[openstack-dev] [Neutron][IPv6] Small feedback about Management Network & API Endpoints
Martinx - ジェームズ
thiagocmartinsc at gmail.com
Tue May 13 06:17:08 UTC 2014
Guys,
I'm running OpenStack IceHouse configured with IPv6 in almost every part of
it, I can say that both `Management Network` and `API Endpoints` works with
IPv6, but, there are still only three places that I am unable to use it
with IPv6, which is:
1- Metadata (no IPv6 here, the equivalent of 169.254.0.0/16 for IPv6 is the
subnet fe80::/64, am I right?);
2- VXLAN / GRE tunnels, precisely at `local_ip` in ml2_conf.ini (it doesn't
work when with IPv6);
3- Tenant subnet (IPv6 works with Flat Networks and statically/manually
configured, no SLAAC and no Neutron L3 with IPv6 yet).
NOTE: I still did not tested Heat, Cinder or Swift.
Everything else is working with IPv6!
Here is a few more details about my environment:
Controller's /etc/network/interface file:
---
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
#
# OpenStack API Endpoints
auto eth0
iface eth0 inet6 static
address 2804:29X:Y:dead::10
netmask 64
gateway 2804:29X:Y:dead::1
dns-domain tcmc.com.br
dns-search tcmc.com.br
dns-nameservers 2804:29X:4::1 2001:129X:2bX::1
# OpenStack - Management
auto eth1
iface eth1 inet6 static
address fddc:3c8c:6e8c:b129::10
netmask 64
# Legacy - Only required because of Metadata, it doesn't have an IPv6
# equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64)
iface eth1 inet static
address 192.168.5.10
netmask 24
---
Network Node /etc/network/interfaces file:
---
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface.
auto lo
iface lo inet loopback
#
# Reachable from the Internet.
#
# The primary network interface. Node Internet access.
auto eth0
iface eth0 inet6 static
address 2804:29X:Y:dead::20
netmask 64
gateway 2804:29X:Y:dead::1
dns-domain tcmc.com.br
dns-search tcmc.com.br
dns-nameservers 2804:290:4::1 2001:1291:2bf::1
#
# Unreachable from the Internet.
#
# OpenStack - Management
auto eth1
iface eth1 inet6 static
address fddc:3c8c:6e8c:b129::20
netmask 64
# Legacy - Only required because of Metadata, it doesn't have an IPv6
# equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64).
iface eth1 inet static
address 192.168.5.20
netmask 24
# VXLAN Traffic - Not working right now with IPv6.
auto eth2
iface eth2 inet6 static
address fda2:c917:cd2e:0552::20
netmask 64
# Legacy - Only required because Neutron doesn't support VXLAN tunnels on
top
# of a IPv6 network.
iface eth2 inet static
address 192.168.6.20
netmask 24
#
# Reachable from the Internet only from within each Namespace router.
#
# Bridge br-ex attached here, this is the "WAN Port" of tenant's routers.
auto eth3
iface eth3 inet manual
up ip addr add 0/0 dev eth3
up ip link set dev $IFACE up
up ip link set $IFACE promisc on
up ethtool --offload $IFACE gro off
down ip link set $IFACE promisc off
down ip link set $IFACE down
---
Common /etc/hosts file across the Cloud:
---
127.0.0.1 localhost.localdomain localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# OpenStack APIs Endpoints
2804:29X:Y:dead::10 psuaa-1.tcmc.com.br psuaa-1
2804:29X:Y:dead::20 psuab-1.tcmc.com.br psuab-1
2804:29X:Y:dead::30 psuac-1.tcmc.com.br psuac-1
2804:29X:Y:dead::1000 psuah-1.tcmc.com.br psuah-1
# OpenStack Management - MySQL, RabbitMQ, SPICE, Glance...
fddc:3c8c:6e8c:b129::10 psuaa-1.mng.tcmc.com.br psuaa-1.mng
fddc:3c8c:6e8c:b129::20 psuab-1.mng.tcmc.com.br psuab-1.mng
fddc:3c8c:6e8c:b129::1000 psuah-1.mng.tcmc.com.br psuah-1.mng
# VXLAN Network - Project's subnet - DOESN'T WORK WITH IPv6
fda2:c917:cd2e:0552::20 psuab-1.vxlan.tcmc.com.br
psuab-1.vxlan
fda2:c917:cd2e:0552::1000 psuah-1.vxlan.tcmc.com.br
psuah-1.vxlan
# Cinder Network - iSCSI Traffic
fd72:3148:4c74:2f60::30 psuac-1.blk.tcmc.com.br psuac-1.blk
fd72:3148:4c74:2f60::1000 psuah-1.blk.tcmc.com.br psuah-1.blk
---
NOTE: Those private IPv6 subnets was generated here:
http://www.simpledns.com/private-ipv6.aspx
Then, for example, I configured `auth_host` under `[keystone_authtoken]`
poiting to `psuaa-1.mng.tcmc.com.br` and `auth_uri` poiting to
`http://psuaa-1.tcmc.com.br:5000`.
But, as I figured out, Metadata doesn't work with IPv6, which means that
`metadata_host / metadata_listen` is configured to `192.168.5.10` at
Controller's nova.conf (it doesn't work when I tried it with `
fddc:3c8c:6e8c:b129::10`) and, at my Network Node, the `local_ip` at
`ml2_conf.ini` points to `192.168.6.20` (I would like to use at local_ip,
the address `fda2:c917:cd2e:0552::20`).
Plus, here is my IPv6 API Endpoints (resolved via /etc/hosts or AAAA DNS
Records):
---
root at controller-1:~# keystone endpoint-list
WARNING: Bypassing authentication using a token & endpoint (authentication
credentials are being ignored).
+----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+
| id | region |
publicurl | internalurl
| adminurl |
service_id |
+----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+
| 0a7314067f144f94ad907e4023add10a | sp-east-1 |
http://psuaa-1.tcmc.com.br:8777 |
http://psuaa-1.mng.tcmc.com.br:8777 |
http://psuaa-1.mng.tcmc.com.br:8777 |
ef3f7861e7534049a171547bac6189d8 |
| 10ed8edcbecd4feebfccfaae8b9d6ba6 | sp-east-1 |
http://psuaa-1.tcmc.com.br:5000/v2.0 |
http://psuaa-1.mng.tcmc.com.br:5000/v2.0 |
http://psuaa-1.mng.tcmc.com.br:35357/v2.0 |
fe7c9413a430421d9b4c2d3760d468fc |
| 18fb5ccf76c2426ca88ec130461e4f26 | sp-east-1 |
http://psuaa-1.tcmc.com.br:8004/v1/$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8004/v1/$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8004/v1/$(tenant_id)s |
1e101eaa6eb64b6ea046e1ac345e83dc |
| 29a2b2e132cc46648ba82b6cafdfeb8d | sp-east-1 |
http://psuaa-1.tcmc.com.br:8776/v1/$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8776/v1/$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8776/v1/$(tenant_id)s |
6aa0854705c1468584b118a8d102cd80 |
| 2f6e5497cafc478cbe3e54d077a05c15 | sp-east-1 |
http://psuaa-1.tcmc.com.br:9696 |
http://psuaa-1.mng.tcmc.com.br:9696 |
http://psuaa-1.mng.tcmc.com.br:9696 |
4da8894722404eac8cae5c74a9667eeb |
| 41740afdb160499b9d24231bd4aec736 | sp-east-1 |
http://psuaa-1.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1 |
2d91b7a432f146b0a20636ab036d4e72 |
| 75e6fec21dc04277a2950f3fb82cd649 | sp-east-1 |
http://psuaa-1.tcmc.com.br:9292 |
http://psuaa-1.mng.tcmc.com.br:9292 |
http://psuaa-1.mng.tcmc.com.br:9292 |
347a19c4a5fd45809350f298bd3bca6d |
| a35bbcf38abe4d598913800a4dfd2437 | sp-east-1 |
http://psuaa-1.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1 |
2d91b7a432f146b0a20636ab036d4e72 |
| f311681da2d14c41acc086cd3d47b93f | sp-east-1 |
http://psuaa-1.tcmc.com.br:8774/v2/$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8774/v2/$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8774/v2/$(tenant_id)s |
cdd4cb09d53a44f78e2d33042dbfbf79 |
| fab3ab9df735451bac4932a4797e4f1e | sp-east-1 |
http://psuaa-1.tcmc.com.br:8000/v1 |
http://psuaa-1.mng.tcmc.com.br:8000/v1 |
http://psuaa-1.mng.tcmc.com.br:8000/v1 |
edee5082a58e435ba5d05b3d4c6ea9f4 |
| fe19983cbc034bdaa1e7b6909e3e6c5e | sp-east-1 |
http://psuaa-1.tcmc.com.br:8773/services/Cloud |
http://psuaa-1.mng.tcmc.com.br:8773/services/Cloud |
http://psuaa-1.mng.tcmc.com.br:8773/services/Admin |
9f9b7f9a466d443893457b582435c786 |
+----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+
---
BTW, rabbitmq-server fails to install/start on a IPv6-Only environment,
vide BUG:
https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1312507
Just for the record, I'm documenting the procedure to guide me, on this
gist: https://gist.github.com/tmartinx/9177697
I wish the best for you guys at next OpenStack summit! I would love to join
it but, unfortunately, I can't...
Sorry about the huge e-mail... I did it this way, instead of using pastebin
services, mostly to let it here for posterity in one place... :-P
Best Regards!
Thiago Martins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140513/fa0b36bc/attachment.html>
More information about the OpenStack-dev
mailing list