[neutron] DevStack with IPv6

Brian Haley haleyb.dev at gmail.com
Fri Sep 13 14:10:23 UTC 2019


On 9/12/19 5:49 PM, Lucio Seki wrote:
> Hi folks, I'm having troubles to ping6 a VM running over DevStack from 
> its hypervisor.
> Could you please help me troubleshooting it?
> 
> I deployed DevStack with NEUTRON_CREATE_INITIAL_NETWORKS=False,

I think this is your problem.  When this is set to True, 
create_neutron_initial_network() is called, which does a little 
"hacking" by bringing interfaces up, moving addresses and adding routes 
so that you can communicate with floating IP and IPv6 addresses.  You 
would have to look at that code and do similar things manually.

-Brian


> and manually created the networks, subnets and router. Following is my 
> router:
> 
> $ openstack router show router1 -c external_gateway_info -c interfaces_info
> +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> | Field                 | Value                                         
>                                                                          
>                                                                          
>                                                                          
>         |
> +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> | external_gateway_info | {"network_id": 
> "b87048ed-1be9-4f31-8d7e-fe74921aeec4", "enable_snat": true, 
> "external_fixed_ips": [{"subnet_id": 
> "28a00bc3-b30b-456f-b26a-44b50d37183f", "ip_address": "10.2.0.199"}, 
> {"subnet_id": "a9729beb-b297-4fec-8ec3-7703f7f6f4bc", "ip_address": 
> "fd12:67:1::3c"}]} |
> | interfaces_info       | [{"subnet_id": 
> "081e8508-4ceb-4aaf-bf91-36a1e22a768c", "ip_address": "fd12:67:1:1::1", 
> "port_id": "75391abd-8ac8-41f8-acf8-3dfaf2a6b08f"}]                     
>                                                                          
>                                        |
> +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
> 
> I'm trying to ping6 the following VM:
> 
> $ openstack server list
> +--------------------------------------+---------+--------+------------------------------------------+--------+--------+
> | ID                                   | Name    | Status | Networks     
>                              | Image  | Flavor |
> +--------------------------------------+---------+--------+------------------------------------------+--------+--------+
> | 938854d0-80e9-45b2-bc29-8fe7651ffa93 | manila1 | ACTIVE | 
> private1=fd12:67:1:1:f816:3eff:fe0e:17c3 | manila | manila |
> +--------------------------------------+---------+--------+------------------------------------------+--------+--------+
> 
> I intend to reach it via br-ex interface of the hypervisor:
> 
> $ ip a show dev br-ex
> 9: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state 
> UNKNOWN group default qlen 1000
>      link/ether 0e:82:a1:ba:77:4c brd ff:ff:ff:ff:ff:ff
>      inet6 fd12:67:1::1/64 scope global
>         valid_lft forever preferred_lft forever
>      inet6 fe80::c82:a1ff:feba:774c/64 scope link
>         valid_lft forever preferred_lft forever
> 
> The hypervisor has the following routes:
> 
> $ ip -6 route
> fd12:67:1:1::/64 via fd12:67:1::3c dev br-ex metric 1024 pref medium
> fe80::/64 dev ens3 proto kernel metric 256 pref medium
> fe80::/64 dev br-ex proto kernel metric 256 pref medium
> fe80::/64 dev br-int proto kernel metric 256 pref medium
> fe80::/64 dev tapa5cf4799-9f proto kernel metric 256 pref medium
> 
> And within the VM has the following routes:
> 
> root at ubuntu:~# ip -6 route
> root at ubuntu:~# ip -6 route
> fd12:67:1::/64 via fd12:67:1:1::1 dev ens3 metric 1024 pref medium
> fd12:67:1:1::/64 dev ens3 proto kernel metric 256 expires 86360sec pref 
> medium
> fe80::/64 dev ens3 proto kernel metric 256 pref medium
> default via fe80::f816:3eff:feb3:bd56 dev ens3 proto ra metric 1024 
> expires 260sec hoplimit 64 pref medium
> 
> Though the ping6 from VM to hypervisor doesn't work:
> root at ubuntu:~# ping6 fd12:67:1::1 -c4
> PING fd12:67:1::1 (fd12:67:1::1): 56 data bytes
> --- fd12:67:1::1 ping statistics ---
> 4 packets transmitted, 0 packets received, 100% packet loss
> 
> I'm able to tcpdump inside the router1 netns and see that request packet 
> is passing there, but can't see any reply packets:
> 
> $ sudo ip netns exec qrouter-5172472c-bbe7-4907-832a-e2239c8badb4 
> tcpdump -l -i any icmp6
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on any, link-type LINUX_SLL (Linux cooked), capture size 
> 262144 bytes
> 21:29:29.351358 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: 
> ICMP6, echo request, seq 0, length 64
> 21:29:30.033316 IP6 fe80::f816:3eff:feb3:bd56 > 
> fe80::f816:3eff:fe0e:17c3: ICMP6, neighbor solicitation, who has 
> fe80::f816:3eff:fe0e:17c3, length 32
> 21:29:30.035807 IP6 fe80::f816:3eff:fe0e:17c3 > 
> fe80::f816:3eff:feb3:bd56: ICMP6, neighbor advertisement, tgt is 
> fe80::f816:3eff:fe0e:17c3, length 24
> 21:29:30.353646 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: 
> ICMP6, echo request, seq 1, length 64
> 21:29:31.355410 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: 
> ICMP6, echo request, seq 2, length 64
> 21:29:32.357239 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: 
> ICMP6, echo request, seq 3, length 64
> 
> The same happens from hypervisor to VM. I only acan see the request 
> packets, but no reply packets.
> 
> Thanks in advance,
> Lucio Seki



More information about the openstack-discuss mailing list