Skip to content

Commit

Permalink
Allow security groups to pass on NSX-T
Browse files Browse the repository at this point in the history 
This is the second commit to enable CF foundations using the NSX-T
container plugin (NCP) to pass the security groups test.

Specifically, it accommodates NSX-T's behavior of notifying the
container that the host is unreachable (by proactively sending ICMP host
unreachable packets) rather than the "normal" behavior of simply
allowing connection attempts to time out.

<https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol#Destination_unreachable>

Note that NSX-T only manifests this behavior for IP pools which it
manages, not for the internet at large.

Signed-off-by: Rowan Jacobs <rojacobs@pivotal.io>
  • Loading branch information
@cunnie @rowanjacobs
cunnie authored and rowanjacobs committed Sep 4, 2018
1 parent 5bb3d0d commit c91f3a5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion tasks/task.go
View file
Expand Up @@ -349,7 +349,7 @@ exit 1`
appLogs := logs.Tail(Config.GetUseLogCache(), appName).Wait()
Expect(appLogs).To(Exit(0))
return string(appLogs.Out.Contents())
}, Config.CfPushTimeoutDuration()).Should(ContainSubstring("Connection timed out"), "ASG configured to allow connection to the private IP but the app is still refused by private ip")
}, Config.CfPushTimeoutDuration()).Should(MatchRegexp("Connection timed out|No route to host"), "ASG configured to allow connection to the private IP but the app is still refused by private ip")

close(done)
}, 30*60 /* <-- overall spec timeout in seconds */)
Expand Down

0 comments on commit c91f3a5

Please sign in to comment.