diff options
Diffstat (limited to 'docs/userguide')
-rw-r--r-- | docs/userguide/feature.configguide.rst | 1041 | ||||
-rw-r--r-- | docs/userguide/feature.userguide.rst (renamed from docs/userguide/feature.usage.rst) | 0 | ||||
-rw-r--r-- | docs/userguide/index.rst | 200 |
3 files changed, 1056 insertions, 185 deletions
diff --git a/docs/userguide/feature.configguide.rst b/docs/userguide/feature.configguide.rst new file mode 100644 index 0000000..67f616f --- /dev/null +++ b/docs/userguide/feature.configguide.rst @@ -0,0 +1,1041 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +=============================================================== +IPv6 Configuration - Setting Up a Service VM as an IPv6 vRouter +=============================================================== + +This section provides instructions to set up a service VM as an IPv6 vRouter using OPNFV Colorado Release +installers. The environment may be pure OpenStack option or Open Daylight L2-only option. +The deployment model may be HA or non-HA. The infrastructure may be bare metal or virtual environment. + +For complete instructions and documentations of setting up service VM as an IPv6 vRouter using ANY method, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +**************************** +Pre-configuration Activities +**************************** + +The configuration will work in 2 environments: + +1. OpenStack-only environment +2. OpenStack with Open Daylight L2-only environment + +Depending on which installer will be used to deploy OPNFV, each environment may be deployed +on bare metal or virtualized infrastructure. Each deployment may be HA or non-HA. + +Refer to the previous installer configuration chapters, installations guide and release notes. + +****************************************** +Setup Manual in OpenStack-Only Environment +****************************************** + +If you intend to set up a service VM as an IPv6 vRouter in OpenStack-only environment of +OPNFV Colorado Release, please **NOTE** that: + +* Because the anti-spoofing rules of Security Group feature in OpenStack prevents + a VM from forwarding packets, we need to disable Security Group feature in the + OpenStack-only environment. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-NATIVE-INSTALL-1**: To install OpenStack-only environment of OPNFV Colorado Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-nosdn-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-ha + # Scenario Configuration File: ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-noha + # Scenario Configuration File: no-ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-NATIVE-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +**OPNFV-NATIVE-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + extension_drivers = port_security + enable_security_group = False + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = nova + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-NATIVE-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------- +Set Up Service VM as IPv6 vRouter +--------------------------------- + +**OPNFV-NATIVE-SETUP-1**: Now we assume that OpenStack multi-node setup is up and running. +We have to source the tenant credentials in OpenStack controller node in this step. +Please **NOTE** that the method of sourcing tenant credentials may vary depending on installers. +For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +**OPNFV-NATIVE-SETUP-2**: Download ``fedora22`` image which would be used for ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-3**: Import Fedora22 image to ``glance`` + +.. code-block:: bash + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-4: This step is Informational. OPNFV Installer has taken care of this step +during deployment. You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``OS-NATIVE-SETUP-4`` and +``OS-NATIVE-SETUP-5`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/5-ipv6-configguide-scenario-1-native-os.html#set-up-service-vm-as-ipv6-vrouter>`_. + +**OPNFV-NATIVE-SETUP-5**: Create Neutron routers ``ipv4-router`` and ``ipv6-router`` +which need to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + neutron router-create ipv6-router + +**OPNFV-NATIVE-SETUP-6**: Create an external network/subnet ``ext-net`` using +the appropriate values based on the data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +**OPNFV-NATIVE-SETUP-7**: Create Neutron networks ``ipv4-int-network1`` and +``ipv6-int-network2`` with port_security disabled + +.. code-block:: bash + + neutron net-create --port_security_enabled=False ipv4-int-network1 + neutron net-create --port_security_enabled=False ipv6-int-network2 + +**OPNFV-NATIVE-SETUP-8**: Create IPv4 subnet ``ipv4-int-subnet1`` in the internal network +``ipv4-int-network1``, and associate it to ``ipv4-router``. + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +**OPNFV-NATIVE-SETUP-9**: Associate the ``ext-net`` to the Neutron routers ``ipv4-router`` +and ``ipv6-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + neutron router-gateway-set ipv6-router ext-net + +**OPNFV-NATIVE-SETUP-10**: Create two subnets, one IPv4 subnet ``ipv4-int-subnet2`` and +one IPv6 subnet ``ipv6-int-subnet2`` in ``ipv6-int-network2``, and associate both subnets to +``ipv6-router`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv6-int-network2 10.0.0.0/24 + + neutron subnet-create --name ipv6-int-subnet2 --ip-version 6 --ipv6-ra-mode slaac \ + --ipv6-address-mode slaac ipv6-int-network2 2001:db8:0:1::/64 + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + neutron router-interface-add ipv6-router ipv6-int-subnet2 + +**OPNFV-NATIVE-SETUP-11**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**OPNFV-NATIVE-SETUP-12**: Create ports for vRouter (with some specific MAC address +- basically for automation - to know the IPv6 addresses that would be assigned to the port). + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv6-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-13**: Create ports for VM1 and VM2. + +.. code-block:: bash + + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-14**: Update ``ipv6-router`` with routing information to subnet +``2001:db8:0:2::/64`` + +.. code-block:: bash + + neutron router-update ipv6-router --routes type=dict list=true \ + destination=2001:db8:0:2::/64,nexthop=2001:db8:0:1:f816:3eff:fe11:1111 + +**OPNFV-NATIVE-SETUP-15**: Boot Service VM (``vRouter``), VM1 and VM2 + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + + nova list + + # Please wait for some 10 to 15 minutes so that necessary packages (like radvd) + # are installed and vRouter is up. + nova console-log vRouter + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + + nova list # Verify that all the VMs are in ACTIVE state. + +**OPNFV-NATIVE-SETUP-16**: If all goes well, the IPv6 addresses assigned to the VMs +would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +**OPNFV-NATIVE-SETUP-17**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +**************************************************************** +Setup Manual in OpenStack with Open Daylight L2-Only Environment +**************************************************************** + +If you intend to set up a service VM as an IPv6 vRouter in an environment of OpenStack +and Open Daylight L2-only of OPNFV Colorado Release, please **NOTE** that: + +* We **SHOULD** use the ``odl-ovsdb-openstack`` version of Open Daylight Boron + in OPNFV Colorado Release. Please refer to our + `Gap Analysis <http://artifacts.opnfv.org/ipv6/docs/gapanalysis/gap-analysis-odl-boron.html>`_ + for more information. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. +* However, in case of HA, when ``ipv6-router`` is created in step **SETUP-SVM-11**, + it could be created in any of the controller node. Thus you need to identify in which + controller node ``ipv6-router`` is created in order to manually spawn ``radvd`` daemon + inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through **SETUP-SVM-30**. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-INSTALL-1**: To install OpenStack with Open Daylight L2-only environment +of OPNFV Colorado Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # There is no settings file provided by default for odl_l2 non-HA deployment + # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file + # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml + # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: + + # - For Non-HA, Virtual deployment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # - For Non-HA, Bare Metal deployment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-odl_l2-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-ha + # Scenario Configuration File: ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-noha + # Scenario Configuration File: no-ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = False + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = nova + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------------------------- +Source the Credentials in OpenStack Controller Node +--------------------------------------------------- + +**SETUP-SVM-1**: Login in OpenStack Controller Node. Start a new terminal, +and change directory to where OpenStack is installed. + +**SETUP-SVM-2**: We have to source the tenant credentials in this step. Please **NOTE** +that the method of sourcing tenant credentials may vary depending on installers. For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +------------------------------------------------------------------------------------ +Informational Note: Move Public Network from Physical Network Interface to ``br-ex`` +------------------------------------------------------------------------------------ + +**SETUP-SVM-3**: Move the physical interface (i.e. the public network interface) to ``br-ex`` + +**SETUP-SVM-4**: Verify setup of ``br-ex`` + +**Those 2 steps are Informational. OPNFV Installer has taken care of those 2 steps during deployment. +You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``SETUP-SVM-3`` and +``SETUP-SVM-4`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/4-ipv6-configguide-servicevm.html#add-external-connectivity-to-br-ex>`_. + +-------------------------------------------------------- +Create IPv4 Subnet and Router with External Connectivity +-------------------------------------------------------- + +**SETUP-SVM-5**: Create a Neutron router ``ipv4-router`` which needs to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + +**SETUP-SVM-6**: Create an external network/subnet ``ext-net`` using the appropriate values based on the +data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +Please note that the IP addresses in the command above are for exemplary purpose. **Please replace the IP addresses of +your actual network**. + +**SETUP-SVM-7**: Associate the ``ext-net`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + +**SETUP-SVM-8**: Create an internal/tenant IPv4 network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + +**SETUP-SVM-9**: Create an IPv4 subnet ``ipv4-int-subnet1`` in the internal network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + +**SETUP-SVM-10**: Associate the IPv4 internal subnet ``ipv4-int-subnet1`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +-------------------------------------------------------- +Create IPv6 Subnet and Router with External Connectivity +-------------------------------------------------------- + +Now, let us create a second neutron router where we can "manually" spawn a ``radvd`` daemon to simulate an external +IPv6 router. + +**SETUP-SVM-11**: Create a second Neutron router ``ipv6-router`` which needs to provide external connectivity + +.. code-block:: bash + + neutron router-create ipv6-router + +**SETUP-SVM-12**: Associate the ``ext-net`` to the Neutron router ``ipv6-router`` + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv6-router ext-net + +**SETUP-SVM-13**: Create a second internal/tenant IPv4 network ``ipv4-int-network2`` + +.. code-block:: bash + + neutron net-create ipv4-int-network2 + +**SETUP-SVM-14**: Create an IPv4 subnet ``ipv4-int-subnet2`` for the ``ipv6-router`` internal network +``ipv4-int-network2`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv4-int-network2 10.0.0.0/24 + +**SETUP-SVM-15**: Associate the IPv4 internal subnet ``ipv4-int-subnet2`` to the Neutron router ``ipv6-router``. + +.. code-block:: bash + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + +-------------------------------------------------- +Prepare Image, Metadata and Keypair for Service VM +-------------------------------------------------- + +**SETUP-SVM-16**: Download ``fedora22`` image which would be used as ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**SETUP-SVM-17**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**SETUP-SVM-18**: Create ports for ``vRouter`` and both the VMs with some specific MAC addresses. + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv4-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +---------------------------------------------------------------------------------------------------------- +Boot Service VM (``vRouter``) with ``eth0`` on ``ipv4-int-network2`` and ``eth1`` on ``ipv4-int-network1`` +---------------------------------------------------------------------------------------------------------- + +Let us boot the service VM (``vRouter``) with ``eth0`` interface on ``ipv4-int-network2`` connecting to ``ipv6-router``, +and ``eth1`` interface on ``ipv4-int-network1`` connecting to ``ipv4-router``. + +**SETUP-SVM-19**: Boot the ``vRouter`` using ``Fedora22`` image on the OpenStack Compute Node with hostname +``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + +Please **note** that ``/opt/stack/opnfv_os_ipv6_poc/metadata.txt`` is used to enable the ``vRouter`` to automatically +spawn a ``radvd``, and + +* Act as an IPv6 vRouter which advertises the RA (Router Advertisements) with prefix + ``2001:db8:0:2::/64`` on its internal interface (``eth1``). +* Forward IPv6 traffic from internal interface (``eth1``) + +**SETUP-SVM-20**: Verify that ``Fedora22`` image boots up successfully and vRouter has ``ssh`` keys properly injected + +.. code-block:: bash + + nova list + nova console-log vRouter + +Please note that **it may take a few minutes** for the necessary packages to get installed and ``ssh`` keys +to be injected. + +.. code-block:: bash + + # Sample Output + [ 762.884523] cloud-init[871]: ec2: ############################################################# + [ 762.909634] cloud-init[871]: ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- + [ 762.931626] cloud-init[871]: ec2: 2048 e3:dc:3d:4a:bc:b6:b0:77:75:a1:70:a3:d0:2a:47:a9 (RSA) + [ 762.957380] cloud-init[871]: ec2: -----END SSH HOST KEY FINGERPRINTS----- + [ 762.979554] cloud-init[871]: ec2: ############################################################# + +------------------------------------------- +Boot Two Other VMs in ``ipv4-int-network1`` +------------------------------------------- + +In order to verify that the setup is working, let us create two cirros VMs with ``eth1`` interface on the +``ipv4-int-network1``, i.e., connecting to ``vRouter`` ``eth1`` interface for internal network. + +We will have to configure appropriate ``mtu`` on the VMs' interface by taking into account the tunneling +overhead and any physical switch requirements. If so, push the ``mtu`` to the VM either using ``dhcp`` +options or via ``meta-data``. + +**SETUP-SVM-21**: Create VM1 on OpenStack Controller Node with hostname ``opnfv-os-controller`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + +**SETUP-SVM-22**: Create VM2 on OpenStack Compute Node with hostname ``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + +**SETUP-SVM-23**: Confirm that both the VMs are successfully booted. + +.. code-block:: bash + + nova list + nova console-log VM1 + nova console-log VM2 + +---------------------------------- +Spawn ``RADVD`` in ``ipv6-router`` +---------------------------------- + +Let us manually spawn a ``radvd`` daemon inside ``ipv6-router`` namespace to simulate an external router. +First of all, we will have to identify the ``ipv6-router`` namespace and move to the namespace. + +Please **NOTE** that in case of HA (High Availability) deployment model where multiple controller +nodes are used, ``ipv6-router`` created in step **SETUP-SVM-11** could be in any of the controller +node. Thus you need to identify in which controller node ``ipv6-router`` is created in order to manually +spawn ``radvd`` daemon inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through +**SETUP-SVM-30**. The following command in Neutron will display the controller on which the +``ipv6-router`` is spawned. + +.. code-block:: bash + + neutron l3-agent-list-hosting-router ipv6-router + +Then you login to that controller and execute steps **SETUP-SVM-24** +through **SETUP-SVM-30** + +**SETUP-SVM-24**: identify the ``ipv6-router`` namespace and move to the namespace + +.. code-block:: bash + + sudo ip netns exec qrouter-$(neutron router-list | grep -w ipv6-router | \ + awk '{print $2}') bash + +**SETUP-SVM-25**: Upon successful execution of the above command, you will be in the router namespace. +Now let us configure the IPv6 address on the <qr-xxx> interface. + +.. code-block:: bash + + export router_interface=$(ip a s | grep -w "global qr-*" | awk '{print $7}') + ip -6 addr add 2001:db8:0:1::1 dev $router_interface + +**SETUP-SVM-26**: Update the sample file ``/opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf`` +with ``$router_interface``. + +.. code-block:: bash + + cp /opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf /tmp/radvd.$router_interface.conf + sed -i 's/$router_interface/'$router_interface'/g' /tmp/radvd.$router_interface.conf + +**SETUP-SVM-27**: Spawn a ``radvd`` daemon to simulate an external router. This ``radvd`` daemon advertises an IPv6 +subnet prefix of ``2001:db8:0:1::/64`` using RA (Router Advertisement) on its $router_interface so that ``eth0`` +interface of ``vRouter`` automatically configures an IPv6 SLAAC address. + +.. code-block:: bash + + $radvd -C /tmp/radvd.$router_interface.conf -p /tmp/br-ex.pid.radvd -m syslog + +**SETUP-SVM-28**: Add an IPv6 downstream route pointing to the ``eth0`` interface of vRouter. + +.. code-block:: bash + + ip -6 route add 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 + +**SETUP-SVM-29**: The routing table should now look similar to something shown below. + +.. code-block:: bash + + ip -6 route show + 2001:db8:0:1::1 dev qr-42968b9e-62 proto kernel metric 256 + 2001:db8:0:1::/64 dev qr-42968b9e-62 proto kernel metric 256 expires 86384sec + 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 dev qr-42968b9e-62 proto ra metric 1024 expires 29sec + fe80::/64 dev qg-3736e0c7-7c proto kernel metric 256 + fe80::/64 dev qr-42968b9e-62 proto kernel metric 256 + +**SETUP-SVM-30**: If all goes well, the IPv6 addresses assigned to the VMs would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +-------------------------------- +Testing to Verify Setup Complete +-------------------------------- + +Now, let us ``SSH`` to those VMs, e.g. VM1 and / or VM2 and / or vRouter, to confirm that +it has successfully configured the IPv6 address using ``SLAAC`` with prefix +``2001:db8:0:2::/64`` from ``vRouter``. + +We use ``floatingip`` mechanism to achieve ``SSH``. + +**SETUP-SVM-31**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +If everything goes well, ``ssh`` will be successful and you will be logged into those VMs. +Run some commands to verify that IPv6 addresses are configured on ``eth0`` interface. + +**SETUP-SVM-32**: Show an IPv6 address with a prefix of ``2001:db8:0:2::/64`` + +.. code-block:: bash + + ip address show + +**SETUP-SVM-33**: ping some external IPv6 address, e.g. ``ipv6-router`` + +.. code-block:: bash + + ping6 2001:db8:0:1::1 + +If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic +to reach external ``ipv6-router``. + +********************************* +IPv6 Post Installation Procedures +********************************* + +Congratulations, you have completed the setup of using a service VM to act as an IPv6 vRouter. +You have validated the setup based on the instruction in previous sections. If you want to further +test your setup, you can ``ping6`` among ``VM1``, ``VM2``, ``vRouter`` and ``ipv6-router``. + +This setup allows further open innovation by any 3rd-party. For more instructions and documentations, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +************************************** +Automated post installation activities +************************************** + +Refer to the relevant testing guides, results, and release notes of Yardstick Project. diff --git a/docs/userguide/feature.usage.rst b/docs/userguide/feature.userguide.rst index 12e7b91..12e7b91 100644 --- a/docs/userguide/feature.usage.rst +++ b/docs/userguide/feature.userguide.rst diff --git a/docs/userguide/index.rst b/docs/userguide/index.rst index 12e7b91..efacc7f 100644 --- a/docs/userguide/index.rst +++ b/docs/userguide/index.rst @@ -2,193 +2,23 @@ .. http://creativecommons.org/licenses/by/4.0 .. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) -====================================== -Using IPv6 Feature of Colorado Release -====================================== +=============== +IPv6 User Guide +=============== -This section provides the users with gap analysis regarding IPv6 feature requirements with -OpenStack Mitaka Official Release and Open Daylight Boron Official Release. The gap analysis -serves as feature specific user guides and references when as a user you may leverage the -IPv6 feature in the platform and need to perform some IPv6 related operations. +.. The feature user guide should provide an OPNFV user with enough information to +.. use the features provided by the feature project in the supported scenarios. +.. This guide should walk a user through the usage of the features once a scenario +.. has been deployed and is active according to the installation guide provided +.. by the installer project. -*************************************** -IPv6 Gap Analysis with OpenStack Mitaka -*************************************** +.. toctree:: + :maxdepth: 3 -This section provides users with IPv6 gap analysis regarding feature requirement with -OpenStack Neutron in Mitaka Official Release. The following table lists the use cases / feature -requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF -(VM) layer, and its gap analysis with OpenStack Neutron in Mitaka Official Release. +.. The feature.userguide.rst file should contain the text for this document +.. additional documents can be added to this directory and added in the right order +.. to this file as a list below. -.. table:: - :class: longtable + ./feature.configguide.rst + ./feature.userguide.rst - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Use Case / Requirement |Supported in Mitaka|Notes | - +===========================================================+===================+====================================================================+ - |All topologies work in a multi-tenant environment |Yes |The IPv6 design is following the Neutron tenant networks model; | - | | |dnsmasq is being used inside DHCP network namespaces, while radvd | - | | |is being used inside Neutron routers namespaces to provide full | - | | |isolation between tenants. Tenant isolation can be based on VLANs, | - | | |GRE, or VXLAN encapsulation. In case of overlays, the transport | - | | |network (and VTEPs) must be IPv4 based as of today. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 VM to VM only |Yes |It is possible to assign IPv6-only addresses to VMs. Both switching | - | | |(within VMs on the same tenant network) as well as east/west routing| - | | |(between different networks of the same tenant) are supported. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 external L2 VLAN directly attached to a VM |Yes |IPv6 provider network model; RA messages from upstream (external) | - | | |router are forwarded into the VMs | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 subnet routed via L3 agent to an external IPv6 network| |Configuration is enhanced since Kilo to allow easier setup of the | - | |1. Yes |upstream gateway, without the user being forced to create an IPv6 | - |1. Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached | |subnet for the external network. | - | to VMs; | | | - |2. Must be able to support multiple L3 agents for a given |2. Yes | | - | external network to support scaling (neutron scheduler | | | - | to assign vRouters to the L3 agents) | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability for a NIC to support both IPv4 and IPv6 (dual | |Dual-stack is supported in Neutron with the addition of | - |stack) address. | |``Multiple IPv6 Prefixes`` Blueprint | - | | | | - |1. VM with a single interface associated with a network, |1. Yes | | - | which is then associated with two subnets. | | | - |2. VM with two different interfaces associated with two |2. Yes | | - | different networks and two different subnets. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support IPv6 Address assignment modes. |1. Yes | | - | | | | - |1. SLAAC |2. Yes | | - |2. DHCPv6 Stateless | | | - |3. DHCPv6 Stateful |3. Yes | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability to create a port on an IPv6 DHCPv6 Stateful subnet |Yes | | - |and assign a specific IPv6 address to the port and have it | | | - |taken out of the DHCP address pool. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability to create a port with fixed_ip for a |**No** |The following patch disables this operation: | - |SLAAC/DHCPv6-Stateless Subnet. | |https://review.openstack.org/#/c/129144/ | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support for private IPv6 to external IPv6 floating IP; |**Rejected** |Blueprint proposed in upstream and got rejected. General expectation| - |Ability to specify floating IPs via Neutron API (REST and | |is to avoid NAT with IPv6 by assigning GUA to tenant VMs. See | - |CLI) as well as via Horizon, including combination of | |https://review.openstack.org/#/c/139731/ for discussion. | - |IPv6/IPv4 and IPv4/IPv6 floating IPs if implemented. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Provide IPv6/IPv4 feature parity in support for |**To-Do** |The L3 configuration should be transparent for the SR-IOV | - |pass-through capabilities (e.g., SR-IOV). | |implementation. SR-IOV networking support introduced in Juno based | - | | |on the ``sriovnicswitch`` ML2 driver is expected to work with IPv4 | - | | |and IPv6 enabled VMs. We need to verify if it works or not. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Additional IPv6 extensions, for example: IPSEC, IPv6 |**No** |It does not appear to be considered yet (lack of clear requirements)| - |Anycast, Multicast | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |VM access to the meta-data server to obtain user data, SSH |**No** |This is currently not supported. Config-drive or dual-stack IPv4 / | - |keys, etc. using cloud-init with IPv6 only interfaces. | |IPv6 can be used as a workaround (so that the IPv4 network is used | - | | |to obtain connectivity with the metadata service) | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, |Yes | | - |UDP) in security groups. Ability to control and manage all | | | - |IPv6 security group capabilities via Neutron/Nova API (REST| | | - |and CLI) as well as via Horizon. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |During network/subnet/router create, there should be an |Yes |Two new Subnet attributes were introduced to control IPv6 address | - |option to allow user to specify the type of address | |assignment options: | - |management they would like. This includes all options | | | - |including those low priority if implemented (e.g., toggle | |* ``ipv6-ra-mode``: to determine who sends Router Advertisements; | - |on/off router and address prefix advertisements); It must | | | - |be supported via Neutron API (REST and CLI) as well as via | |* ``ipv6-address-mode``: to determine how VM obtains IPv6 address, | - |Horizon | | default gateway, and/or optional information. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Security groups anti-spoofing: Prevent VM from using a |Yes | | - |source IPv6/MAC address which is not assigned to the VM | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Protect tenant and provider network from rogue RAs |Yes |When using a tenant network, Neutron is going to automatically | - | | |handle the filter rules to allow connectivity of RAs to the VMs only| - | | |from the Neutron router port; with provider networks, users are | - | | |required to specify the LLA of the upstream router during the subnet| - | | |creation, or otherwise manually edit the security-groups rules to | - | | |allow incoming traffic from this specific address. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support the ability to assign multiple IPv6 addresses to |Yes | | - |an interface; both for Neutron router interfaces and VM | | | - |interfaces. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability for a VM to support a mix of multiple IPv4 and IPv6|Yes | | - |networks, including multiples of the same type. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support for IPv6 Prefix Delegation. |Yes |Partial support in Mitaka | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Distributed Virtual Routing (DVR) support for IPv6 |**No** |Blueprint proposed upstream, pending discussion. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 First-Hop Security, IPv6 ND spoofing |Yes | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 support in Neutron Layer3 High Availability |Yes | | - |(keepalived+VRRP). | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - -****************************************** -IPv6 Gap Analysis with Open Daylight Boron -****************************************** - -This section provides users with IPv6 gap analysis regarding feature requirement with -Open Daylight Boron Official Release. The following table lists the use cases / feature -requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF -(VM) layer, and its gap analysis with Open Daylight Boron Official Release. - -**Open Daylight Boron Status** - -There are 2 options in Open Daylight Boron to provide Virtualized Networks: - -1 ``Old Netvirt``: netvirt implementation used in Open Daylight Beryllium Release - identified by feature ``odl-ovsdb-openstack`` - -2 ``New Netvirt``: netvirt implementation which will replace the Old Netvirt in the - future releases based on a more modular design. It is identified by feature - ``odl-netvirt-openstack`` - -.. table:: - :class: longtable - - +--------------------------------------------------+---------------------------------------------+--------------------------------------------------------------+ - |Use Case / Requirement | Supported in ODL Boron |Notes | - | +---------------------+-----------------------+ | - | | Old Netvirt | New Netvirt | | - | |(odl-ovsdb-openstack)|(odl-netvirt-openstack)| | - +==================================================+=====================+=======================+==============================================================+ - |REST API support for IPv6 subnet creation in ODL |Yes |Yes |Yes, it is possible to create IPv6 subnets in ODL using | - | | | |Neutron REST API. | - | | | | | - | | | |For a network which has both IPv4 and IPv6 subnets, ODL | - | | | |mechanism driver will send the port information which includes| - | | | |IPv4/v6 addresses to ODL Neutron northbound API. When port | - | | | |information is queried it displays IPv4 and IPv6 addresses. | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |IPv6 Router support in ODL |**No** |**Partial** |IPv6 Router support is work in progress in ODL. | - | | | | | - |1. Communication between VMs on same compute node | | |Currently communication between VMs on the same network is | - |2. Communication between VMs on different compute | | |supported, and the support for the other modes is work in | - | nodes (east-west) | | |progress. | - |3. External routing (north-south) | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |IPAM: Support for IPv6 Address assignment modes. |**No** |Yes |ODL IPv6 Router supports all the IPv6 Address assignment modes| - | | | |along with Neutron DHCP Agent. | - |1. SLAAC | | | | - |2. DHCPv6 Stateless | | | | - |3. DHCPv6 Stateful | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |When using ODL for L2 forwarding/tunneling, it is |Yes |Yes | | - |compatible with IPv6. | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |Full support for IPv6 matching (i.e. IPv6, ICMPv6,|**Partial** |**Partial** |Security Groups for IPv6 is a work in progress, and some | - |TCP, UDP) in security groups. Ability to control | | |partial support is available. | - |and manage all IPv6 security group capabilities | | | | - |via Neutron/Nova API (REST and CLI) as well as via| | | | - |Horizon | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |Shared Networks support |Yes |Yes | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |IPv6 external L2 VLAN directly attached to a VM. |**ToDo** |**ToDo** | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |ODL on an IPv6 only Infrastructure. |**No** |**Work in Progress** |Deploying OpenStack with ODL on an IPv6 only infrastructure | - | | | |where the API endpoints are all IPv6 addresses. | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ |