[neutron] DVR / IPv6 on provider network instead?

Brian Haley haleyb.dev at gmail.com
Mon Jun 29 18:13:38 UTC 2020


On 6/27/20 11:52 PM, Eric K. Miller wrote:
> Hi,
> 
> Should I assume that the statement:
> 
> "IPv6 traffic is not distributed, even when DVR is enabled. IPv6 routing 
> does work, but all ingress/egress traffic must traverse through the 
> centralized Controller node. Customers that are extensively using IPv6 
> routing are advised not to use DVR at this time."
> 
> is still true in Stein and later (we are running Stein for now, which is 
> why I explicitly mentioned this version)?
> 
> If so, is there a possibility of using a provider network that is 
> connected to all compute nodes where IPv6 subnets are issued to tenants 
> from a subnet pool, with traffic being routed directly to an external 
> router (not a Neutron router) using Linux Bridge instead of OVS?  Yet, 
> still use port security?
> 
> Just trying to figure out the best way to support IPv6 without 
> forwarding all traffic through a single network node, while using DVR 
> for IPv4.

The other way would be to enhance the dr-agent, IPv4 support for DVR was 
added recently.

https://docs.openstack.org/neutron-dynamic-routing/latest/

There is also some ongoing work to better support IPv6 "fast exit" at 
https://review.opendev.org/#/c/662111/

-Brian


> Also, unrelated, but hopefully a quick question…  is the "internal" or 
> "external" label on a network just used for filtering lists, such as for 
> "openstack network list --external"?  or does it change the behavior of 
> anything?
> 
> 
> Thanks!
> 
> 
> Eric
> 




More information about the openstack-discuss mailing list