On 2/11/21 6:20 AM, Piotr Misiak wrote:
On 10.02.2021 21:08, Brian Haley wrote:
On 2/10/21 1:11 PM, Piotr Misiak wrote:
- Routing is not working at all
Besides those, I can't imagine how upstream router will know how to reach a particular private network with GUA IPv6 addresses (to which virtual router send packets to reach a particular private network?). I have a standard external network with IPv6 GUA /64 subnet and virtual routers which connects private networks with IPv6 GUA /64 subnets with external network. I thought that OVN virtual router will send ICMPv6 RA packets on external network with reachable prefixes and upstream router will learn routing info from those but I don't see any RA packets sent by OVN on external network, I see only RA packets from an upstream router. How this should work and be configured? How to configure GUA IPv6 addresses on virtual private networks? Is it supported by Neutron/OVN?
IPv6 prefix delegation is what you want, it's one of the 'gaps' with ML2/OVS, https://bugs.launchpad.net/neutron/+bug/1895972
There is a list of known items at https://docs.openstack.org/neutron/latest/ovn/gaps.html
So in order to use a globally-reachable IPv6 address you should use a port from a provider network in the instance.
Thanks Brian for the prompt response.
Does this mean that the only functional IPv6 scenario in Neutron/OVN is where VMs are directly connected to an IPv6 GUA provider network?
For your intended purpose, yes. You can still have a tenant with IPv6 private networks and OVN will route East/West between them.
BGP peering is not supported in Neutron/OVN, so virtual routers cannot advertise their prefixes (use case where private network prefix is manually specified by the user or it is automatically assigned from a default IPv6 subnet-pool defined in Neutron)
IPv6 PD is not supported in Neutron/OVN, so virtual routers cannot request an IPv6 prefix from an upstream router
Correct, that was the bug I linked above. -Brian