neutron

Are there plans to enable SCTP protocol in security rules?

Asked by Neb Miljanovic

I don't see any ways I can enable SCTP traffic to and from my VMs in openstack. Security rules only support ICMP/TCP/UDP. Are there any plans for enabling SCTP? Or, are there any back-door ways in opening "other protocols"? iptables support SCTP so it's just a matter of allowing SCTP in the APIs.

There are many signaling protocols that require SCTP transport. By not supporting it, openstack is basically banning those protocols from the cloud.

Thanks,
Neb

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Aaron Rosen
Solved:
Last query:
Last reply:
Revision history for this message
Best Aaron Rosen (arosen) said : 		#1

Support for this was added in H1 https://review.openstack.org/#/c/32050/

Revision history for this message
Neb Miljanovic (neb-c) said : 		#2

Thank you! Can this patch apply on grizzly?

Revision history for this message
Neb Miljanovic (neb-c) said : 		#3

Thanks Aaron Rosen, that solved my question.

Revision history for this message
prasad Jayasinghe (pcjayasinghe) said : 		#4

Hi All

can anybody tell me this patch works with icehouse or not ..?
if not what is the patch for icehouse..?

TX

Revision history for this message
Neb Miljanovic (neb-miljanovic) said : 		#5

You should not need a patch for Icehouse. Security rules for SCTP can be applied using protocol number (142).

Revision history for this message
David Medberry (med) said : 		#6

132 not 142.

Ref:
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
https://wiki.wireshark.org/SCTP
http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol

Revision history for this message
prasad Jayasinghe (pcjayasinghe) said : 		#7

I have tried by using 132 port but its not worked for me ...... :(
any idea.....??

Revision history for this message
David Medberry (med) said : 		#8

See screenshot. PROTOCOL 132 not port 132.

Revision history for this message
David Medberry (med) said : 		#9

Okay, no way to add screenshot to a question... Here's a text cut/paste:

Manage Security Group Rules: sctp (17be89b6-ac19-4601-b578-e69fc49327db)
 Add Rule
 Delete Rules

Direction
Ether Type
IP Protocol
Port Range
Remote IP Prefix
Remote Security Group
Actions
 Egress IPv4 132 - 0.0.0.0/0 (CIDR) - Delete Rule
 Ingress IPv4 132 - 0.0.0.0/0 (CIDR) - Delete Rule
Displaying 2 items

So use "Custom Protocol" to add SCTP. And then choose protocol 132.