[openstack-dev] [Neutron] [IPv6] Ubuntu PPA with IPv6 enabled, need help to achieve it
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Sat Apr 12 07:09:48 UTC 2014
BTW, I think that the following patches are also important / relevant to
begin with:
---
4. Two Attributes Proposal to Control IPv6 RA Announcement and Address
Assignment
https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes
Patchset: Create new IPv6 attributes for Subnets.
https://review.openstack.org/#/c/52983/
Patchset: Add support to DHCP agent for BP ipv6-two-attributes.
https://review.openstack.org/70649
Patchset: Calculate stateless IPv6 address.
https://review.openstack.org/56184
Patchset: Permit ICMPv6 RAs only from known routers.
https://review.openstack.org/#/c/72252/
...
8. Provider Networking - upstream SLAAC support
https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac
Patchset: Ensure that that all fixed ips for a port belong to a
subnet using DHCP. https://review.openstack.org/#/c/64578/
---
But I'm not sure about the easiest path we can follow... From what I'm
seeing, Neutron just needs to calculate Instance's IPv6 address based on
SLAAC, then Instance's IPv6 address will match (Neutron <-> upstream
SLAAC), in the end of the day.
Also, review 72252 is very important!
Regards,
Thiago
On 12 April 2014 01:34, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
> Cool! Instance shows an IPv6 address and it clearly isn't generated by
> EUI-64 (SLAAC) but, at least, I can use static IPv6! YAY!
>
> ---
> root at controller:~# nova list
>
> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
> | ID | Name | Status | Task State |
> Power State | Networks |
>
> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
> | 1654644d-6d52-4760-b147-4b88769a6fc2 | trusty-2 | ACTIVE | - |
> Running | sharednet1=10.33.14.23, 2001:1291:2bf:fffb::3 |
>
> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>
> root at controller:~# ssh -i ~/xxx.pem ubuntu at 10.33.14.23
>
> ubuntu at trusty-2:~$ sudo ip -6 a a 2001:1291:2bf:fffb::3/64 dev eth0
>
> ubuntu at trusty-2:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1
>
> ubuntu at trusty-2:~$ ping6 -c 1 google.com
> PING google.com(2800:3f0:4004:801::100e) 56 data bytes
> 64 bytes from 2800:3f0:4004:801::100e: icmp_seq=1 ttl=54 time=49.6 ms
>
> --- google.com ping statistics ---
> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
> rtt min/avg/max/mdev = 49.646/49.646/49.646/0.000 ms
> ---
>
> IPv6 up and running and OpenStack is aware of both IPv4 and IPv6
> instance's addresses! Security Group is also taking care of ip6tables.
>
> I'm pretty sure that if I start radvd on upstream router right now, all
> instances will generate its own IPv6 based on their respective MAC address.
> But then, the IPv6 will differ from what OpenStack "thinks" that each
> instance have.
>
> So many e-mails, sorry BTW! :-P
>
> Best,
> Thiago
>
> On 12 April 2014 01:11, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
>
>> In fact, neutron accepted the following command:
>>
>> ---
>> root at controller:~# neutron subnet-create --ip-version 6 --disable-dhcp
>> --tenant-id 5e0106fa81104c5cbe21e1ccc9eb1a36 sharednet1
>> 2001:1291:2bf:fffb::/64
>> Created a new subnet:
>>
>> +------------------+-------------------------------------------------------------------------------------+
>> | Field | Value
>> |
>>
>> +------------------+-------------------------------------------------------------------------------------+
>> | allocation_pools | {"start": "2001:1291:2bf:fffb::2", "end":
>> "2001:1291:2bf:fffb:ffff:ffff:ffff:fffe"} |
>> | cidr | 2001:1291:2bf:fffb::/64
>> |
>> | dns_nameservers |
>> |
>> | enable_dhcp | False
>> |
>> | gateway_ip | 2001:1291:2bf:fffb::1
>> |
>> | host_routes |
>> |
>> | id | 8685c917-e8df-4741-987c-6a531dca9fcd
>> |
>> | ip_version | 6
>> |
>> | name |
>> |
>> | network_id | 17cda0fb-a59b-4a7e-9d96-76d0670bc95c
>> |
>> | tenant_id | 5e0106fa81104c5cbe21e1ccc9eb1a36
>> |
>>
>> +------------------+-------------------------------------------------------------------------------------+
>> ---
>>
>> Where "gateway_ip 2001:1291:2bf:fffb::1" is my "upstream SLAAC" router
>> (radvd stopped for now).
>>
>> Diving: I think I'll put my OVS bridge "br-eth0" (bridge_mappings =
>> physnet1:br-eth0) on top of a VLAN but, I'll not tell OpenStack to use
>> "vlan", I'll keep using "flat" but, on top of a "hidden" vlan... eheh :-P
>>
>> I'll keep testing to see how far I can go... :-)
>>
>> Cheers!
>>
>>
>> On 12 April 2014 00:42, Martinx - ジェームズ <thiagocmartinsc at gmail.com>wrote:
>>
>>> Hey guys!
>>>
>>> My OpenStack Instance have IPv6 connectivity! Using ML2 / Simple Flat
>>> Network... For the first time ever! Look:
>>>
>>> ---
>>> administrative at controller:~$ nova boot --image
>>> 70f335e3-798b-4031-9773-a640970a8bdf --key-name Key trusty-1
>>>
>>> administrative at controller:~$ ssh -i ~/test.pem ubuntu at 10.33.14.21
>>>
>>> ubuntu at trusty-1:~$ sudo ip -6 a a 2001:1291:2bf:fffb::300/64 dev eth0
>>>
>>> ubuntu at trusty-1:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1
>>>
>>> ubuntu at trusty-1:~$ ping6 -c 1 google.com
>>>
>>> PING google.com(2800:3f0:4004:801::1000) 56 data bytes
>>> 64 bytes from 2800:3f0:4004:801::1000: icmp_seq=1 ttl=54 time=55.1 ms
>>>
>>> --- google.com ping statistics ---
>>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>>> rtt min/avg/max/mdev = 55.121/55.121/55.121/0.000 ms
>>>
>>> -
>>> # From my Laptop (and from another IPv6 block):
>>> testuser at macbuntu:~$ telnet 2001:1291:2bf:fffb::300 22
>>> Trying 2001:1291:2bf:fffb::300...
>>> Connected to 2001:1291:2bf:fffb::300.
>>> Escape character is '^]'.
>>> SSH-2.0-OpenSSH_6.6p1 Ubuntu-2
>>> ---
>>>
>>> But, OpenStack / Neutron isn't aware of that fixed IPv6 (
>>> 2001:1291:2bf:fffb::300) I just configured within the trusty-1
>>> Instance, so, I think we just need:
>>>
>>> - Blueprint ipv6-provider-nets-slaac ready;
>>> - Start radvd on upstream router (2001:1291:2bf:fffb::1).
>>>
>>> Am I right?!
>>>
>>> In fact, apparently, Security Groups is also working! I can ssh into
>>> "trusty-1" through IPv6 right now, but can't access port 80 of it (it is
>>> closed buy 22 is open to the world)...
>>>
>>> Maybe it will also work with VLANs...
>>>
>>> BTW, I just realized that both the physical servers, controllers,
>>> networks and compute nodes and etc, can be installed under a single IPv6
>>> /64 subnet! Since the openstack will random generate the MAC address (plus
>>> SLAAC), IPv6s will never conflict.
>>>
>>> Best!
>>> Thiago
>>>
>>>
>>> On 12 April 2014 00:09, Thomas Goirand <zigo at debian.org> wrote:
>>>
>>>> On 04/11/2014 10:52 PM, Collins, Sean wrote:
>>>> > Many of those patches are stale - please join us in the subteam IRC
>>>> > meeting if you wish to coordinate development of IPv6 features, so
>>>> that
>>>> > we can focus on updating them and getting them merged. At this point
>>>> > simply applying them to the Icehouse tree is not enough.
>>>>
>>>> When and where is the next meeting?
>>>>
>>>> Thomas
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140412/7ceb92fd/attachment.html>
More information about the OpenStack-dev
mailing list