Open Stack

Ken D'Ambrosio writes:
> Hey, all.  I have a Liberty cloud, and decided for the heck of it to
> start dipping my toe into IPv6.  I do have some confusion, however.  I
> can choose between SLAAC, DHCPv6 stateful and DHCPv6 stateless -- and
> I see some writeups on what they do, but I don't understand what
> differentiates them.  As far as I can tell, they all do pretty much
> the same thing, just with different pieces doing different things.
> E.g., the chart, found here
> (http://docs.openstack.org/liberty/networking-guide/adv-config-ipv6.html
> -- page down a little) shows those three options, but it isn't clear:
> * How to configure the elements involved
> * What they exactly do (e.g., "optional info"?  What's that?)
> * Why there even *are* different choices.  Do they offer functionally
> different results?

SLAAC and DHCPv6-stateless use the same mechanism (SLAAC) to provide
instances with IPv6 addresses.  The only difference between them is that
with DHCPv6-stateless, the instance can also use DHCPv6 requests to get
other information such as nameserver addresses etc.  So choosing between
SLAAC and DHCPv6-stateless, I would always prefer DHCPv6-stateless -
it's a strict superset in terms of functionality, and I don't see any
particular risks associated with it.

DHCPv6-stateful is a different beast: It will use DHCPv6 to give an
instance its IPv6 address.  DHCPv6 actually fits OpenStack's model
better than SLAAC[1].  Unfortunately, most GNU/Linux distributions don't
support Stateful DHCPv6 "out of the box".

Because we want our users to use unmodified operating systems images and
still get usable IPv6, we have grudgingly decided to go for
DHCPv6-stateless.  For configuration information, see[2].

If you decide to go for DHCPv6-stateful, then here's a Web page that
explains how to enable it client-side for a variety of GNU/Linux
distributions:

https://azure.microsoft.com/en-us/documentation/articles/load-balancer-ipv6-for-linux/

It would be nice if all systems honored the "M" (Managed) flag in Router
Advertisements and would use DHCPv6 if it is set, otherwise SLAAC.

> Any pointers would be much appreciated.  While I was able to get a
> host up with IPv4/IPv6, I wish I understood more of what was going on
> behind the scenes.

Hope this helps,

[1] What I mean is this: OpenStack (Nova) sees it as part of its job to
    control the IP address(es) that an instance uses.  In IPv4 it uses
    DHCP (always did).  DHCP assigns complete addresses - which are
    under control of OpenStack.  In IPv6, stateful DHCPv6 would be the
    proper equivalent.

    SLAAC is different in that the node (instance) actually chooses its
    address based on information it gets from the router.  The most
    common method is that the node uses an "EUI-64" address as the local
    part (host ID) of the address.  The EUI-64 is derived from the MAC
    address by a fixed algorithm.  This can work with OpenStack because
    OpenStack controls the MAC addresses too, and can thus "guess" what
    IPv6 address an instance will auto-configure on a given network.
    You see how this is a little less straightforward than OpenStack
    just *telling* the instance what IPv6 address it should use.

    In practice, this breaks down when an instance uses other methods to
    get the local part, for example "privacy addresses" according to RFC
    4941.  These will lead to conflicts with OpenStack's built-in
    anti-spoofing filters.  So such mechanisms need to be disabled when
    SLAAC is used under OpenStack (including under "DHCPv6-stateless").
[2] http://cloudblog.switch.ch/2016/07/07/switchengines-under-the-hood-basic-ipv6-configuration
-- 
Simon.