Merge pull request #2687 from noris-network/master
Document how to allow ipip traffic with calico on OpenStack
This commit is contained in:
commit
d1b4ea5807
1 changed files with 9 additions and 0 deletions
|
@ -169,3 +169,12 @@ By default the felix agent(calico-node) will abort if the Kernel RPF setting is
|
|||
```
|
||||
calico_node_ignorelooserpf: true
|
||||
```
|
||||
|
||||
Note that in OpenStack you must allow `ipip` traffic in your security groups,
|
||||
otherwise you will experience timeouts.
|
||||
To do this you must add a rule which allows it, for example:
|
||||
|
||||
```
|
||||
neutron security-group-rule-create --protocol 4 --direction egress k8s-a0tp4t
|
||||
neutron security-group-rule-create --protocol 4 --direction igress k8s-a0tp4t
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue