[openstack-dev] [Neutron][IPv6] Small feedback about Management Network & API Endpoints

Martinx - ジェームズ thiagocmartinsc at gmail.com
Tue May 13 06:17:08 UTC 2014


Guys,

I'm running OpenStack IceHouse configured with IPv6 in almost every part of
it, I can say that both `Management Network` and `API Endpoints` works with
IPv6, but, there are still only three places that I am unable to use it
with IPv6, which is:


1- Metadata (no IPv6 here, the equivalent of 169.254.0.0/16 for IPv6 is the
subnet fe80::/64, am I right?);

2- VXLAN / GRE tunnels, precisely at `local_ip` in ml2_conf.ini (it doesn't
work when with IPv6);

3- Tenant subnet (IPv6 works with Flat Networks and statically/manually
configured, no SLAAC and no Neutron L3 with IPv6 yet).


NOTE: I still did not tested Heat, Cinder or Swift.


Everything else is working with IPv6!

Here is a few more details about my environment:

Controller's /etc/network/interface file:

---
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#
# OpenStack API Endpoints
auto eth0
iface eth0 inet6 static
        address 2804:29X:Y:dead::10
        netmask 64
        gateway 2804:29X:Y:dead::1
        dns-domain tcmc.com.br
        dns-search tcmc.com.br
        dns-nameservers 2804:29X:4::1 2001:129X:2bX::1

# OpenStack - Management
auto eth1
iface eth1 inet6 static
        address fddc:3c8c:6e8c:b129::10
        netmask 64

# Legacy - Only required because of Metadata, it doesn't have an IPv6
# equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64)
iface eth1 inet static
        address 192.168.5.10
        netmask 24
---

Network Node /etc/network/interfaces file:

---
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface.
auto lo
iface lo inet loopback

#
# Reachable from the Internet.
#

# The primary network interface. Node Internet access.
auto eth0
iface eth0 inet6 static
address 2804:29X:Y:dead::20
netmask 64
 gateway 2804:29X:Y:dead::1
        dns-domain tcmc.com.br
        dns-search tcmc.com.br
dns-nameservers 2804:290:4::1 2001:1291:2bf::1

#
# Unreachable from the Internet.
#

# OpenStack - Management
auto eth1
iface eth1 inet6 static
        address fddc:3c8c:6e8c:b129::20
        netmask 64

# Legacy - Only required because of Metadata, it doesn't have an IPv6
# equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64).
iface eth1 inet static
        address 192.168.5.20
        netmask 24

# VXLAN Traffic - Not working right now with IPv6.
auto eth2
iface eth2 inet6 static
address fda2:c917:cd2e:0552::20
netmask 64

# Legacy - Only required because Neutron doesn't support VXLAN tunnels on
top
# of a IPv6 network.
iface eth2 inet static
address 192.168.6.20
netmask 24

#
# Reachable from the Internet only from within each Namespace router.
#

# Bridge br-ex attached here, this is the "WAN Port" of tenant's routers.
auto eth3
iface eth3 inet manual
up ip addr add 0/0 dev eth3
 up ip link set dev $IFACE up
up ip link set $IFACE promisc on
 up ethtool --offload $IFACE gro off
down ip link set $IFACE promisc off
 down ip link set $IFACE down
---


Common /etc/hosts file across the Cloud:

---
127.0.0.1       localhost.localdomain   localhost

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

# OpenStack APIs Endpoints
2804:29X:Y:dead::10             psuaa-1.tcmc.com.br     psuaa-1
2804:29X:Y:dead::20             psuab-1.tcmc.com.br     psuab-1
2804:29X:Y:dead::30             psuac-1.tcmc.com.br     psuac-1
2804:29X:Y:dead::1000           psuah-1.tcmc.com.br     psuah-1

# OpenStack Management - MySQL, RabbitMQ, SPICE, Glance...
fddc:3c8c:6e8c:b129::10         psuaa-1.mng.tcmc.com.br         psuaa-1.mng
fddc:3c8c:6e8c:b129::20         psuab-1.mng.tcmc.com.br         psuab-1.mng
fddc:3c8c:6e8c:b129::1000       psuah-1.mng.tcmc.com.br         psuah-1.mng

# VXLAN Network - Project's subnet - DOESN'T WORK WITH IPv6
fda2:c917:cd2e:0552::20         psuab-1.vxlan.tcmc.com.br
psuab-1.vxlan
fda2:c917:cd2e:0552::1000       psuah-1.vxlan.tcmc.com.br
psuah-1.vxlan

# Cinder Network - iSCSI Traffic
fd72:3148:4c74:2f60::30         psuac-1.blk.tcmc.com.br         psuac-1.blk
fd72:3148:4c74:2f60::1000       psuah-1.blk.tcmc.com.br         psuah-1.blk
---

NOTE: Those private IPv6 subnets was generated here:
http://www.simpledns.com/private-ipv6.aspx

Then, for example, I configured `auth_host` under `[keystone_authtoken]`
poiting to `psuaa-1.mng.tcmc.com.br` and `auth_uri` poiting to
`http://psuaa-1.tcmc.com.br:5000`.

But, as I figured out, Metadata doesn't work with IPv6, which means that
`metadata_host / metadata_listen` is configured to `192.168.5.10` at
Controller's nova.conf (it doesn't work when I tried it with `
fddc:3c8c:6e8c:b129::10`) and, at my Network Node, the `local_ip` at
`ml2_conf.ini` points to `192.168.6.20` (I would like to use at local_ip,
the address `fda2:c917:cd2e:0552::20`).

Plus, here is my IPv6 API Endpoints (resolved via /etc/hosts or AAAA DNS
Records):

---
root at controller-1:~# keystone endpoint-list
WARNING: Bypassing authentication using a token & endpoint (authentication
credentials are being ignored).
+----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+
|                id                |   region  |
publicurl                       |                        internalurl
                 |                       adminurl                       |
         service_id            |
+----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+
| 0a7314067f144f94ad907e4023add10a | sp-east-1 |
http://psuaa-1.tcmc.com.br:8777            |
http://psuaa-1.mng.tcmc.com.br:8777            |
http://psuaa-1.mng.tcmc.com.br:8777          |
ef3f7861e7534049a171547bac6189d8 |
| 10ed8edcbecd4feebfccfaae8b9d6ba6 | sp-east-1 |
http://psuaa-1.tcmc.com.br:5000/v2.0         |
http://psuaa-1.mng.tcmc.com.br:5000/v2.0         |
http://psuaa-1.mng.tcmc.com.br:35357/v2.0       |
fe7c9413a430421d9b4c2d3760d468fc |
| 18fb5ccf76c2426ca88ec130461e4f26 | sp-east-1 |
http://psuaa-1.tcmc.com.br:8004/v1/$(tenant_id)s   |
http://psuaa-1.mng.tcmc.com.br:8004/v1/$(tenant_id)s   |
http://psuaa-1.mng.tcmc.com.br:8004/v1/$(tenant_id)s |
1e101eaa6eb64b6ea046e1ac345e83dc |
| 29a2b2e132cc46648ba82b6cafdfeb8d | sp-east-1 |
http://psuaa-1.tcmc.com.br:8776/v1/$(tenant_id)s   |
http://psuaa-1.mng.tcmc.com.br:8776/v1/$(tenant_id)s   |
http://psuaa-1.mng.tcmc.com.br:8776/v1/$(tenant_id)s |
6aa0854705c1468584b118a8d102cd80 |
| 2f6e5497cafc478cbe3e54d077a05c15 | sp-east-1 |
http://psuaa-1.tcmc.com.br:9696            |
http://psuaa-1.mng.tcmc.com.br:9696            |
http://psuaa-1.mng.tcmc.com.br:9696          |
4da8894722404eac8cae5c74a9667eeb |
| 41740afdb160499b9d24231bd4aec736 | sp-east-1 |
http://psuaa-1.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1        |
2d91b7a432f146b0a20636ab036d4e72 |
| 75e6fec21dc04277a2950f3fb82cd649 | sp-east-1 |
http://psuaa-1.tcmc.com.br:9292            |
http://psuaa-1.mng.tcmc.com.br:9292            |
http://psuaa-1.mng.tcmc.com.br:9292          |
347a19c4a5fd45809350f298bd3bca6d |
| a35bbcf38abe4d598913800a4dfd2437 | sp-east-1 |
http://psuaa-1.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1/AUTH_$(tenant_id)s |
http://psuaa-1.mng.tcmc.com.br:8080/v1        |
2d91b7a432f146b0a20636ab036d4e72 |
| f311681da2d14c41acc086cd3d47b93f | sp-east-1 |
http://psuaa-1.tcmc.com.br:8774/v2/$(tenant_id)s   |
http://psuaa-1.mng.tcmc.com.br:8774/v2/$(tenant_id)s   |
http://psuaa-1.mng.tcmc.com.br:8774/v2/$(tenant_id)s |
cdd4cb09d53a44f78e2d33042dbfbf79 |
| fab3ab9df735451bac4932a4797e4f1e | sp-east-1 |
http://psuaa-1.tcmc.com.br:8000/v1          |
http://psuaa-1.mng.tcmc.com.br:8000/v1          |
http://psuaa-1.mng.tcmc.com.br:8000/v1        |
edee5082a58e435ba5d05b3d4c6ea9f4 |
| fe19983cbc034bdaa1e7b6909e3e6c5e | sp-east-1 |
http://psuaa-1.tcmc.com.br:8773/services/Cloud    |
http://psuaa-1.mng.tcmc.com.br:8773/services/Cloud    |
http://psuaa-1.mng.tcmc.com.br:8773/services/Admin  |
9f9b7f9a466d443893457b582435c786 |
+----------------------------------+-----------+-------------------------------------------------------+-----------------------------------------------------------+------------------------------------------------------+----------------------------------+
---

BTW, rabbitmq-server fails to install/start on a IPv6-Only environment,
vide BUG:
https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1312507

Just for the record, I'm documenting the procedure to guide me, on this
gist: https://gist.github.com/tmartinx/9177697

I wish the best for you guys at next OpenStack summit! I would love to join
it but, unfortunately, I can't...

Sorry about the huge e-mail... I did it this way, instead of using pastebin
services, mostly to let it here for posterity in one place...   :-P

Best Regards!
Thiago Martins
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140513/fa0b36bc/attachment.html>


More information about the OpenStack-dev mailing list