From 781d44723705929ba8aea3c39611fe807c453682 Mon Sep 17 00:00:00 2001 From: Gurucharan Shetty Date: Mon, 15 Apr 2013 11:09:01 -0700 Subject: [PATCH] INSTALL.XenServer: Add a note for tunnel firewall rules. Signed-off-by: Gurucharan Shetty --- INSTALL.XenServer | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/INSTALL.XenServer b/INSTALL.XenServer index 7a4dd76e8..e31788aef 100644 --- a/INSTALL.XenServer +++ b/INSTALL.XenServer @@ -158,7 +158,10 @@ command. The plugin script does roughly the following: * If XAPI is configured for a manager, configures the OVS manager to match with "ovs-vsctl set-manager". -The Open vSwitch boot sequence only configures an OVS configuration +Notes +----- + +* The Open vSwitch boot sequence only configures an OVS configuration database manager. There is no way to directly configure an OpenFlow controller on XenServer and, as a consequence of the step above that deletes all of the bridges at boot time, controller configuration only @@ -166,6 +169,14 @@ persists until XenServer reboot. The configuration database manager can, however, configure controllers for bridges. See the BUGS section of ovs-controller(8) for more information on this topic. +* The Open vSwitch startup script automatically adds a firewall rule +to allow GRE traffic. This rule is needed for the XenServer feature +called "Cross-Host Internal Networks" (CHIN) that uses GRE. If a user +configures tunnels other than GRE (ex: VXLAN, LISP), they will have +to either manually add a iptables firewall rule to allow the tunnel traffic +or add it through a startup script (Please refer to the "enable-protocol" +command in the ovs-ctl(8) manpage). + Reporting Bugs -------------- -- 2.47.0