[neutron][ovn] ipv6 in virtual networks
Brian Haley
haleyb.dev at gmail.com
Wed Feb 10 20:08:14 UTC 2021
On 2/10/21 1:11 PM, Piotr Misiak wrote:
> Hi all,
>
> I have a test env with OpenStack Ussuri and OVN deployed by kolla-ansible.
>
> I'm struggling with IPv6 VMs addressing. Has anyone deployed such
> configuration successfully?
>
> What is working:
>
> - SLAAC for VMs IPv6 addressing - VMs configure IPv6 addresses and can
> ping each other via IPv6
>
> - VMs can ping virtual router's fe80:: address
>
> - OVN is sending ICMPv6 RA packets periodically on virtual private networks
>
> What is not working:
>
> - VMs can't ping virtual router's private network IPv6 address
> specified in virtual network configuration in Neutron (IPv6 GUA), I see
> ICMPv6 echo request packets on tapXXXXX interfaces with a correct DEST
> MAC, but there are no responses.
That should work AFAIK, just don't have a devstack to try it on at the
moment, sorry.
> - Routing is not working at all
>
> Besides those, I can't imagine how upstream router will know how to
> reach a particular private network with GUA IPv6 addresses (to which
> virtual router send packets to reach a particular private network?). I
> have a standard external network with IPv6 GUA /64 subnet and virtual
> routers which connects private networks with IPv6 GUA /64 subnets with
> external network. I thought that OVN virtual router will send ICMPv6 RA
> packets on external network with reachable prefixes and upstream router
> will learn routing info from those but I don't see any RA packets sent
> by OVN on external network, I see only RA packets from an upstream
> router. How this should work and be configured? How to configure GUA
> IPv6 addresses on virtual private networks? Is it supported by Neutron/OVN?
IPv6 prefix delegation is what you want, it's one of the 'gaps' with
ML2/OVS, https://bugs.launchpad.net/neutron/+bug/1895972
There is a list of known items at
https://docs.openstack.org/neutron/latest/ovn/gaps.html
So in order to use a globally-reachable IPv6 address you should use a
port from a provider network in the instance.
> Looking forward any responses regarding this area because documentation
> does not exist technically.
All the docs were copied over to neutron so should be visible at
https://docs.openstack.org/neutron/latest/
-Brian
More information about the openstack-discuss
mailing list