On Wed, May 6, 2015 at 12:46 AM, Mike Spreitzer <mspre...@us.ibm.com> wrote: > While I am a Neutron operator, I am also a customer of a lower layer network > provider. That network provider will happily give me a few /64. How do I > serve IPv6 subnets to lots of my tenants? In the bad old v4 days this would > be easy: a tenant puts all his stuff on his private networks and NATs (e.g., > floating IP) his edge servers onto a public network --- no need to align > tenant private subnets with public subnets. But with no NAT for v6, there > is no public/private distinction --- I can only give out the public v6 > subnets that I am given. Yes, NAT is bad. But not being able to get your > job done is worse.
Mike, in this paragraph, you're hitting on something that has been on my mind for a while. We plan to cover this problem in detail in this talk [1] and we're defining some work for Liberty to better address it [2][3]. You hit the nail on the head, there is no distinguishing private and public IP addresses in Neutron currently with IPv6. Kilo's new subnet pool feature is a start. It will allow you to create a shared subnet pool including the /64s from your service provider. Tenants can then create a subnet getting an allocation from it automatically. However, given the current state of things, there will be some manual work on the gateway router to route them to the tenant's router. Prefix delegation -- which looks on track for Liberty -- is another option which could fill this void. It will allow a router to get a prefix delegation from an external PD system which will be useable on a tenant subnet. Presumably the external system will take care of routing the subnet to the appropriate tenant router. Carl [1] http://sched.co/2qdm [2] https://review.openstack.org/#/c/180267/ [3] https://review.openstack.org/#/c/125401/ __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
