Ask Your Question
0

IPv6 Support in Ocata

asked 2017-07-15 04:23:17 -0500

Elangovan Anganann gravatar image

updated 2017-07-22 04:51:09 -0500

I have an openstack cloud (ocata) in HA configuration (3 controllers, 2 compute nodes). At the moment, it supports only IPv4 (TypeDrivers: vxlan, flat) (Mechanism Drivers: linuxbridge,l2population). Now, I want to enabled IPv6 support for my tenants. What is the procedure to accomplish IPv6 Support?

Suppose eth0 is used for public internet connectivity and as interface to provider network, do we need to provide IPv4 and IPv6 address to eth0. I am using linux bridge agent.

[root@controller1 ~ ]# rpm -qa | grep openstack-neutron
openstack-neutron-ml2-10.0.1-1.el7.noarch
openstack-neutron-linuxbridge-10.0.1-1.el7.noarch
openstack-neutron-common-10.0.1-1.el7.noarch
openstack-neutron-10.0.1-1.el7.noarch
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2017-07-25 09:00:49 -0500

Elangovan Anganann gravatar image

IPv6 doesn't seem to work with Neutron Linux Bridge Agent (provider configuration) in OpenStack Ocata. It seem to work with Neutron OpenvSwitch Agent (provider configuration) in OpenStack Ocata.

edit flag offensive delete link more
0

answered 2017-07-15 08:06:37 -0500

Bernd Bausch gravatar image

The Networking Guide has a long chapter on IPv6. and also enables IPv6 in the Linuxbridge mechanism configuration chapter.

edit flag offensive delete link more

Comments

These chapters doesn't talk about provider network interface configuration. As per link text, we cannot have IPv6 address to NIC that is connected to provider network. Openstack disables IPv6 for linux bridges.

Elangovan Anganann gravatar imageElangovan Anganann ( 2017-07-22 04:54:25 -0500 )edit

The link you provided says "the bridge will still pass IPv6 between ports even if it doesn't have an IPv6 address".

Admittedly, I have never tried IPv6, so you are probably better off with Luo Wei's guidance.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-24 06:34:40 -0500 )edit
0

answered 2017-07-20 08:50:39 -0500

luowei gravatar image

updated 2017-07-22 17:18:38 -0500

The easy way to give a tenant ipv6 support is to do nothing! Just create the tenant on a provider network that is ipv6 enabled. Linuxbridge passes the ipv6 packets out of the box. When I say the provider network is ipv6 enabled, I mean the external network is ipv6 enabled (i.e. my campus subnet has a radvd daemon running, ipv6 tunnel, or whatever is your use case).

For example, on an standard Ocata ubuntu tutorial build with no special ipv6 configuration added, the cirros tenant picks up necessary ipv6 info from the external provider network (addresses changed to protect the innocent):

$ ifconfig
  eth0      Link encap:Ethernet  HWaddr FA:16:3E:C7:66:55  
            inet addr:192.168.150.8  Bcast:192.168.150.255  Mask:255.255.255.0
            inet6 addr: 2011:470:c092:2bf:cafe:3eff:fec7:6655/64 Scope:Global
            inet6 addr: fe80::cafe:3eff:fec7:6655/64 Scope:Link

$ ping6 -c 3 ipv6.google.com
PING ipv6.google.com (2607:f8b0:400f:800::200e): 56 data bytes
64 bytes from 2607:f8b0:400f:800::200e: seq=0 ttl=54 time=50.347 ms
64 bytes from 2607:f8b0:400f:800::200e: seq=1 ttl=54 time=50.174 ms
64 bytes from 2607:f8b0:400f:800::200e: seq=2 ttl=54 time=50.483 ms

You won't see the ipv6 address in the horizon dashboard listing, but as you can see above the tenant gets a global address and has ipv6 connectivity. To add ipv6 security group rules, use ::0 instead of 0.0.0.0/0 for the remote prefix.


The key is ipv6 on your network segment OUTSIDE of OpenStack must work. So, if I have campus vlan 600 and I plug a laptop into that segment, I should get a global ipv6 address and have v6 connectivity. In my case I'm using slaac on my campus segment and an radvd daemon on a linux box. And, of course that segment also has ipv4. My /etc/radvd.conf looks like this (address changed):

interface em3.600
{
   AdvSendAdvert on;
   prefix 2011:670:cafe:2cf::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
   };
};

I use this network segment as my provider network. I follow the vanilla ubuntu tutorial build: https://docs.openstack.org/ocata/inst... So, the interface that is connected to the campus vlan 600 segment is just what you would normally have on the controller (network) and computes for provider:

auto eth0
  iface eth0 inet manual
  up ip link set dev $IFACE up
  down ip link set dev $IFACE down

I don't change anything from the tutorial guide when I configure neutron or when I create the provider network. I just create it for ipv4 (NO ipv6 subnet, NO slaac options, NO dhcp6 options). ipv4 only, like in the guide: https://docs.openstack.org/ocata/inst...

When the tenant gets created on the provider network, it gets it's ipv4 address and info from neutron, but ipv6 router advertisements and neighbor discovery will ... (more)

edit flag offensive delete link more

Comments

Suppose eth0 is the provide network interface; does eth0 have both IPv4 and IPv6 addresses? Could you please provide ifconfig output of a controller (network) node? Also provide the output of "rpm -qa | grep openstack-neutron" from a controller (network) node. Thanks.

Elangovan Anganann gravatar imageElangovan Anganann ( 2017-07-22 04:25:11 -0500 )edit

See added details above. Controller and compute have self assigned ipv6 link addresses. I don't want them to get global addresses, because then they are exposed. So I disable ipv6 autoconfiguration: https://superuser.com/questions/33196...

luowei gravatar imageluowei ( 2017-07-22 11:10:33 -0500 )edit

The compute ifconfig excerpt looks like:

eth0 Link encap:Ethernet  HWaddr f4:e9:d4:ee:64:40  
          inet6 addr: fe80::f4e9:d4ee:feae:6440/64 Scope:Link
luowei gravatar imageluowei ( 2017-07-22 11:12:10 -0500 )edit

The controller (network) node really isn't involved in ipv6 in this case. I'm on ubuntu, so "apt list --installed" gives:

neutron-common
neutron-dhcp-agent
neutron-l3-agent
neutron-linuxbridge-agent
neutron-metadata-agent
neutron-server
luowei gravatar imageluowei ( 2017-07-22 11:21:24 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2017-07-15 04:23:17 -0500

Seen: 232 times

Last updated: Jul 25