Deploying IPv6 With OpenStack Provider Networks

Last year I posted on “Tenant IPv6 Deployment in OpenStack Kilo Release” and I also posted on “Using OpenStack Heat to Deploy an IPv6-Enabled Instance”.  Both of those posts were using the Neutron L3 Agent (Tenant routers) for my examples.  In this post I will show the deployment of IPv6 using Provider Networks. There is no specific OpenStack release that I am dictating for this setup. I have used this config on Kilo-to-Newton.

OpenStack Provider Networks with VLANs  allows for the use of VLAN trunks from the upstream Data Center access layer/leaf/ToR switches to the Neutron networks within the OpenStack cloud.  In the use case that I am discussing here, I want to use my Data Center aggregation layer switches as my first-hop layer 3 boundary. I have no use for NAT and I have no use for Neutron L3 agents (specific to running a tenant router).

The following diagram shows the topology that I am using. In this example I have a single All-in-One (AIO) OpenStack node. That node is running on a Cisco UCS C-series with a Cisco VIC which has a VPC configuration to the access layer ToR switches. There are VLAN trunks configured between the ToRs and the Data Center aggregation layer switches (only one shown for simplicity). VLAN 22 (2001:db8:cafe:16::/64) is the VLAN that is used in my examples.  The text box in the diagram shows the NIC layout (ethX<>bonds):

ipv6-provider

I explained a lot about SLAAC, Stateless DHCPv6 and Stateful DHCPv6 Stateful stuff in the blog from May 2015 and I am not rehashing all of that here. Check that post for more details if you are unfamiliar with IPv6 address assignment options. Also, if you want to know more about how Managed (M) and Other (O) flags are used with various IPv6 assignment methods, consult RFC5175.

We are going to jump right into configuration:

Assuming you have a running OpenStack deployment and have followed the guidelines for setting up Neutron to support Provider Networks with VLANs (OVS example, Linux Bridge example), all you have to do is create the provider network and subnet using the IPv6 address assignment method you want (SLAAC, Stateless DHCPv6, Stateful DHCPv6).

Create the Neutron Provider Network with VLAN

In the example below, I am indicating that the router is external (aggregation layer switches), the provider network is of the type VLAN and the VLAN (segmentation_id) associated with this network is VLAN 22:

neutron net-create --router:external --provider:physical_network provider --provider:network_type vlan --provider:segmentation_id=22 --shared external-net

Create the Neutron Subnet using SLAAC

In the example below, I am using SLAAC as the IPv6 address assignment method.  Note: It is very important to indicate the “–allocation-pool” range with provider networks with VLANs because if you don’t then the beginning IPv6 address range will likely cause a DAD (Duplicate Address Detection) failure with IPv6 address already assigned on your upstream VLAN interfaces on the aggregation layer switches.  In this example I am starting the allocation pool range at ::5 so that I do not conflict with addresses on my switches (i.e. ::1 – ::4):

neutron subnet-create external-net --ip-version=6 --ipv6-address-mode=slaac --ipv6-ra-mode=slaac --name=external-subnet-v6 --allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64

Create the Neutron Subnet using Stateless DHCPv6

In the example below, I am using Stateless DHCPv6 as the IPv6 address assignment method.  With Stateless and Stateful DHCPv6 you have the option to add the “–dns-nameserver” flag (since the O-bit [Other configuration] can be set). In this example I am setting 2001:db8:cafe:a::e as the DNS entry which points to my DNS server referenced in the previous diagram.  Again, it is important to setup the “–allocation-pool” range:

neutron subnet-create external-net --ip-version=6 --ipv6-address-mode=dhcpv6-stateless --ipv6-ra-mode=dhcpv6-stateless --name=external-subnet-v6 --allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64 --dns-nameserver 2001:db8:cafe:a::e

Create the Neutron Subnet using Stateful DHCPv6

In the example below, I am using Stateful DHCPv6 as the IPv6 address assignment method.  As was the case with Stateless DHCPv6, Stateful DHCPv6 allows  for the option to add the “–dns-nameserver” flag (since the O-bit can be set):

neutron subnet-create external-net --ip-version=6 --ipv6-address-mode=dhcpv6-stateful --ipv6-ra-mode=dhcpv6-stateful --name=external-subnet-v6 --allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64 --dns-nameserver 2001:db8:cafe:a::e

Example Configuration for the upstream Data Center aggregation layer switch (VLAN interfaces shown):

SLAAC:

This example shows VLAN22 with an IPv6 address of 2001:db8:cafe:16::1/64. HSRPv2 is used as the First-Hop Redundancy Protocol.

interface Vlan22
 description Provider Network trunked for C7-os-1
 ip address 172.16.22.2 255.255.255.0
 ipv6 address 2001:DB8:CAFE:16::1/64
 standby version 2
 standby 2 ipv6 autoconfig
 standby 2 timers msec 250 msec 750
 standby 2 priority 110
 standby 2 preempt
 standby 2 authentication OPEN

Stateless DHCPv6:

This example is the same as the previous one with the exception of the “ipv6 nd other-config-flag” being set. This flat sets the O-bit which allows for the DNS option (or other options) to be sent to the VM in the Router Advertisement (RA).

interface Vlan22
 description Provider Network trunked for C7-os-1
 ip address 172.16.22.2 255.255.255.0
 ipv6 address 2001:DB8:CAFE:16::1/64
 ipv6 nd other-config-flag
 standby version 2
 standby 2 ipv6 autoconfig
 standby 2 timers msec 250 msec 750
 standby 2 priority 110
 standby 2 preempt
 standby 2 authentication OPEN

Stateful DHCPv6:

This example is also the same as the first one with the exception of the “ipv6 nd managed-config-flag” being set. This sets the M (Managed) and O (other) bits. The M-bit indicates that the addressing comes from DHCPv6 (Not SLAAC) and that the host wants options (DNS):

interface Vlan22
 description Provider Network trunked for C7-os-1
 ip address 172.16.22.2 255.255.255.0
 ipv6 address 2001:DB8:CAFE:16::1/64
 ipv6 nd managed-config-flag
 standby version 2
 standby 2 ipv6 autoconfig
 standby 2 timers msec 250 msec 750
 standby 2 priority 110
 standby 2 preempt
 standby 2 authentication OPEN

Consult my previous blog post on the stuff that you need to be aware of on the Linux VM side of things when you enable Stateless DHCPv6 and Stateful DHCPv6.

Have fun!

 

4 thoughts on “Deploying IPv6 With OpenStack Provider Networks”

  1. > neutron subnet-create external-net –ip-version=6 –ipv6-address-mode=dhcpv6-stateless –ipv6-ra-mode=dhcpv6-stateless –name=external-subnet-v6 –allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64 –dns-nameserver 2001:db8:cafe:a::e

    I am curious why you have to define an allocation pool for stateless, since the end station gets its address via the RA, not DHCPv6 when using O-bit (stateless DHCPv6).

    Additionally, I wonder if there is a RDNSS setting for SLAAC-only, since that is the standardized method to convey DNS server info (in the RA) in a SLAAC-only environment.

    1. Craig, thanks for the comment. Yes, for the instance you do not need the allocation-pool as it uses, as you mentioned, the RA. The allocation pool range is for Neutron objects (future routers, LBaaS, etc.) that will pull an address from the pool and not via an RA.

Leave a Reply

Your email address will not be published. Required fields are marked *