May 23, 2016

Redhat Openstack Kilo: how let running instances use sctp protocol

Posted in OpenStack at 12:55 pm by alessiodini

The Last week I faced a comunication issue on Openstack Kilo. A couple of CentOS 7 instances were not able to comunicate each other via sctp protocol ( this was the first time I heard about sctp protocol! ).
It seems that standard security group policies don’t allow to define sctp protocol within the rules. Looking on the web I found an open bugzilla but I tought about some iptable rule on compute nodes.
After a couple of days of multiple tests , analysis I was able to solve the issue. How?

1) You must configure the allow of any traffic for the protocol number 132 ( see sctp RFC )
2) If the step 1 did not solve the issue , you can add iptable rules to neutron-openvswi-sg-fallback chain ( this chain is always called when top rules do not match any traffic type )
3) After step 2 , you must run the modprobe of ip_conntrack_proto_sctp module on each compute node you have.

What did I use for sctp test? I found one nice utility , here:

This is a perfect tool when you must test any sctp communication
I’m ready for the next challenge 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: