[openstack-dev] [Neutron] [IPv6] [radvd] Advertise tenant prefixes from router to outside
Vladimir Eremin
veremin at mirantis.com
Thu Dec 17 23:09:08 UTC 2015
Hi Carl,
I’ll fil RFE for sure, thank you for the link to the process )
So actually, we should announce all SUBNETS we’ve attached to router. Otherwise is will not work, because external network router will have no idea, where the traffic should be routed back. It is an actual viability discriminator: subnets, that doesn’t attached are counting as unviable to the external network context.
BTW, could you please point me to the spec for address scopes.
--
With best regards,
Vladimir Eremin,
Fuel Deployment Engineer,
Mirantis, Inc.
> On Dec 17, 2015, at 1:13 PM, Carl Baldwin <carl at ecbaldwin.net> wrote:
>
> On Thu, Dec 17, 2015 at 1:30 PM, Vladimir Eremin <veremin at mirantis.com> wrote:
>> Hi
>>
>> For now, when end user is creating IPv6-enabled tenant network and attaching it to the virtual router, there is only way to set up external infrastructure to put traffic back to the router is using DHCPv6 PD[1], unfortunately, it’s not working at all[2]. Other methods like implementing BGP is still in development.
>>
>> BTW, in IPv6 Router Advertisements we have an option called Route Information Option, RA-RIO[3] to advertise more specific routes from gateway. We could easily append a section like next one to advertise tenant prefix 2001:db8:1::/64 to public network. And if provider network router outside OpenStack will be configured to accept these.
>>
>> interface qg- {
>> AdvDefaultLifetime 0;
>> route 2001:db8:1::/64 {
>> };
>> };
>>
>> Cisco accepts it by default AFAIK, linux needs a sysctl net.ipv6.conf.*.accept_ra_rt_info_max_plen set to 64.
>>
>> Moreover, enabling receiving RA-RIO prefixes in router namespaces allows routers communicate by themselves.
>>
>> I’ve done PoC patch for it https://gist.github.com/yottatsa/8282e670da16934960b3
>
> This is an interesting idea. I've wondered if we could do something
> like this before but I didn't know all the details around RA-RIO. The
> problem is that, in general, we have no idea if the subnets behind the
> routers are viable in the external network context. So, we can't just
> blindly have routers advertising whatever.
>
> In Mitaka, we're merging a new feature called "address scopes". We
> could limit advertising to only subnets that come from the address
> scope matching that of the external network. If we do this then we'll
> know that the subnet came from a pool of addresses that are valid in
> the external network context and that the addresses are unique.
>
> This could be relatively easy to implement on top of the current
> address scopes work. I think this is worth exploring with an RFE.
> Would you mind filing an RFE according to the Neutron process [1]?
>
> Carl
>
> [1] http://docs.openstack.org/developer/neutron/policies/blueprints.html#neutron-request-for-feature-enhancements
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list