[openstack-dev] [Neutron] [IPv6] Ubuntu PPA with IPv6 enabled, need help to achieve it
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Tue Apr 15 22:57:17 UTC 2014
Hello Stackers!
I just finished the OpenStack IPv6 Quick Guide, it is hosted here:
Ultimate OpenStack IceHouse Guide - ML2 Flat Network - IPv6-Friendly:
https://gist.github.com/tmartinx/9177697
Almost everything is working with IPv6, including OpenStack Management
(APIs / Endpoints) and, of course, the Instances. Only NoVNC (TCP port
6080) and Metadata isn't working with IPv6 (yet).
Also, the IPv6 configuration is static, no auto-configuration right now.
My idea is to enable SLAAC on this environment, so, there will be no need
for static IPs and manual intervention. I think we're almost there! What do
you guys think?
BTW, sorry about tons of e-mails I sent before, I'll not do that again.
Cheers!
Thiago
On 12 April 2014 04:09, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
> BTW, I think that the following patches are also important / relevant to
> begin with:
>
> ---
> 4. Two Attributes Proposal to Control IPv6 RA Announcement and Address
> Assignment
> https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes
> Patchset: Create new IPv6 attributes for Subnets.
> https://review.openstack.org/#/c/52983/
> Patchset: Add support to DHCP agent for BP ipv6-two-attributes.
> https://review.openstack.org/70649
> Patchset: Calculate stateless IPv6 address.
> https://review.openstack.org/56184
> Patchset: Permit ICMPv6 RAs only from known routers.
> https://review.openstack.org/#/c/72252/
> ...
> 8. Provider Networking - upstream SLAAC support
> https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac
> Patchset: Ensure that that all fixed ips for a port belong to a
> subnet using DHCP. https://review.openstack.org/#/c/64578/
> ---
>
> But I'm not sure about the easiest path we can follow... From what I'm
> seeing, Neutron just needs to calculate Instance's IPv6 address based on
> SLAAC, then Instance's IPv6 address will match (Neutron <-> upstream
> SLAAC), in the end of the day.
>
> Also, review 72252 is very important!
>
> Regards,
> Thiago
>
>
> On 12 April 2014 01:34, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:
>
>> Cool! Instance shows an IPv6 address and it clearly isn't generated by
>> EUI-64 (SLAAC) but, at least, I can use static IPv6! YAY!
>>
>> ---
>> root at controller:~# nova list
>>
>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>> | ID | Name | Status | Task State |
>> Power State | Networks |
>>
>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>> | 1654644d-6d52-4760-b147-4b88769a6fc2 | trusty-2 | ACTIVE | - |
>> Running | sharednet1=10.33.14.23, 2001:1291:2bf:fffb::3 |
>>
>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+
>>
>> root at controller:~# ssh -i ~/xxx.pem ubuntu at 10.33.14.23
>>
>> ubuntu at trusty-2:~$ sudo ip -6 a a 2001:1291:2bf:fffb::3/64 dev eth0
>>
>> ubuntu at trusty-2:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1
>>
>> ubuntu at trusty-2:~$ ping6 -c 1 google.com
>> PING google.com(2800:3f0:4004:801::100e) 56 data bytes
>> 64 bytes from 2800:3f0:4004:801::100e: icmp_seq=1 ttl=54 time=49.6 ms
>>
>> --- google.com ping statistics ---
>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>> rtt min/avg/max/mdev = 49.646/49.646/49.646/0.000 ms
>> ---
>>
>> IPv6 up and running and OpenStack is aware of both IPv4 and IPv6
>> instance's addresses! Security Group is also taking care of ip6tables.
>>
>> I'm pretty sure that if I start radvd on upstream router right now, all
>> instances will generate its own IPv6 based on their respective MAC address.
>> But then, the IPv6 will differ from what OpenStack "thinks" that each
>> instance have.
>>
>> So many e-mails, sorry BTW! :-P
>>
>> Best,
>> Thiago
>>
>> On 12 April 2014 01:11, Martinx - ジェームズ <thiagocmartinsc at gmail.com>wrote:
>>
>>> In fact, neutron accepted the following command:
>>>
>>> ---
>>> root at controller:~# neutron subnet-create --ip-version 6 --disable-dhcp
>>> --tenant-id 5e0106fa81104c5cbe21e1ccc9eb1a36 sharednet1
>>> 2001:1291:2bf:fffb::/64
>>> Created a new subnet:
>>>
>>> +------------------+-------------------------------------------------------------------------------------+
>>> | Field | Value
>>> |
>>>
>>> +------------------+-------------------------------------------------------------------------------------+
>>> | allocation_pools | {"start": "2001:1291:2bf:fffb::2", "end":
>>> "2001:1291:2bf:fffb:ffff:ffff:ffff:fffe"} |
>>> | cidr | 2001:1291:2bf:fffb::/64
>>> |
>>> | dns_nameservers |
>>> |
>>> | enable_dhcp | False
>>> |
>>> | gateway_ip | 2001:1291:2bf:fffb::1
>>> |
>>> | host_routes |
>>> |
>>> | id | 8685c917-e8df-4741-987c-6a531dca9fcd
>>> |
>>> | ip_version | 6
>>> |
>>> | name |
>>> |
>>> | network_id | 17cda0fb-a59b-4a7e-9d96-76d0670bc95c
>>> |
>>> | tenant_id | 5e0106fa81104c5cbe21e1ccc9eb1a36
>>> |
>>>
>>> +------------------+-------------------------------------------------------------------------------------+
>>> ---
>>>
>>> Where "gateway_ip 2001:1291:2bf:fffb::1" is my "upstream SLAAC" router
>>> (radvd stopped for now).
>>>
>>> Diving: I think I'll put my OVS bridge "br-eth0" (bridge_mappings =
>>> physnet1:br-eth0) on top of a VLAN but, I'll not tell OpenStack to use
>>> "vlan", I'll keep using "flat" but, on top of a "hidden" vlan... eheh :-P
>>>
>>> I'll keep testing to see how far I can go... :-)
>>>
>>> Cheers!
>>>
>>>
>>> On 12 April 2014 00:42, Martinx - ジェームズ <thiagocmartinsc at gmail.com>wrote:
>>>
>>>> Hey guys!
>>>>
>>>> My OpenStack Instance have IPv6 connectivity! Using ML2 / Simple Flat
>>>> Network... For the first time ever! Look:
>>>>
>>>> ---
>>>> administrative at controller:~$ nova boot --image
>>>> 70f335e3-798b-4031-9773-a640970a8bdf --key-name Key trusty-1
>>>>
>>>> administrative at controller:~$ ssh -i ~/test.pem ubuntu at 10.33.14.21
>>>>
>>>> ubuntu at trusty-1:~$ sudo ip -6 a a 2001:1291:2bf:fffb::300/64 dev eth0
>>>>
>>>> ubuntu at trusty-1:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1
>>>>
>>>> ubuntu at trusty-1:~$ ping6 -c 1 google.com
>>>>
>>>> PING google.com(2800:3f0:4004:801::1000) 56 data bytes
>>>> 64 bytes from 2800:3f0:4004:801::1000: icmp_seq=1 ttl=54 time=55.1 ms
>>>>
>>>> --- google.com ping statistics ---
>>>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms
>>>> rtt min/avg/max/mdev = 55.121/55.121/55.121/0.000 ms
>>>>
>>>> -
>>>> # From my Laptop (and from another IPv6 block):
>>>> testuser at macbuntu:~$ telnet 2001:1291:2bf:fffb::300 22
>>>> Trying 2001:1291:2bf:fffb::300...
>>>> Connected to 2001:1291:2bf:fffb::300.
>>>> Escape character is '^]'.
>>>> SSH-2.0-OpenSSH_6.6p1 Ubuntu-2
>>>> ---
>>>>
>>>> But, OpenStack / Neutron isn't aware of that fixed IPv6 (
>>>> 2001:1291:2bf:fffb::300) I just configured within the trusty-1
>>>> Instance, so, I think we just need:
>>>>
>>>> - Blueprint ipv6-provider-nets-slaac ready;
>>>> - Start radvd on upstream router (2001:1291:2bf:fffb::1).
>>>>
>>>> Am I right?!
>>>>
>>>> In fact, apparently, Security Groups is also working! I can ssh into
>>>> "trusty-1" through IPv6 right now, but can't access port 80 of it (it is
>>>> closed buy 22 is open to the world)...
>>>>
>>>> Maybe it will also work with VLANs...
>>>>
>>>> BTW, I just realized that both the physical servers, controllers,
>>>> networks and compute nodes and etc, can be installed under a single IPv6
>>>> /64 subnet! Since the openstack will random generate the MAC address (plus
>>>> SLAAC), IPv6s will never conflict.
>>>>
>>>> Best!
>>>> Thiago
>>>>
>>>>
>>>> On 12 April 2014 00:09, Thomas Goirand <zigo at debian.org> wrote:
>>>>
>>>>> On 04/11/2014 10:52 PM, Collins, Sean wrote:
>>>>> > Many of those patches are stale - please join us in the subteam IRC
>>>>> > meeting if you wish to coordinate development of IPv6 features, so
>>>>> that
>>>>> > we can focus on updating them and getting them merged. At this point
>>>>> > simply applying them to the Icehouse tree is not enough.
>>>>>
>>>>> When and where is the next meeting?
>>>>>
>>>>> Thomas
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140415/42bebf72/attachment.html>
More information about the OpenStack-dev
mailing list