Hello Stackers! I just finished the OpenStack IPv6 Quick Guide, it is hosted here:
Ultimate OpenStack IceHouse Guide - ML2 Flat Network - IPv6-Friendly: https://gist.github.com/tmartinx/9177697 Almost everything is working with IPv6, including OpenStack Management (APIs / Endpoints) and, of course, the Instances. Only NoVNC (TCP port 6080) and Metadata isn't working with IPv6 (yet). Also, the IPv6 configuration is static, no auto-configuration right now. My idea is to enable SLAAC on this environment, so, there will be no need for static IPs and manual intervention. I think we're almost there! What do you guys think? BTW, sorry about tons of e-mails I sent before, I'll not do that again. Cheers! Thiago On 12 April 2014 04:09, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > BTW, I think that the following patches are also important / relevant to > begin with: > > --- > 4. Two Attributes Proposal to Control IPv6 RA Announcement and Address > Assignment > https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes > Patchset: Create new IPv6 attributes for Subnets. > https://review.openstack.org/#/c/52983/ > Patchset: Add support to DHCP agent for BP ipv6-two-attributes. > https://review.openstack.org/70649 > Patchset: Calculate stateless IPv6 address. > https://review.openstack.org/56184 > Patchset: Permit ICMPv6 RAs only from known routers. > https://review.openstack.org/#/c/72252/ > ... > 8. Provider Networking - upstream SLAAC support > https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac > Patchset: Ensure that that all fixed ips for a port belong to a > subnet using DHCP. https://review.openstack.org/#/c/64578/ > --- > > But I'm not sure about the easiest path we can follow... From what I'm > seeing, Neutron just needs to calculate Instance's IPv6 address based on > SLAAC, then Instance's IPv6 address will match (Neutron <-> upstream > SLAAC), in the end of the day. > > Also, review 72252 is very important! > > Regards, > Thiago > > > On 12 April 2014 01:34, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > >> Cool! Instance shows an IPv6 address and it clearly isn't generated by >> EUI-64 (SLAAC) but, at least, I can use static IPv6! YAY! >> >> --- >> root@controller:~# nova list >> >> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+ >> | ID | Name | Status | Task State | >> Power State | Networks | >> >> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+ >> | 1654644d-6d52-4760-b147-4b88769a6fc2 | trusty-2 | ACTIVE | - | >> Running | sharednet1=10.33.14.23, 2001:1291:2bf:fffb::3 | >> >> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+ >> >> root@controller:~# ssh -i ~/xxx.pem ubuntu@10.33.14.23 >> >> ubuntu@trusty-2:~$ sudo ip -6 a a 2001:1291:2bf:fffb::3/64 dev eth0 >> >> ubuntu@trusty-2:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1 >> >> ubuntu@trusty-2:~$ ping6 -c 1 google.com >> PING google.com(2800:3f0:4004:801::100e) 56 data bytes >> 64 bytes from 2800:3f0:4004:801::100e: icmp_seq=1 ttl=54 time=49.6 ms >> >> --- google.com ping statistics --- >> 1 packets transmitted, 1 received, 0% packet loss, time 0ms >> rtt min/avg/max/mdev = 49.646/49.646/49.646/0.000 ms >> --- >> >> IPv6 up and running and OpenStack is aware of both IPv4 and IPv6 >> instance's addresses! Security Group is also taking care of ip6tables. >> >> I'm pretty sure that if I start radvd on upstream router right now, all >> instances will generate its own IPv6 based on their respective MAC address. >> But then, the IPv6 will differ from what OpenStack "thinks" that each >> instance have. >> >> So many e-mails, sorry BTW! :-P >> >> Best, >> Thiago >> >> On 12 April 2014 01:11, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: >> >>> In fact, neutron accepted the following command: >>> >>> --- >>> root@controller:~# neutron subnet-create --ip-version 6 --disable-dhcp >>> --tenant-id 5e0106fa81104c5cbe21e1ccc9eb1a36 sharednet1 >>> 2001:1291:2bf:fffb::/64 >>> Created a new subnet: >>> >>> +------------------+-------------------------------------------------------------------------------------+ >>> | Field | Value >>> | >>> >>> +------------------+-------------------------------------------------------------------------------------+ >>> | allocation_pools | {"start": "2001:1291:2bf:fffb::2", "end": >>> "2001:1291:2bf:fffb:ffff:ffff:ffff:fffe"} | >>> | cidr | 2001:1291:2bf:fffb::/64 >>> | >>> | dns_nameservers | >>> | >>> | enable_dhcp | False >>> | >>> | gateway_ip | 2001:1291:2bf:fffb::1 >>> | >>> | host_routes | >>> | >>> | id | 8685c917-e8df-4741-987c-6a531dca9fcd >>> | >>> | ip_version | 6 >>> | >>> | name | >>> | >>> | network_id | 17cda0fb-a59b-4a7e-9d96-76d0670bc95c >>> | >>> | tenant_id | 5e0106fa81104c5cbe21e1ccc9eb1a36 >>> | >>> >>> +------------------+-------------------------------------------------------------------------------------+ >>> --- >>> >>> Where "gateway_ip 2001:1291:2bf:fffb::1" is my "upstream SLAAC" router >>> (radvd stopped for now). >>> >>> Diving: I think I'll put my OVS bridge "br-eth0" (bridge_mappings = >>> physnet1:br-eth0) on top of a VLAN but, I'll not tell OpenStack to use >>> "vlan", I'll keep using "flat" but, on top of a "hidden" vlan... eheh :-P >>> >>> I'll keep testing to see how far I can go... :-) >>> >>> Cheers! >>> >>> >>> On 12 April 2014 00:42, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: >>> >>>> Hey guys! >>>> >>>> My OpenStack Instance have IPv6 connectivity! Using ML2 / Simple Flat >>>> Network... For the first time ever! Look: >>>> >>>> --- >>>> administrative@controller:~$ nova boot --image >>>> 70f335e3-798b-4031-9773-a640970a8bdf --key-name Key trusty-1 >>>> >>>> administrative@controller:~$ ssh -i ~/test.pem ubuntu@10.33.14.21 >>>> >>>> ubuntu@trusty-1:~$ sudo ip -6 a a 2001:1291:2bf:fffb::300/64 dev eth0 >>>> >>>> ubuntu@trusty-1:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1 >>>> >>>> ubuntu@trusty-1:~$ ping6 -c 1 google.com >>>> >>>> PING google.com(2800:3f0:4004:801::1000) 56 data bytes >>>> 64 bytes from 2800:3f0:4004:801::1000: icmp_seq=1 ttl=54 time=55.1 ms >>>> >>>> --- google.com ping statistics --- >>>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms >>>> rtt min/avg/max/mdev = 55.121/55.121/55.121/0.000 ms >>>> >>>> - >>>> # From my Laptop (and from another IPv6 block): >>>> testuser@macbuntu:~$ telnet 2001:1291:2bf:fffb::300 22 >>>> Trying 2001:1291:2bf:fffb::300... >>>> Connected to 2001:1291:2bf:fffb::300. >>>> Escape character is '^]'. >>>> SSH-2.0-OpenSSH_6.6p1 Ubuntu-2 >>>> --- >>>> >>>> But, OpenStack / Neutron isn't aware of that fixed IPv6 ( >>>> 2001:1291:2bf:fffb::300) I just configured within the trusty-1 >>>> Instance, so, I think we just need: >>>> >>>> - Blueprint ipv6-provider-nets-slaac ready; >>>> - Start radvd on upstream router (2001:1291:2bf:fffb::1). >>>> >>>> Am I right?! >>>> >>>> In fact, apparently, Security Groups is also working! I can ssh into >>>> "trusty-1" through IPv6 right now, but can't access port 80 of it (it is >>>> closed buy 22 is open to the world)... >>>> >>>> Maybe it will also work with VLANs... >>>> >>>> BTW, I just realized that both the physical servers, controllers, >>>> networks and compute nodes and etc, can be installed under a single IPv6 >>>> /64 subnet! Since the openstack will random generate the MAC address (plus >>>> SLAAC), IPv6s will never conflict. >>>> >>>> Best! >>>> Thiago >>>> >>>> >>>> On 12 April 2014 00:09, Thomas Goirand <z...@debian.org> wrote: >>>> >>>>> On 04/11/2014 10:52 PM, Collins, Sean wrote: >>>>> > Many of those patches are stale - please join us in the subteam IRC >>>>> > meeting if you wish to coordinate development of IPv6 features, so >>>>> that >>>>> > we can focus on updating them and getting them merged. At this point >>>>> > simply applying them to the Icehouse tree is not enough. >>>>> >>>>> When and where is the next meeting? >>>>> >>>>> Thomas >>>>> >>>>> >>>>> _______________________________________________ >>>>> OpenStack-dev mailing list >>>>> OpenStack-dev@lists.openstack.org >>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>> >>>> >>>> >>> >> >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
