Traffic failed from external network with default securitygroup by FIP
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-ovn |
New
|
Undecided
|
Unassigned |
Bug Description
I create an VLAN network (10.10.10.0/24) with external, and create a floating IP by it. Then associate it to a internal Geneve network VM1. I found something confusing.
1. If connect to VM1 from the VLAN network(
The ovn-trace shows packets is blocked by acl,just as follow
···
egress(
-------
ct_next(
-------
4. ls_out_acl (ovn-northd.
ct_
·····
.
If add 10.10.10.0/24 to security group ,everything goes fine. So dose this right,which could not pass by default security group?
2. If VM1(net1) connect VM2(net2) by logical router, and all of them are associated with default security group, and every thing goes fine.
What is the difference between the situation 1 and 2 on security group?
If I want to change the situation 1,do you have some suggestion?