Deploying IPv6 on OpenStackTung Nguyen Thanh - VCCloudOct 7 - 2017

Agenda

● IPv6 Overview● IPv6 address management● IPv6 deployments options and consideration

points in OpenStack● Deploying and Troubleshooting

IPv4: Running Out of Addresses

- Short term solutions included:+ NAT (Network Address Translation)+ Private address space+ CIDR (Classless Inter-Domain Routing)

- Long-term solution: IPv6

Introducing IPv6

● Not a “new” protocol.● Developed mid to late

1990s.● Much learned from IPv4.● 128-bit address space,

written in hexadecimal.● This gives us 340

undecillion addresses!

IPv6 Address Types

Global Unicast Address

IPv6 Address Allocation

IPv6 Overview

● IPv6 is not just about more addresses: ○ Stateless autoconfiguration○ End-to-end reachability without private addresses

and NAT○ Better support for mobility○ Peer-to-peer networking easier to create and

maintain, and services such as VoIP and Quality of Service (QoS) become more robust.

○ Security○ Routing

IPv5 ?

IPv10 ?

Is ‘IPv6’ faster ?

IPv6 address configuration modes

Three configuration modes:

● SLAAC● DHCPv6 stateless● DHCPv6stateful

The configuration mode is determined based on RA flag:● M (Managed) => 0

(RA/DHCPv6 stateless), 1 (DHCPv6 stateful

● O (Other) => 0 (SLAAC), 1 (use DHCPv6)

SLAAC (Stateless Address Autoconfiguration)

● IPv6 address of a client is configured based on RA (Router advertisement)

● Gateway is also configured.● Optionally, DNS information(if RFC6106), MTU and so on can be

configured.● Only /64 prefix is used

DHCP v6 Stateless

● IPv6 address is configured based on RA● Other information is retrieved via DHCPv6● Looks used most commonly● Only way to distribute DNS info before RFC6106

DHCP v6 Stateful

● All information is configured based on DHCPv6● There is information that GW is not configured properly.

Deployment IPv6

Dual Stack IPv4 IPv6

NAT64/DNS64

Network Tunnel

IPv6 on Openstack

Two attributes related to IPv6 address configuration:

- Ipv6_address_mode: Control of how addressing is handled by OpenStack

- Ipv6_ra_mode: Control of router advertisements for a subnet

There are constraints between two modes

- OpenStacknetworking guide- https://docs.openstack.org/ocata/networking-guide/config-ipv6

.html- https://access.redhat.com/documentation/en-us/red_hat_opens

tack_platform/9/html/networking_guide/sec-ipv6

● IPv6 address mode: Specifies how IPv6 address is generated and assigned, IPAM is mainly involved in it and Also controls if the reference DHCP implementation serves● “Slaac”: Neutron generates a port address based on MAC address

(EUI-64)● “Dhcpv6-stateless”:

- Neutron generates a port address based on MAC address (EUI-64)- Neutron provides DHCP options for port

● “Dhcpv6-stateful”- Any address can be configured- Perhaps non-/64 prefix can be used

● Not Specified (N/S)- (Backward compatibility)- Any static address can be configured.

● IPv6 RA mode: Specifies how neutron router sends RA● "slaac"● "dhcpv6-stateles"● "dhcpv6-stateful"

- Neutron setup radvd on a router and provides RA- RA flags are set accordingly

● Not Specified (N/S)- Neutron does nothing.- radvd on a router is not setup

The behavior of the neutron router for IPv6

- Internal router ports, that act as default gateway ports for a network, will share a common port for all IPv6 subnets associated with the network.

- Neutron tenant networks that are assigned Global Unicast Address (GUA) prefixes and addresses don’t require NAT on the neutron router external gateway port to access the outside world

- GUA IPv6 subnet prefix is not necessarily needed for the neutron external network. By default, a IPv6 LLA associated with the external gateway port can be used for routing purposes.

Vccloud Ipv6

Dual Stack VM

Changelog on images (glance)

RHEL / CentOS / Oracle Linux

Edit the file /etc/sysconfig/network and add the following parameter:

NETWORKING_IPV6=yes

Edit the file /etc/sysconfig/network-scripts/ifcfg-eth0 and add the following two parameters:

IPV6INIT=yes

DHCPV6C=yes

Changelog on images (glance)

Ubuntu

Edit the file /etc/dhcp/dhclient6.conf and add the following line:

timeout 10;

Edit the network configuration for the eth0 interface with the following configuration:

Edit the file /etc/network/interfaces

iface eth0 inet6 dhcp

Changelog on images (glance)

Windows

netsh interface ipv6 set interface 15 routerdiscovery=disabled netsh interface ipv6 set interface 15 managedaddress=enabled netsh interface ipv6 set interface 15 otherstateful=enabled

https://support.microsoft.com/en-us/help/961433/how-to-configure-a-windows-vista-client-to-obtain-an-ipv6-dhcp-address

Troubleshooting

Q&A

Thank you