Ask Your Question
0

Public IPv6 for tenant VMs with Kilo

asked 2015-04-20 12:02:59 -0500

jbmolle gravatar image

Hi,

I've installed OpenStack Kilo on a 3 node architecture and I have a /64 IPv6 public network. The controller node has 2001:dbd9:xxxx:xxxx::1/64 address, the network node 2001:dbd9:xxxx:xxxx::2/64 address and the compute node 2001:dbd9:xxxx:xxxx::3/64 address.

I have 2 tenants admin and user. With the admin tenant I create the shared flat external network: neutron net-create ext-net --shared --router:external --provider:physical_network external --provider:network_type flat

I would like to give public IPv6 access to my instances.

Solution 1: Create a IPv6 subnet neutron subnet-create ext-net --name ext-sub6 --ip-version 6 --ipv6_address_mode=slaac --ipv6_ra_mode=slaac --allocation-pool start=2001:dbd9:xxxx:xxxx::5,end=2001:dbd9:xxxx:xxxx::500 2001:dbd9:xxxx:xxxx::/64 Launch a VM from admin or user tenant: nova boot --image 1 --flavor 1 my-instance I get an error "No valid host was found" every time I tried to boot an instance directly on the provider network.

Solution 2: Create a IPv6 subnet, a user tenant network and subnet, a router to link the user tenant network and the provider network. neutron subnet-create ext-net --name ext-sub6 --ip-version 6 --ipv6_address_mode=slaac --ipv6_ra_mode=slaac --allocation-pool start=2001:dbd9:xxxx:xxxx::5,end=2001:dbd9:xxxx:xxxx::500 2001:dbd9:xxxx:xxxx::/64 source user-tenant.sh (to get the user tenant parameters) neutron net-create user-network neutron subnet-create user-network --name user-sub6 --ip-version 6 --ipv6_address_mode=slaac --ipv6_ra_mode=slaac fd01:dbd9:xxxx:xxxx::/64 neutron router-create user-router neutron router-interface-add user-router user-sub6 neutron router-gateway-set user-router ext-net nova boot --image 1 --flavor 1 my-instance This time the instance boots without any problem. But it's not possible to associate floating IPv6 so I can't reach the instance from the public network.

Solution 3: No subnet on external network. source user-tenant.sh (to get the user tenant parameters) neutron net-create user-network neutron subnet-create ext-net --name ext-sub6 --ip-version 6 --ipv6_address_mode=slaac --ipv6_ra_mode=slaac --allocation-pool start=2001:dbd9:xxxx:xxxx::5,end=2001:dbd9:xxxx:xxxx::500 2001:dbd9:xxxx:xxxx::/64 (I use my public IPv6 network for the subnet pool) neutron router-create user-router neutron router-interface-add user-router user-sub6 neutron router-gateway-set user-router ext-net nova boot --image 1 --flavor 1 my-instance The VM boots but I can't reach it from the internet.

Also if I create a port on the provider network, I can't attach it to my VM started on the user tenant private network.

Thanks a lot for any help I could get, JB

P.S: I've read Thiago Martins's guide but I can't attach a VM directly to the provider network in a 3 node architecture.

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-05-04 07:10:33 -0500

jbmolle gravatar image

Finally I managed to have my cloud working with IPv6. I followed Robert's Solution 1. I had to add the physical interface to br-ex and configure ml2 plugin on compute node with bridge_mappings=external:br-ex After that I could ping my VMs from the compute node but not from the internet. I don't control the upstream router which is provided by my ISP. I had to do the following on the compute node: ip neigh add proxy "IPv6 address of the VM" dev br-ex Hope it can help others!

edit flag offensive delete link more
0

answered 2015-04-22 11:56:25 -0500

Robert Li gravatar image

First of all, it seems that you are overlaying your tenant data network on top of your management network since you seemed to be using the same prefix (what are the xxxx:xxxx in the prefix?) for both networks. Assuming that's the case, and that you are using ovs plugin, and you know what your physical interface is on each of the nodes that is connected to your physical network, this is what I think you should do to make it work:

Your Solution 1: -- configure each compute node so that the ipv6 address is configured on the br-int interface (supposedly that's the integration bridge used with the ovs plugin). -- adding your physical interface to br-int -- create a tenant network instead (does not need to be external, but could be shared) and a subnet with that prefix. -- depending on if you are running RA in your physical network. If you are not, then you need to configure a default route after logging into your instance, pointing to your router that is running on the same physical network. If you are, you want to make sure when you create your tenant subnet, the gw address should be the LLA of your upstream router. -- boot your instance with --nic net-id <your tenant="" network="">

The above setup doesn't require a network node. If you use a network node, you'd use your Solution 3. But you need to setup your physical network on that node so that l3 routing is configured properly. Without knowing your physical network, but suppose you have a physical interface on your network node that is connected with your upstream router, one way to achieve that is you'd need a separate prefix for your tenant subnet. In this case, the network node itself is used as a router with a physical interface connected to your upstream router. -- configure your upstream router to route your tenant subnet prefix to the physical interface on the network node -- enable ipv6 forwarding on your network node -- on your network node, you'd have a br-ex bridge. Your neutron router has the external gw port connected to br-ex. -- on your network node, create a route for your tenant prefix so that it's next hop is the neutron router's external gw port. -- configure ipv6_gateway to be br-ex's LLA address for neutron l3 service before launching it

Hopefully the above description is clear enough to provide some help. The bottom line is that your tenant's virtual network needs to be hooked up properly with the physical network. And the above are just two possible ways to achieve that.

edit flag offensive delete link more

Comments

Thanks Robert! I'll try that in the next few days and let you know if I have any further problems.

jbmolle gravatar imagejbmolle ( 2015-04-23 01:02:54 -0500 )edit
0

answered 2015-04-22 08:45:35 -0500

For solution 1 - I don't have any guidance on what is wrong.

For solution 2 - I don't believe Floating IPs and NAT are implemented for V6

I think you should pursue solution three. It should work. I suspect you may have some type problem in your configuration setting. Two specific things to check. Unless i am not following correctly the user subnet seems to be named two different things in your command strings. "ext-sub6" for the VMs and "user-sub6" when adding a router interface. Also confirm that the router got a good Ipv6 address from the public network to use as a gateway.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-04-20 12:02:59 -0500

Seen: 750 times

Last updated: May 04 '15