On 6/27/20 11:52 PM, Eric K. Miller wrote:
Hi,
Should I assume that the statement:
"IPv6 traffic is not distributed, even when DVR is enabled. IPv6 routing does work, but all ingress/egress traffic must traverse through the centralized Controller node. Customers that are extensively using IPv6 routing are advised not to use DVR at this time."
is still true in Stein and later (we are running Stein for now, which is why I explicitly mentioned this version)?
If so, is there a possibility of using a provider network that is connected to all compute nodes where IPv6 subnets are issued to tenants from a subnet pool, with traffic being routed directly to an external router (not a Neutron router) using Linux Bridge instead of OVS? Yet, still use port security?
Just trying to figure out the best way to support IPv6 without forwarding all traffic through a single network node, while using DVR for IPv4.
The other way would be to enhance the dr-agent, IPv4 support for DVR was added recently. https://docs.openstack.org/neutron-dynamic-routing/latest/ There is also some ongoing work to better support IPv6 "fast exit" at https://review.opendev.org/#/c/662111/ -Brian
Also, unrelated, but hopefully a quick question… is the "internal" or "external" label on a network just used for filtering lists, such as for "openstack network list --external"? or does it change the behavior of anything?
Thanks!
Eric