BTW, the "VNC Consoles" are now working in a Dual-Stacked fashion (both "vncserver 5900" and "novncproxy 6080" traffics goes via IPv6). ;-)
Guide updated... Cheers! Thiago On 15 April 2014 19:57, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > Hello Stackers! > > I just finished the OpenStack IPv6 Quick Guide, it is hosted here: > > > Ultimate OpenStack IceHouse Guide - ML2 Flat Network - IPv6-Friendly: > > https://gist.github.com/tmartinx/9177697 > > > Almost everything is working with IPv6, including OpenStack Management > (APIs / Endpoints) and, of course, the Instances. Only NoVNC (TCP port > 6080) and Metadata isn't working with IPv6 (yet). > > Also, the IPv6 configuration is static, no auto-configuration right now. > > My idea is to enable SLAAC on this environment, so, there will be no need > for static IPs and manual intervention. I think we're almost there! What do > you guys think? > > BTW, sorry about tons of e-mails I sent before, I'll not do that again. > > Cheers! > Thiago > > > On 12 April 2014 04:09, Martinx - ジェームズ <thiagocmarti...@gmail.com> wrote: > >> BTW, I think that the following patches are also important / relevant to >> begin with: >> >> --- >> 4. Two Attributes Proposal to Control IPv6 RA Announcement and Address >> Assignment >> https://blueprints.launchpad.net/neutron/+spec/ipv6-two-attributes >> Patchset: Create new IPv6 attributes for Subnets. >> https://review.openstack.org/#/c/52983/ >> Patchset: Add support to DHCP agent for BP ipv6-two-attributes. >> https://review.openstack.org/70649 >> Patchset: Calculate stateless IPv6 address. >> https://review.openstack.org/56184 >> Patchset: Permit ICMPv6 RAs only from known routers. >> https://review.openstack.org/#/c/72252/ >> ... >> 8. Provider Networking - upstream SLAAC support >> https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac >> Patchset: Ensure that that all fixed ips for a port belong to a >> subnet using DHCP. https://review.openstack.org/#/c/64578/ >> --- >> >> But I'm not sure about the easiest path we can follow... From what I'm >> seeing, Neutron just needs to calculate Instance's IPv6 address based on >> SLAAC, then Instance's IPv6 address will match (Neutron <-> upstream >> SLAAC), in the end of the day. >> >> Also, review 72252 is very important! >> >> Regards, >> Thiago >> >> >> On 12 April 2014 01:34, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: >> >>> Cool! Instance shows an IPv6 address and it clearly isn't generated by >>> EUI-64 (SLAAC) but, at least, I can use static IPv6! YAY! >>> >>> --- >>> root@controller:~# nova list >>> >>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+ >>> | ID | Name | Status | Task State >>> | Power State | Networks | >>> >>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+ >>> | 1654644d-6d52-4760-b147-4b88769a6fc2 | trusty-2 | ACTIVE | - >>> | Running | sharednet1=10.33.14.23, 2001:1291:2bf:fffb::3 | >>> >>> +--------------------------------------+----------+--------+------------+-------------+-----------------------------------------------+ >>> >>> root@controller:~# ssh -i ~/xxx.pem ubuntu@10.33.14.23 >>> >>> ubuntu@trusty-2:~$ sudo ip -6 a a 2001:1291:2bf:fffb::3/64 dev eth0 >>> >>> ubuntu@trusty-2:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1 >>> >>> ubuntu@trusty-2:~$ ping6 -c 1 google.com >>> PING google.com(2800:3f0:4004:801::100e) 56 data bytes >>> 64 bytes from 2800:3f0:4004:801::100e: icmp_seq=1 ttl=54 time=49.6 ms >>> >>> --- google.com ping statistics --- >>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms >>> rtt min/avg/max/mdev = 49.646/49.646/49.646/0.000 ms >>> --- >>> >>> IPv6 up and running and OpenStack is aware of both IPv4 and IPv6 >>> instance's addresses! Security Group is also taking care of ip6tables. >>> >>> I'm pretty sure that if I start radvd on upstream router right now, all >>> instances will generate its own IPv6 based on their respective MAC address. >>> But then, the IPv6 will differ from what OpenStack "thinks" that each >>> instance have. >>> >>> So many e-mails, sorry BTW! :-P >>> >>> Best, >>> Thiago >>> >>> On 12 April 2014 01:11, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: >>> >>>> In fact, neutron accepted the following command: >>>> >>>> --- >>>> root@controller:~# neutron subnet-create --ip-version 6 --disable-dhcp >>>> --tenant-id 5e0106fa81104c5cbe21e1ccc9eb1a36 sharednet1 >>>> 2001:1291:2bf:fffb::/64 >>>> Created a new subnet: >>>> >>>> +------------------+-------------------------------------------------------------------------------------+ >>>> | Field | Value >>>> | >>>> >>>> +------------------+-------------------------------------------------------------------------------------+ >>>> | allocation_pools | {"start": "2001:1291:2bf:fffb::2", "end": >>>> "2001:1291:2bf:fffb:ffff:ffff:ffff:fffe"} | >>>> | cidr | 2001:1291:2bf:fffb::/64 >>>> | >>>> | dns_nameservers | >>>> | >>>> | enable_dhcp | False >>>> | >>>> | gateway_ip | 2001:1291:2bf:fffb::1 >>>> | >>>> | host_routes | >>>> | >>>> | id | 8685c917-e8df-4741-987c-6a531dca9fcd >>>> | >>>> | ip_version | 6 >>>> | >>>> | name | >>>> | >>>> | network_id | 17cda0fb-a59b-4a7e-9d96-76d0670bc95c >>>> | >>>> | tenant_id | 5e0106fa81104c5cbe21e1ccc9eb1a36 >>>> | >>>> >>>> +------------------+-------------------------------------------------------------------------------------+ >>>> --- >>>> >>>> Where "gateway_ip 2001:1291:2bf:fffb::1" is my "upstream SLAAC" router >>>> (radvd stopped for now). >>>> >>>> Diving: I think I'll put my OVS bridge "br-eth0" (bridge_mappings = >>>> physnet1:br-eth0) on top of a VLAN but, I'll not tell OpenStack to use >>>> "vlan", I'll keep using "flat" but, on top of a "hidden" vlan... eheh :-P >>>> >>>> I'll keep testing to see how far I can go... :-) >>>> >>>> Cheers! >>>> >>>> >>>> On 12 April 2014 00:42, Martinx - ジェームズ <thiagocmarti...@gmail.com>wrote: >>>> >>>>> Hey guys! >>>>> >>>>> My OpenStack Instance have IPv6 connectivity! Using ML2 / Simple Flat >>>>> Network... For the first time ever! Look: >>>>> >>>>> --- >>>>> administrative@controller:~$ nova boot --image >>>>> 70f335e3-798b-4031-9773-a640970a8bdf --key-name Key trusty-1 >>>>> >>>>> administrative@controller:~$ ssh -i ~/test.pem ubuntu@10.33.14.21 >>>>> >>>>> ubuntu@trusty-1:~$ sudo ip -6 a a 2001:1291:2bf:fffb::300/64 dev eth0 >>>>> >>>>> ubuntu@trusty-1:~$ sudo ip -6 r a default via 2001:1291:2bf:fffb::1 >>>>> >>>>> ubuntu@trusty-1:~$ ping6 -c 1 google.com >>>>> >>>>> PING google.com(2800:3f0:4004:801::1000) 56 data bytes >>>>> 64 bytes from 2800:3f0:4004:801::1000: icmp_seq=1 ttl=54 time=55.1 ms >>>>> >>>>> --- google.com ping statistics --- >>>>> 1 packets transmitted, 1 received, 0% packet loss, time 0ms >>>>> rtt min/avg/max/mdev = 55.121/55.121/55.121/0.000 ms >>>>> >>>>> - >>>>> # From my Laptop (and from another IPv6 block): >>>>> testuser@macbuntu:~$ telnet 2001:1291:2bf:fffb::300 22 >>>>> Trying 2001:1291:2bf:fffb::300... >>>>> Connected to 2001:1291:2bf:fffb::300. >>>>> Escape character is '^]'. >>>>> SSH-2.0-OpenSSH_6.6p1 Ubuntu-2 >>>>> --- >>>>> >>>>> But, OpenStack / Neutron isn't aware of that fixed IPv6 ( >>>>> 2001:1291:2bf:fffb::300) I just configured within the trusty-1 >>>>> Instance, so, I think we just need: >>>>> >>>>> - Blueprint ipv6-provider-nets-slaac ready; >>>>> - Start radvd on upstream router (2001:1291:2bf:fffb::1). >>>>> >>>>> Am I right?! >>>>> >>>>> In fact, apparently, Security Groups is also working! I can ssh into >>>>> "trusty-1" through IPv6 right now, but can't access port 80 of it (it is >>>>> closed buy 22 is open to the world)... >>>>> >>>>> Maybe it will also work with VLANs... >>>>> >>>>> BTW, I just realized that both the physical servers, controllers, >>>>> networks and compute nodes and etc, can be installed under a single IPv6 >>>>> /64 subnet! Since the openstack will random generate the MAC address (plus >>>>> SLAAC), IPv6s will never conflict. >>>>> >>>>> Best! >>>>> Thiago >>>>> >>>>> >>>>> On 12 April 2014 00:09, Thomas Goirand <z...@debian.org> wrote: >>>>> >>>>>> On 04/11/2014 10:52 PM, Collins, Sean wrote: >>>>>> > Many of those patches are stale - please join us in the subteam IRC >>>>>> > meeting if you wish to coordinate development of IPv6 features, so >>>>>> that >>>>>> > we can focus on updating them and getting them merged. At this point >>>>>> > simply applying them to the Icehouse tree is not enough. >>>>>> >>>>>> When and where is the next meeting? >>>>>> >>>>>> Thomas >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> OpenStack-dev mailing list >>>>>> OpenStack-dev@lists.openstack.org >>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
