Open Stack

Hello OpenStack-Discuss,

I have a use case in which an instance / VM is hosting i.e. an OpenVPN
gateway which shall be doing some routing / networking by itself.
For that purpose one would like to have a global unique IPv6 prefix
delegated and routed to it to, which it can in turn give out to its VPN
clients.
This can and should not be cut out of the on-link network that is
provided by Neutron and used to connect the instance itself.

If you look at https://community.openvpn.net/openvpn/wiki/IPv6, which
has a section *Details: IPv6 routed block* explaining just how
that is one intended approach on how to do it.

I am now wondering if the existing DHCPv6 prefix delegation implemented
in OpenStack is capable of providing a prefix to an instance.
Digging a little into what can be found online I ran into this Etherpad
doc https://etherpad.opendev.org/p/neutron-kilo-prefix-delegation
(linked to on https://wiki.openstack.org/wiki/Neutron/IPv6/PrefixDelegation)

There is a list of use-cases, the second one being exactly what I
described above:

> [...]
>
> Use cases:
>
> We need to allocate addresses to ports from an external or
> providernetwork, and route them via Neutron routers.
>
> We wish to allocate whole prefixes to devices (and their specific
> neutron port) on demand.  A port must be authorised via the API for a
> prefix. The prefix could be issued to the device via PD (since the
> device has to discover the prefix it's been given).
>
> [...]

But to my understanding the spec used to implement the current IPv6
networking and also prefix delegation mechanism,
also mentioned this use case as an "limitation and future enhancement" -
see:
https://specs.openstack.org/openstack/neutron-specs/specs/liberty/ipv6-prefix-delegation.html#limitations-and-future-enhancements



Does anyone have any thoughts on this matter of dedicating a prefix and
and routingits  traffic to a VM, but not just a subnet?



Regards


Christian