Jump to: navigation, search

Difference between revisions of "NEUTRON-IPV6-MANUAL"

Line 22: Line 22:
 
* DHCPv6-stateless – Address configuration using RA and optional information using DHCPv6  
 
* DHCPv6-stateless – Address configuration using RA and optional information using DHCPv6  
 
* DHCPv6-stateful – Address configuration and optional information using DHCPv6  
 
* DHCPv6-stateful – Address configuration and optional information using DHCPv6  
Tenant can either configure Neutron or rely on external routers and services to provide RA, DHCPv6 address and optional information for their networks. There are two Neutron subnet attributes - ipv6_ra_mode and ipv6_address_mode – that determine how IPv6 addressing and network information is provided to tenant instances.  
+
Openstack can be setup such that Neutron directly provides RA, DHCP relay and DHCPv6 address and optional information for their networks or this can be delegated to external routers and services based on the drivers that are in use. There are two Neutron subnet attributes - ipv6_ra_mode and ipv6_address_mode – that determine how IPv6 addressing and network information is provided to tenant instances.  
 
* ipv6_ra_mode – Determines who sends RA.  
 
* ipv6_ra_mode – Determines who sends RA.  
 
* ipv6_address_mode – Determines how instances obtain IPv6 address, default gateway, and/or optional information.
 
* ipv6_address_mode – Determines how instances obtain IPv6 address, default gateway, and/or optional information.
Line 28: Line 28:
 
=== SLAAC ===
 
=== SLAAC ===
 
For SLAAC, the possible combinations for the attributes are -
 
For SLAAC, the possible combinations for the attributes are -
 +
{|
 +
! ipv6_ra_mode !! ipv6_address_mode !! Result
 +
|-
 +
| SLAAC || Not specified || Address using Neutron router
 +
|-
 +
| Not specified || SLAAC || Address using external router
 +
|-
 +
| SLAAC || SLAAC || Address using Neutron router
 +
|}
 +
Setting SLAAC for ipv6_ra_mode configures Neutron router with radvd agent to send RA. This results in the following values set for the address configuration flags in the RA messages.
 +
Auto Configuration Flag = 1
 +
Managed Configuration Flag = 0
 +
Other Configuration Flag = 0
 +
=== DHCPv6-stateless  ===
 +
For DHCPv6-stateless, the possible combinations are –
 +
{|
 +
!ipv6_ra_mode !! ipv6_address_mode !! Result
 +
|-
 +
|DHCPv6-stateless || Not specified || Address using Neutron router and optional information using external DHCP service
 +
|-
 +
|Not specified || DHCPv6-stateless || Address using external router and optional information using Neutron DHCP implementation
 +
|-
 +
|DHCPv6-stateless || DHCPv6-stateless || Address and optional information using Neutron router and DHCP implementation respectively
 +
|}
  
 
   We probably want to have placeholders for some of the Liberty work like prefix delegation, etc.   
 
   We probably want to have placeholders for some of the Liberty work like prefix delegation, etc.   

Revision as of 16:58, 6 May 2015

The purpose of this wiki is to describe how the features and functionality available in openstack (using neutron networking) as of the Kilo release. The functionality describe is based on the in-Tree supported components. It is intended to serve as a guide for how to deploy IPv6 enabled instances. Where appropriate features planned for Liberty or beyond may be described.

The Basics

Openstack Neutron has supported IPV6 tenant subnets for a number of releases, but the Kilo release adds a number of new features, functionality and bug fixes to make it more robust. The focus of the document is to describe:

  • How to enable dual IPv4 and IPv6 enabled instances.
  • How those instances receive an IPV6 address.
  • How those instance communicate across a router to other subnets or the internet.
  • How those instance interact with other openstack services.

To enable a dual stack network in neutron simply requires creating a subnet with the v6 flag set. In addition the address mode needs to be chosen. This is described more completely below. Finally, the subnets prefix needs to be provided. The guest instance is created normally the procedure is not changed for dual stack versus how it was done for IPv4 only.

Not in Scope

Things not in the scope of this document include:

  • Single stack IPv6 tenant networking
  • Openstack control communication between servers and services over an IPv6 network.
  • Connection to the Openstack APIs via an IPv6 transport network
  • IPv6 multicast
  • IPv6 support in conjunction with any out of tree routers, switches, services or agents whether in physical or virtual form factors.

Tenant Network Considerations

Dataplane

Both the linuxbridge and the OVS dataplane modules support forwarding IPV6 packets amongst the guests and router ports. Similar to IPv4 there is no special configuration or setup required to enable the dataplane to properly forward packets from the source to the destination.

Address Modes for Subnets

IPv6 supports three different addressing schemes for address configuration and for providing optional network information.

  • Stateless Address Auto Configuration (SLAAC) – Address configuration using Router Advertisement (RA)
  • DHCPv6-stateless – Address configuration using RA and optional information using DHCPv6
  • DHCPv6-stateful – Address configuration and optional information using DHCPv6

Openstack can be setup such that Neutron directly provides RA, DHCP relay and DHCPv6 address and optional information for their networks or this can be delegated to external routers and services based on the drivers that are in use. There are two Neutron subnet attributes - ipv6_ra_mode and ipv6_address_mode – that determine how IPv6 addressing and network information is provided to tenant instances.

  • ipv6_ra_mode – Determines who sends RA.
  • ipv6_address_mode – Determines how instances obtain IPv6 address, default gateway, and/or optional information.

For the above two attributes to be effective, enable_dhcp must be set to True in Neutron. With enable_dhcp set to True, if neither attribute is configured, it is considered to be a case of DHCPv6-stateful.

SLAAC

For SLAAC, the possible combinations for the attributes are -

ipv6_ra_mode ipv6_address_mode Result
SLAAC Not specified Address using Neutron router
Not specified SLAAC Address using external router
SLAAC SLAAC Address using Neutron router

Setting SLAAC for ipv6_ra_mode configures Neutron router with radvd agent to send RA. This results in the following values set for the address configuration flags in the RA messages. Auto Configuration Flag = 1 Managed Configuration Flag = 0 Other Configuration Flag = 0

DHCPv6-stateless

For DHCPv6-stateless, the possible combinations are –

ipv6_ra_mode ipv6_address_mode Result
DHCPv6-stateless Not specified Address using Neutron router and optional information using external DHCP service
Not specified DHCPv6-stateless Address using external router and optional information using Neutron DHCP implementation
DHCPv6-stateless DHCPv6-stateless Address and optional information using Neutron router and DHCP implementation respectively
 We probably want to have placeholders for some of the Liberty work like prefix delegation, etc.   

IPV6 Neutron Router

Describe which modes the default router can use and configuration related to it, especially its interaction with provider networks and the upstream gateway.

IPv6 Neutron Router

I would start this section by cut and pasting from Rohit’s whitepaper using the Router ports section

IPV6 Distributed Virtual Router

Does this need its own section?

Services Consideration

VPNaaS

Need help on this. Is it a future?

FWaaS

Need help on this. Is it a future?

LBaaS

Need help on this. Is it a future?

NAT & Floating IPs

At the current time Openstack Neutron does not provide any facilitates to support and flavor of NAT with IPv6. Unlike IPv4 there is no current embedded support for floating IPs with IPV6. It is assumed that the IPv6 addressing amongst the tenants are GUA addresses with no over-lap across the tenants.

Security Considerations

Initially this is probably just stating the security group rules relative to Ipv6 that are applied.

Configuring Interfaces of the Guest

Openstack Control & Management Network Considerations

Probably this just gets lefts as Future item.

References

Point to other Ipv6 documents