<div dir="ltr">Hello Stackers!<div><br></div><div>I just finished the OpenStack IPv6 Quick Guide, it is hosted here:</div><div><br></div><div><br></div><div>Ultimate OpenStack IceHouse Guide - ML2 Flat Network - IPv6-Friendly:<br>
</div><div><br></div><div><a href="https://gist.github.com/tmartinx/9177697">https://gist.github.com/tmartinx/9177697</a><br></div><div><br></div><div><br></div><div>Almost everything is working with IPv6, including OpenStack Management (APIs / Endpoints) and, of course, the Instances. Only NoVNC (TCP port 6080) and Metadata isn't working with IPv6 (yet).</div>
<div><br></div><div>Also, the IPv6 configuration is static, no auto-configuration right now.</div><div><br></div><div>My idea is to enable SLAAC on this environment, so, there will be no need for static IPs and manual intervention. I think we're almost there! What do you guys think?</div>
<div><br></div><div>BTW, sorry about tons of e-mails I sent before, I'll not do that again.</div><div><br></div><div>Cheers!</div><div>Thiago</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 April 2014 04:09, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">BTW, I think that the following patches are also important / relevant to begin with:<div><br></div><div>
---</div><div class=""><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">4. Two Attributes Proposal to Control IPv6 RA Announcement and Address</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Assignment</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px"><span style="font-family:arial,sans-serif;font-size:12.727272033691406px"> </span><a href="https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes</a><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px"> Patchset: Create new IPv6 attributes for Subnets.</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px"><a href="https://review.openstack.org/#/c/52983/" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://review.openstack.org/#/c/52983/</a><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px"> Patchset: Add support to DHCP agent for BP ipv6-two-attributes.</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px"><a href="https://review.openstack.org/70649" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://review.openstack.org/70649</a><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px"> Patchset: Calculate stateless IPv6 address.</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px"><a href="https://review.openstack.org/56184" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://review.openstack.org/56184</a><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px"> Patchset: Permit ICMPv6 RAs only from known routers.</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px"><a href="https://review.openstack.org/#/c/72252/" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://review.openstack.org/#/c/72252/</a></div>
</div><div>...</div><div class=""><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">8. Provider Networking - upstream SLAAC support</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<a href="https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac</a><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
<span style="font-family:arial,sans-serif;font-size:12.727272033691406px"> Patchset: Ensure that that all fixed ips for a port belong to a</span><br style="font-family:arial,sans-serif;font-size:12.727272033691406px"><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">subnet using DHCP. </span><a href="https://review.openstack.org/#/c/64578/" style="font-family:arial,sans-serif;font-size:12.727272033691406px" target="_blank">https://review.openstack.org/#/c/64578/</a><br style="font-family:arial,sans-serif;font-size:12.727272033691406px">
</div></div><div>---</div><div><br></div><div>But I'm not sure about the easiest path we can follow... From what I'm seeing, Neutron just needs to calculate Instance's IPv6 address based on SLAAC, then Instance's IPv6 address will match (Neutron <-> upstream SLAAC), in the end of the day.</div>
<div><br></div><div>Also, review 72252 is very important!</div><div><br></div><div>Regards,</div><div>Thiago</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 April 2014 01:34, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Cool! Instance shows an IPv6 address and it clearly isn't generated by EUI-64 (SLAAC) but, at least, I can use static IPv6! YAY!<div>
<br></div><div>---</div><div><div><font face="courier new, monospace">root@controller:~# nova list</font></div>
<div><font face="courier new, monospace">+--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+</font></div><div><font face="courier new, monospace">| ID | Name | Status | Task State | Power State | Networks |</font></div>
<div><font face="courier new, monospace">+--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+</font></div><div><font face="courier new, monospace">| 1654644d-6d52-4760-b147-4b88769a6fc2 | trusty-2 | ACTIVE | - | Running | sharednet1=10.33.14.23, 2001:1291:2bf:fffb::3 |</font></div>
<div><font face="courier new, monospace">+--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+</font></div></div><div><font face="courier new, monospace"><br>
</font></div><div><font face="courier new, monospace">root@controller:~# ssh -i ~/xxx.pem <a href="mailto:ubuntu@10.33.14.23" target="_blank">ubuntu@10.33.14.23</a><br></font></div><div><font face="courier new, monospace"><div>
<br></div>
</font><font face="courier new, monospace"><div>ubuntu@trusty-2:~$ sudo ip -6 a a 2001:1291:2bf:fffb::3/64 dev eth0</div><div><br></div></font><div style="font-family:'courier new',monospace">ubuntu@trusty-2:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1<br>
</div><div style="font-family:'courier new',monospace"><div><br></div><div>ubuntu@trusty-2:~$ ping6 -c 1 <a href="http://google.com" target="_blank">google.com</a></div><div>PING <a href="http://google.com" target="_blank">google.com</a>(2800:3f0:4004:801::100e) 56 data bytes</div>
<div>64 bytes from 2800:3f0:4004:801::100e: icmp_seq=1 ttl=54 time=49.6 ms</div><div><div><br></div><div>--- <a href="http://google.com" target="_blank">google.com</a> ping statistics ---</div><div>1 packets transmitted, 1 received, 0% packet loss, time 0ms</div>
</div><div>rtt min/avg/max/mdev = 49.646/49.646/49.646/0.000 ms</div></div><div style="font-family:'courier new',monospace"><span style="font-family:arial">---</span><br></div><div><br></div><div style="font-family:'courier new',monospace">
<span style="font-family:arial">IPv6 up and running and OpenStack is aware of both IPv4 and IPv6 instance's addresses! Security Group is also taking care of ip6tables.</span><br></div></div><div><div><br>
</div><div>I'm pretty sure that if I start radvd on upstream router right now, all instances will generate its own IPv6 based on their respective MAC address. But then, the IPv6 will differ from what OpenStack "thinks" that each instance have.</div>
</div><div><br></div><div>So many e-mails, sorry BTW! :-P</div><div><br></div><div>Best,</div>
<div>Thiago</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 12 April 2014 01:11, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">In fact, neutron accepted the following command:<div>
<br></div><div>---</div><div><div><font face="courier new, monospace">root@controller:~# neutron subnet-create --ip-version 6 --disable-dhcp --tenant-id 5e0106fa81104c5cbe21e1ccc9eb1a36 sharednet1 2001:1291:2bf:fffb::/64</font></div>
<div><font face="courier new, monospace">Created a new subnet:</font></div><div><font face="courier new, monospace">+------------------+-------------------------------------------------------------------------------------+</font></div>
<div><font face="courier new, monospace">| Field | Value |</font></div><div><font face="courier new, monospace">+------------------+-------------------------------------------------------------------------------------+</font></div>
<div><font face="courier new, monospace">| allocation_pools | {"start": "2001:1291:2bf:fffb::2", "end": "2001:1291:2bf:fffb:ffff:ffff:ffff:fffe"} |</font></div><div><font face="courier new, monospace">| cidr | 2001:1291:2bf:fffb::/64 |</font></div>
<div><font face="courier new, monospace">| dns_nameservers | |</font></div><div><font face="courier new, monospace">| enable_dhcp | False |</font></div>
<div><font face="courier new, monospace">| gateway_ip | 2001:1291:2bf:fffb::1 |</font></div><div><font face="courier new, monospace">| host_routes | |</font></div>
<div><font face="courier new, monospace">| id | 8685c917-e8df-4741-987c-6a531dca9fcd |</font></div><div><font face="courier new, monospace">| ip_version | 6 |</font></div>
<div><font face="courier new, monospace">| name | |</font></div><div><font face="courier new, monospace">| network_id | 17cda0fb-a59b-4a7e-9d96-76d0670bc95c |</font></div>
<div><font face="courier new, monospace">| tenant_id | 5e0106fa81104c5cbe21e1ccc9eb1a36 |</font></div><div><font face="courier new, monospace">+------------------+-------------------------------------------------------------------------------------+</font></div>
</div><div>---</div><div><br></div><div>Where "<span style="font-family:'courier new',monospace">gateway_ip 2001:1291:2bf:fffb::1</span>" is my "upstream SLAAC" router (radvd stopped for now).</div>
<div><br></div><div>Diving: I think I'll put my OVS bridge "br-eth0" (<font face="courier new, monospace">bridge_mappings = physnet1:br-eth0</font>) on top of a VLAN but, I'll not tell OpenStack to use "vlan", I'll keep using "flat" but, on top of a "hidden" vlan... eheh :-P</div>
<div><br></div><div>I'll keep testing to see how far I can go... :-)</div><div><br></div><div>Cheers!</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 April 2014 00:42, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hey guys!<div><br></div><div>My OpenStack Instance have IPv6 connectivity! Using ML2 / Simple Flat Network... For the first time ever! Look:</div>
<div><br></div><div>---</div><div><font face="courier new, monospace">administrative@controller:~$ nova boot --image 70f335e3-798b-4031-9773-a640970a8bdf --key-name Key trusty-1<br>
</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">administrative@controller:~$ ssh -i ~/test.pem <a href="mailto:ubuntu@10.33.14.21" target="_blank">ubuntu@10.33.14.21</a><br>
</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">ubuntu@trusty-1:~$ sudo ip -6 a a 2001:1291:2bf:fffb::300/64 dev eth0<br></font></div><div><font face="courier new, monospace"><br>
</font></div><div><font face="courier new, monospace">ubuntu@trusty-1:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1</font></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">ubuntu@trusty-1:~$ ping6 -c 1 <a href="http://google.com" target="_blank">google.com</a></font></div>
<div><font face="courier new, monospace"><br></font></div><div><div><font face="courier new, monospace">PING <a href="http://google.com" target="_blank">google.com</a>(2800:3f0:4004:801::1000) 56 data bytes</font></div><div>
<font face="courier new, monospace">64 bytes from 2800:3f0:4004:801::1000: icmp_seq=1 ttl=54 time=55.1 ms</font></div>
<div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">--- <a href="http://google.com" target="_blank">google.com</a> ping statistics ---</font></div><div><font face="courier new, monospace">1 packets transmitted, 1 received, 0% packet loss, time 0ms</font></div>
<div><font face="courier new, monospace">rtt min/avg/max/mdev = 55.121/55.121/55.121/0.000 ms</font></div></div><div><font face="courier new, monospace"><br></font></div><div><font face="courier new, monospace">-</font></div>
<div><font face="courier new, monospace"># From my Laptop (and from another IPv6 block):</font></div><div><font face="courier new, monospace"><div>testuser@macbuntu:~$ telnet 2001:1291:2bf:fffb::300 22</div><div>Trying 2001:1291:2bf:fffb::300...</div>
<div>Connected to 2001:1291:2bf:fffb::300.</div><div>Escape character is '^]'.</div><div>SSH-2.0-OpenSSH_6.6p1 Ubuntu-2</div></font></div><div>---</div><div><br></div><div>But, OpenStack / Neutron isn't aware of that fixed IPv6 (<span style="font-family:'courier new',monospace">2001:1291:2bf:fffb::300</span>) I just configured within the trusty-1 Instance, so, I think we just need:</div>
<div><br></div><div>- Blueprint <span style="font-family:arial,sans-serif;font-size:12.727272033691406px">ipv6-provider-nets-slaac ready;</span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">- Start radvd on upstream router (</span><span style="font-family:'courier new',monospace">2001:1291:2bf:fffb::1</span><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">).</span></div>
<div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Am I right?!</span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br>
</span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">In fact, apparently, Security Groups is also working! I can ssh into "trusty-1" through IPv6 right now, but can't access port 80 of it (it is closed buy 22 is open to the world)...</span></div>
<div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Maybe it will also work with VLANs...</span></div>
<div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">BTW, I just realized that both the physical servers, controllers, networks and compute nodes and etc, can be installed under a single IPv6 /64 subnet! Since the openstack will random generate the MAC address (plus SLAAC), IPv6s will never conflict.</span></div>
<div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Best!</span></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Thiago</span></div>
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 12 April 2014 00:09, Thomas Goirand <span dir="ltr"><<a href="mailto:zigo@debian.org" target="_blank">zigo@debian.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div>On 04/11/2014 10:52 PM, Collins, Sean wrote:<br>
> Many of those patches are stale - please join us in the subteam IRC<br>
> meeting if you wish to coordinate development of IPv6 features, so that<br>
> we can focus on updating them and getting them merged. At this point<br>
> simply applying them to the Icehouse tree is not enough.<br>
<br>
</div>When and where is the next meeting?<br>
<span><font color="#888888"><br>
Thomas<br>
</font></span><div><div><br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div></div>
</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>