[openstack-dev] [Neutron] [IPv6] [radvd] Advertise tenant prefixes from router to outside

Carl Baldwin carl at ecbaldwin.net
Thu Dec 17 21:13:15 UTC 2015


On Thu, Dec 17, 2015 at 1:30 PM, Vladimir Eremin <veremin at mirantis.com> wrote:
> Hi
>
> For now, when end user is creating IPv6-enabled tenant network and attaching it to the virtual router, there is only way to set up external infrastructure to put traffic back to the router is using DHCPv6 PD[1], unfortunately, it’s not working at all[2]. Other methods like implementing BGP is still in development.
>
> BTW, in IPv6 Router Advertisements we have an option called Route Information Option, RA-RIO[3] to advertise more specific routes from gateway. We could easily append a section like next one to advertise tenant prefix 2001:db8:1::/64 to public network. And if provider network router outside OpenStack will be configured to accept these.
>
> interface qg- {
>         AdvDefaultLifetime 0;
>         route 2001:db8:1::/64 {
>         };
> };
>
> Cisco accepts it by default AFAIK, linux needs a sysctl net.ipv6.conf.*.accept_ra_rt_info_max_plen set to 64.
>
> Moreover, enabling receiving RA-RIO prefixes in router namespaces allows routers communicate by themselves.
>
> I’ve done PoC patch for it https://gist.github.com/yottatsa/8282e670da16934960b3

This is an interesting idea.  I've wondered if we could do something
like this before but I didn't know all the details around RA-RIO.  The
problem is that, in general, we have no idea if the subnets behind the
routers are viable in the external network context.  So, we can't just
blindly have routers advertising whatever.

In Mitaka, we're merging a new feature called "address scopes".  We
could limit advertising to only subnets that come from the address
scope matching that of the external network.  If we do this then we'll
know that the subnet came from a pool of addresses that are valid in
the external network context and that the addresses are unique.

This could be relatively easy to implement on top of the current
address scopes work.  I think this is worth exploring with an RFE.
Would you mind filing an RFE according to the Neutron process [1]?

Carl

[1] http://docs.openstack.org/developer/neutron/policies/blueprints.html#neutron-request-for-feature-enhancements



More information about the OpenStack-dev mailing list