Contrail Platform Developers
Contrail Platform Developers

Firefly service chaining

‎08-11-2014 04:54 AM



I'm trying to get service chaining with a firefly for NAT purpose only. I've followed the process available at however with little luck.


My setup includes 2 x controller / compute nodes. The server sitting in the internal side of the network is in compute node 1, the firewall / nat node is in compute 2. My host is in the public network wich is learned from the MX gateway.


The fw has 3 interfaces: mgmt, left, right.

Fw as 'transparent' mode, I can see all the flows, access all addresses where applicable.

If the service is set as 'In-network' I cannot reach any of the addresses however the fw can reach all addresses. This also disables the access to any fw service such as NAT.


The service purpose is to have a host in the public zone to ssh to a server in the internal network.

I hope the community can help me on this.



Contrail Platform Developers
Accepted by topic author emperphis
‎08-26-2015 01:27 AM

Re: Firefly service chaining

‎08-29-2014 12:55 AM

I managed to get this fixed by creating a pure L2 vNW between my server and the firewall (running in transparent mode).