On 2/10/21 1:11 PM, Piotr Misiak wrote:
Hi all,
I have a test env with OpenStack Ussuri and OVN deployed by kolla-ansible.
I'm struggling with IPv6 VMs addressing. Has anyone deployed such configuration successfully?
What is working:
- SLAAC for VMs IPv6 addressing - VMs configure IPv6 addresses and can ping each other via IPv6
- VMs can ping virtual router's fe80:: address
- OVN is sending ICMPv6 RA packets periodically on virtual private networks
What is not working:
- VMs can't ping virtual router's private network IPv6 address specified in virtual network configuration in Neutron (IPv6 GUA), I see ICMPv6 echo request packets on tapXXXXX interfaces with a correct DEST MAC, but there are no responses.
That should work AFAIK, just don't have a devstack to try it on at the moment, sorry.
- Routing is not working at all
Besides those, I can't imagine how upstream router will know how to reach a particular private network with GUA IPv6 addresses (to which virtual router send packets to reach a particular private network?). I have a standard external network with IPv6 GUA /64 subnet and virtual routers which connects private networks with IPv6 GUA /64 subnets with external network. I thought that OVN virtual router will send ICMPv6 RA packets on external network with reachable prefixes and upstream router will learn routing info from those but I don't see any RA packets sent by OVN on external network, I see only RA packets from an upstream router. How this should work and be configured? How to configure GUA IPv6 addresses on virtual private networks? Is it supported by Neutron/OVN?
IPv6 prefix delegation is what you want, it's one of the 'gaps' with ML2/OVS, https://bugs.launchpad.net/neutron/+bug/1895972 There is a list of known items at https://docs.openstack.org/neutron/latest/ovn/gaps.html So in order to use a globally-reachable IPv6 address you should use a port from a provider network in the instance.
Looking forward any responses regarding this area because documentation does not exist technically.
All the docs were copied over to neutron so should be visible at https://docs.openstack.org/neutron/latest/ -Brian