Allocate IPv6 /64 block to each instance

asked 2017-12-19 18:35:37 -0600

RyanG gravatar image

The goal of this deployment is to allocate a /64 block of IPv6 addresses for each instance from a /48 block. To accomplish this we've been creating separate networks for each instance and adding a /64 subnet allocated through a subnet pool. The subnet is then routed through a gateway to the Public (provider) network.

IPv6 /48 addresses allocated directly through the Public network are working correctly, as are IPv4 addresses. However, The IPv6 /64 addresses are able to hit their router gateway, but cannot reach the outside network.

Ideally, we wanted to use a prefix delegation server such as dibbler, but we haven't been able to get the router advertisements to broadcast on the provider network. We fell back onto subnet pools in order to manage our IPv6 address allocation.

Public network - /48 block
- Router Gateway
  - Instance Network with a /64 block

Relevent Configs:

neutron.ini:

 [default]
 core_plugin = ml2
 service_plugins = router
 pd_interface = br-provider
 pd_dhcp_driver = neutron_pd_agent
 default_ipv6_subnet_pool = prefix_delegation

l3_agent.ini:

 [default]
 agent_mode = dvr
 interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
 ipv6_gateway = fe80::212:f2ff:fe91:b800 # Upstream routers link-local address

plugins/ml2/ml2_conf.ini

 [default]
 type_drivers = gre,flat
 tenant_network_types = gre,flat
 mechanism_drivers = openvswitch
 flat_networks = provider

 [securitygroup]
 bridge_mappings = provider:br-provider
 tunnel_type = gre
 enable_tunneling = True

 [agent]
 l2_population = True
 tunnel_types = gre
 enable_distributed_routing = True
 arp_responder = True
 prevent_arp_spoofing = True

/etc/dibbler/server.conf

iface "br-provider" {
 pd-class {
     pd-pool 2001:db8:9::/48
     pd-length 64
 }
}

Create the Public Network (under the Admin Project, 45a535ca3cb74cdca857ee1ae4efa0fe): neutron net-create Public --provider:network_type flat --provider:physical_network provider --router:external --share

+---------------------------+----------------------------------------------------------------------------+
| Field                     | Value                                                                      |
+---------------------------+----------------------------------------------------------------------------+
| admin_state_up            | UP                                                                         |
| availability_zone_hints   |                                                                            |
| availability_zones        | nova                                                                       |
| created_at                | 2017-12-19T09:23:42Z                                                       |
| description               |                                                                            |
| dns_domain                | None                                                                       |
| id                        | 3ea1c1c7-4eaf-4d64-a45e-d16e6d326934                                       |
| ipv4_address_scope        | None                                                                       |
| ipv6_address_scope        | None                                                                       |
| is_default                | False                                                                      |
| mtu                       | 1500                                                                       |
| name                      | Public                                                                     |
| port_security_enabled     | False                                                                      |
| project_id                | 45a535ca3cb74cdca857ee1ae4efa0fe                                           |
| provider:network_type     | flat                                                                       |
| provider:physical_network | provider                                                                   |
| provider:segmentation_id  | None                                                                       |
| qos_policy_id             | None                                                                       |
| revision_number           | 7                                                                          |
| router:external           | External                                                                   |
| segments                  | None                                                                       |
| shared                    | True                                                                       |
| status                    | ACTIVE                                                                     |
| subnets                   | 4778bf72-9777-434f-b5e7-2f358aba155e, e1658d2f-95d5-45b0-818e-6ac63aeba619 |
| updated_at                | 2017-12-19T09:24:35Z                                                       |
+---------------------------+----------------------------------------------------------------------------+

Add IPv4/IPv6 Subnets to the public network neutron subnet-create Public --ip-version 6 2001:db8:9::/48 --allocation-pool start=2001:0db8:0009:0010:0000:0000:0000:0000,end=2001:0db8:0009:ffff:ffff:ffff:ffff:fffe

+-------------------+-----------------------------------------------------+
| Field             | Value                                               |
+-------------------+-----------------------------------------------------+
| allocation_pools  | 2001:db8:9:10::-2001:db8:9:ffff:ffff:ffff:ffff:fffe |
| cidr              | 2001:db8:9::/48                                     |
| created_at        | 2017-12-19T09:24:25Z                                |
| description       |                                                     |
| dns_nameservers   |                                                     |
| enable_dhcp       | True                                                |
| gateway_ip        | 2001:db8:9::1                                       |
| host_routes       |                                                     |
| id                | e1658d2f-95d5-45b0-818e-6ac63aeba619                |
| ip_version        | 6                                                   |
| ipv6_address_mode | None                                                |
| ipv6_ra_mode      | None                                                |
| name              |                                                     |
| network_id        | 3ea1c1c7-4eaf-4d64-a45e-d16e6d326934                |
| project_id        | 45a535ca3cb74cdca857ee1ae4efa0fe                    |
| revision_number   | 2                                                   |
| segment_id        | None                                                |
| service_types     |                                                     |
| subnetpool_id     | None                                                |
| updated_at        | 2017-12-19T09:24:25Z                                |
+-------------------+-----------------------------------------------------+

neutron subnet-create Public --ip-version 4 192.0.2.128/25 --allocation-pool start=192.0.2.130,end=192.0.2.254 --enable-dhcp --dns_nameservers list=true 8.8.4.4 8.8.8.8

+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| allocation_pools  | 192.0.2.130-192.0.2.254      |
| cidr              | 192.0.2.128/25                   |
| created_at        | 2017-12-19T09:24:35Z                 |
| description       |                                      |
| dns_nameservers   | 8.8.4.4, 8.8.8.8                     |
| enable_dhcp       | True                                 |
| gateway_ip        | 192.0.2.129                      |
| host_routes       |                                      |
| id                | 4778bf72-9777-434f-b5e7-2f358aba155e |
| ip_version        | 4                                    |
| ipv6_address_mode | None                                 |
| ipv6_ra_mode      | None                                 |
| name              |                                      |
| network_id        | 3ea1c1c7-4eaf-4d64-a45e-d16e6d326934 |
| project_id        | 45a535ca3cb74cdca857ee1ae4efa0fe     |
| revision_number   | 2                                    |
| segment_id        | None                                 |
| service_types     |                                      |
| subnetpool_id     | None                                 |
| updated_at        | 2017-12-19T09:24:35Z                 |
+-------------------+--------------------------------------+

Create IPv6 ... (more)

edit retag flag offensive close merge delete

Comments

Also tried using address scopes but still unable to hit the router getaway from an Instance IPv6 Network.

Pretty much the same steps as above, except I removed the /48 subnet from the Public network and instead added a /64 subnet allocated through the subnet pool with an address scope.

Any ideas?

RyanG gravatar imageRyanG ( 2017-12-20 17:56:25 -0600 )edit