[openstack-dev] [Neutron] [IPv6] Ubuntu PPA with IPv6 enabled, need help to achieve it
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Wed Apr 16 08:26:19 UTC 2014
BTW, the "VNC Consoles" are now working in a Dual-Stacked fashion (both
"vncserver 5900" and "novncproxy 6080" traffics goes via IPv6). ;-)
Guide updated...
Cheers!
Thiago
On 15 April 2014 19:57, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
> Hello Stackers!
>
> I just finished the OpenStack IPv6 Quick Guide, it is hosted here:
>
>
> Ultimate OpenStack IceHouse Guide - ML2 Flat Network - IPv6-Friendly:
>
> https://gist.github.com/tmartinx/9177697
>
>
> Almost everything is working with IPv6, including OpenStack Management
> (APIs / Endpoints) and, of course, the Instances. Only NoVNC (TCP port
> 6080) and Metadata isn't working with IPv6 (yet).
>
> Also, the IPv6 configuration is static, no auto-configuration right now.
>
> My idea is to enable SLAAC on this environment, so, there will be no need
> for static IPs and manual intervention. I think we're almost there! What do
> you guys think?
>
> BTW, sorry about tons of e-mails I sent before, I'll not do that again.
>
> Cheers!
> Thiago
>
>
> On 12 April 2014 04:09, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
>
>> BTW, I think that the following patches are also important / relevant to
>> begin with:
>>
>> ---
>> 4. Two Attributes Proposal to Control IPv6 RA Announcement and Address
>> Assignment
>> https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes
>> Patchset: Create new IPv6 attributes for Subnets.
>> https://review.openstack.org/#/c/52983/
>> Patchset: Add support to DHCP agent for BP ipv6-two-attributes.
>> https://review.openstack.org/70649
>> Patchset: Calculate stateless IPv6 address.
>> https://review.openstack.org/56184
>> Patchset: Permit ICMPv6 RAs only from known routers.
>> https://review.openstack.org/#/c/72252/
>> ...
>> 8. Provider Networking - upstream SLAAC support
>> https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac
>> Patchset: Ensure that that all fixed ips for a port belong to a
>> subnet using DHCP. https://review.openstack.org/#/c/64578/
>> ---
>>
>> But I'm not sure about the easiest path we can follow... From what I'm
>> seeing, Neutron just needs to calculate Instance's IPv6 address based on
>> SLAAC, then Instance's IPv6 address will match (Neutron <-> upstream
>> SLAAC), in the end of the day.
>>
>> Also, review 72252 is very important!
>>
>> Regards,
>> Thiago
>>
>>
>> On 12 April 2014 01:34, Martinx - ジェームズ <thiagocmartinsc at gmail.com>wrote:
>>
>>> Cool! Instance shows an IPv6 address and it clearly isn't generated by
>>> EUI-64 (SLAAC) but, at least, I can use static IPv6! YAY!
>>>
>>> ---
>>> root at controller:~# nova list
>>>
>>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>>> | ID | Name | Status | Task State
>>> | Power State | Networks |
>>>
>>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>>> | 1654644d-6d52-4760-b147-4b88769a6fc2 | trusty-2 | ACTIVE | -
>>> | Running | sharednet1=10.33.14.23, 2001:1291:2bf:fffb::3 |
>>>
>>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>>>
>>> root at controller:~# ssh -i ~/xxx.pem ubuntu at 10.33.14.23
>>>
>>> ubuntu at trusty-2:~$ sudo ip -6 a a 2001:1291:2bf:fffb::3/64 dev eth0
>>>
>>> ubuntu at trusty-2:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1
>>>
>>> ubuntu at trusty-2:~$ ping6 -c 1 google.com
>>> PING google.com(2800:3f0:4004:801::100e) 56 data bytes
>>> 64 bytes from 2800:3f0:4004:801::100e: icmp_seq=1 ttl=54 time=49.6 ms
>>>
>>> --- google.com ping statistics ---
>>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>>> rtt min/avg/max/mdev = 49.646/49.646/49.646/0.000 ms
>>> ---
>>>
>>> IPv6 up and running and OpenStack is aware of both IPv4 and IPv6
>>> instance's addresses! Security Group is also taking care of ip6tables.
>>>
>>> I'm pretty sure that if I start radvd on upstream router right now, all
>>> instances will generate its own IPv6 based on their respective MAC address.
>>> But then, the IPv6 will differ from what OpenStack "thinks" that each
>>> instance have.
>>>
>>> So many e-mails, sorry BTW! :-P
>>>
>>> Best,
>>> Thiago
>>>
>>> On 12 April 2014 01:11, Martinx - ジェームズ <thiagocmartinsc at gmail.com>wrote:
>>>
>>>> In fact, neutron accepted the following command:
>>>>
>>>> ---
>>>> root at controller:~# neutron subnet-create --ip-version 6 --disable-dhcp
>>>> --tenant-id 5e0106fa81104c5cbe21e1ccc9eb1a36 sharednet1
>>>> 2001:1291:2bf:fffb::/64
>>>> Created a new subnet:
>>>>
>>>> +------------------+-------------------------------------------------------------------------------------+
>>>> | Field | Value
>>>> |
>>>>
>>>> +------------------+-------------------------------------------------------------------------------------+
>>>> | allocation_pools | {"start": "2001:1291:2bf:fffb::2", "end":
>>>> "2001:1291:2bf:fffb:ffff:ffff:ffff:fffe"} |
>>>> | cidr | 2001:1291:2bf:fffb::/64
>>>> |
>>>> | dns_nameservers |
>>>> |
>>>> | enable_dhcp | False
>>>> |
>>>> | gateway_ip | 2001:1291:2bf:fffb::1
>>>> |
>>>> | host_routes |
>>>> |
>>>> | id | 8685c917-e8df-4741-987c-6a531dca9fcd
>>>> |
>>>> | ip_version | 6
>>>> |
>>>> | name |
>>>> |
>>>> | network_id | 17cda0fb-a59b-4a7e-9d96-76d0670bc95c
>>>> |
>>>> | tenant_id | 5e0106fa81104c5cbe21e1ccc9eb1a36
>>>> |
>>>>
>>>> +------------------+-------------------------------------------------------------------------------------+
>>>> ---
>>>>
>>>> Where "gateway_ip 2001:1291:2bf:fffb::1" is my "upstream SLAAC" router
>>>> (radvd stopped for now).
>>>>
>>>> Diving: I think I'll put my OVS bridge "br-eth0" (bridge_mappings =
>>>> physnet1:br-eth0) on top of a VLAN but, I'll not tell OpenStack to use
>>>> "vlan", I'll keep using "flat" but, on top of a "hidden" vlan... eheh :-P
>>>>
>>>> I'll keep testing to see how far I can go... :-)
>>>>
>>>> Cheers!
>>>>
>>>>
>>>> On 12 April 2014 00:42, Martinx - ジェームズ <thiagocmartinsc at gmail.com>wrote:
>>>>
>>>>> Hey guys!
>>>>>
>>>>> My OpenStack Instance have IPv6 connectivity! Using ML2 / Simple Flat
>>>>> Network... For the first time ever! Look:
>>>>>
>>>>> ---
>>>>> administrative at controller:~$ nova boot --image
>>>>> 70f335e3-798b-4031-9773-a640970a8bdf --key-name Key trusty-1
>>>>>
>>>>> administrative at controller:~$ ssh -i ~/test.pem ubuntu at 10.33.14.21
>>>>>
>>>>> ubuntu at trusty-1:~$ sudo ip -6 a a 2001:1291:2bf:fffb::300/64 dev eth0
>>>>>
>>>>> ubuntu at trusty-1:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1
>>>>>
>>>>> ubuntu at trusty-1:~$ ping6 -c 1 google.com
>>>>>
>>>>> PING google.com(2800:3f0:4004:801::1000) 56 data bytes
>>>>> 64 bytes from 2800:3f0:4004:801::1000: icmp_seq=1 ttl=54 time=55.1 ms
>>>>>
>>>>> --- google.com ping statistics ---
>>>>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>>>>> rtt min/avg/max/mdev = 55.121/55.121/55.121/0.000 ms
>>>>>
>>>>> -
>>>>> # From my Laptop (and from another IPv6 block):
>>>>> testuser at macbuntu:~$ telnet 2001:1291:2bf:fffb::300 22
>>>>> Trying 2001:1291:2bf:fffb::300...
>>>>> Connected to 2001:1291:2bf:fffb::300.
>>>>> Escape character is '^]'.
>>>>> SSH-2.0-OpenSSH_6.6p1 Ubuntu-2
>>>>> ---
>>>>>
>>>>> But, OpenStack / Neutron isn't aware of that fixed IPv6 (
>>>>> 2001:1291:2bf:fffb::300) I just configured within the trusty-1
>>>>> Instance, so, I think we just need:
>>>>>
>>>>> - Blueprint ipv6-provider-nets-slaac ready;
>>>>> - Start radvd on upstream router (2001:1291:2bf:fffb::1).
>>>>>
>>>>> Am I right?!
>>>>>
>>>>> In fact, apparently, Security Groups is also working! I can ssh into
>>>>> "trusty-1" through IPv6 right now, but can't access port 80 of it (it is
>>>>> closed buy 22 is open to the world)...
>>>>>
>>>>> Maybe it will also work with VLANs...
>>>>>
>>>>> BTW, I just realized that both the physical servers, controllers,
>>>>> networks and compute nodes and etc, can be installed under a single IPv6
>>>>> /64 subnet! Since the openstack will random generate the MAC address (plus
>>>>> SLAAC), IPv6s will never conflict.
>>>>>
>>>>> Best!
>>>>> Thiago
>>>>>
>>>>>
>>>>> On 12 April 2014 00:09, Thomas Goirand <zigo at debian.org> wrote:
>>>>>
>>>>>> On 04/11/2014 10:52 PM, Collins, Sean wrote:
>>>>>> > Many of those patches are stale - please join us in the subteam IRC
>>>>>> > meeting if you wish to coordinate development of IPv6 features, so
>>>>>> that
>>>>>> > we can focus on updating them and getting them merged. At this point
>>>>>> > simply applying them to the Icehouse tree is not enough.
>>>>>>
>>>>>> When and where is the next meeting?
>>>>>>
>>>>>> Thomas
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev at lists.openstack.org
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140416/a5e2c37a/attachment.html>
More information about the OpenStack-dev
mailing list