:38:21 +03:00 committed by GitHub
commit d1b4ea5807
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -169,3 +169,12 @@ By default the felix agent(calico-node) will abort if the Kernel RPF setting is
```
calico_node_ignorelooserpf: true
```
Note that in OpenStack you must allow `ipip` traffic in your security groups,
otherwise you will experience timeouts.
To do this you must add a rule which allows it, for example:
```
neutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4t
neutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4t
```