[neutron] DevStack with IPv6
Slawek Kaplonski
skaplons at redhat.com
Fri Sep 13 14:45:33 UTC 2019
Hi,
> On 13 Sep 2019, at 16:10, Brian Haley <haleyb.dev at gmail.com> wrote:
>
> On 9/12/19 5:49 PM, Lucio Seki wrote:
>> Hi folks, I'm having troubles to ping6 a VM running over DevStack from its hypervisor.
>> Could you please help me troubleshooting it?
>> I deployed DevStack with NEUTRON_CREATE_INITIAL_NETWORKS=False,
>
> I think this is your problem. When this is set to True, create_neutron_initial_network() is called, which does a little "hacking" by bringing interfaces up, moving addresses and adding routes so that you can communicate with floating IP and IPv6 addresses. You would have to look at that code and do similar things manually.
I agree with Brian. Probably You need to add IP address from same subnet to br-ex interface that Your floating IPs will be reachable via br-ex. That is the way how this is done by Devstack by default IIRC.
>
> -Brian
>
>
>> and manually created the networks, subnets and router. Following is my router:
>> $ openstack router show router1 -c external_gateway_info -c interfaces_info
>> +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> | Field | Value |
>> +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> | external_gateway_info | {"network_id": "b87048ed-1be9-4f31-8d7e-fe74921aeec4", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "28a00bc3-b30b-456f-b26a-44b50d37183f", "ip_address": "10.2.0.199"}, {"subnet_id": "a9729beb-b297-4fec-8ec3-7703f7f6f4bc", "ip_address": "fd12:67:1::3c"}]} |
>> | interfaces_info | [{"subnet_id": "081e8508-4ceb-4aaf-bf91-36a1e22a768c", "ip_address": "fd12:67:1:1::1", "port_id": "75391abd-8ac8-41f8-acf8-3dfaf2a6b08f"}] |
>> +-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
>> I'm trying to ping6 the following VM:
>> $ openstack server list
>> +--------------------------------------+---------+--------+------------------------------------------+--------+--------+
>> | ID | Name | Status | Networks | Image | Flavor |
>> +--------------------------------------+---------+--------+------------------------------------------+--------+--------+
>> | 938854d0-80e9-45b2-bc29-8fe7651ffa93 | manila1 | ACTIVE | private1=fd12:67:1:1:f816:3eff:fe0e:17c3 | manila | manila |
>> +--------------------------------------+---------+--------+------------------------------------------+--------+--------+
>> I intend to reach it via br-ex interface of the hypervisor:
>> $ ip a show dev br-ex
>> 9: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
>> link/ether 0e:82:a1:ba:77:4c brd ff:ff:ff:ff:ff:ff
>> inet6 fd12:67:1::1/64 scope global
>> valid_lft forever preferred_lft forever
>> inet6 fe80::c82:a1ff:feba:774c/64 scope link
>> valid_lft forever preferred_lft forever
>> The hypervisor has the following routes:
>> $ ip -6 route
>> fd12:67:1:1::/64 via fd12:67:1::3c dev br-ex metric 1024 pref medium
>> fe80::/64 dev ens3 proto kernel metric 256 pref medium
>> fe80::/64 dev br-ex proto kernel metric 256 pref medium
>> fe80::/64 dev br-int proto kernel metric 256 pref medium
>> fe80::/64 dev tapa5cf4799-9f proto kernel metric 256 pref medium
>> And within the VM has the following routes:
>> root at ubuntu:~# ip -6 route
>> root at ubuntu:~# ip -6 route
>> fd12:67:1::/64 via fd12:67:1:1::1 dev ens3 metric 1024 pref medium
>> fd12:67:1:1::/64 dev ens3 proto kernel metric 256 expires 86360sec pref medium
>> fe80::/64 dev ens3 proto kernel metric 256 pref medium
>> default via fe80::f816:3eff:feb3:bd56 dev ens3 proto ra metric 1024 expires 260sec hoplimit 64 pref medium
>> Though the ping6 from VM to hypervisor doesn't work:
>> root at ubuntu:~# ping6 fd12:67:1::1 -c4
>> PING fd12:67:1::1 (fd12:67:1::1): 56 data bytes
>> --- fd12:67:1::1 ping statistics ---
>> 4 packets transmitted, 0 packets received, 100% packet loss
>> I'm able to tcpdump inside the router1 netns and see that request packet is passing there, but can't see any reply packets:
>> $ sudo ip netns exec qrouter-5172472c-bbe7-4907-832a-e2239c8badb4 tcpdump -l -i any icmp6
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
>> listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
>> 21:29:29.351358 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: ICMP6, echo request, seq 0, length 64
>> 21:29:30.033316 IP6 fe80::f816:3eff:feb3:bd56 > fe80::f816:3eff:fe0e:17c3: ICMP6, neighbor solicitation, who has fe80::f816:3eff:fe0e:17c3, length 32
>> 21:29:30.035807 IP6 fe80::f816:3eff:fe0e:17c3 > fe80::f816:3eff:feb3:bd56: ICMP6, neighbor advertisement, tgt is fe80::f816:3eff:fe0e:17c3, length 24
>> 21:29:30.353646 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: ICMP6, echo request, seq 1, length 64
>> 21:29:31.355410 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: ICMP6, echo request, seq 2, length 64
>> 21:29:32.357239 IP6 fd12:67:1:1:f816:3eff:fe0e:17c3 > fd12:67:1::1: ICMP6, echo request, seq 3, length 64
>> The same happens from hypervisor to VM. I only acan see the request packets, but no reply packets.
>> Thanks in advance,
>> Lucio Seki
>
—
Slawek Kaplonski
Senior software engineer
Red Hat
More information about the openstack-discuss
mailing list