From 2c47bf9728e72c72918d38faf3a920138034ba2f Mon Sep 17 00:00:00 2001 From: Bin Hu Date: Thu, 11 Aug 2016 09:29:45 -0700 Subject: Renamed file according to most recent doc instruction Change-Id: I4b2c694e79115a242aea3de4e7500ea8361a8021 Signed-off-by: Bin Hu --- .../installation.instruction.rst | 205 +++++++++++++++++++++ .../scenario.installation.instruction.rst | 205 --------------------- docs/userguide/feature.usage.rst | 194 +++++++++++++++++++ docs/userguide/featureusage.rst | 194 ------------------- 4 files changed, 399 insertions(+), 399 deletions(-) create mode 100644 docs/installationprocedure/installation.instruction.rst delete mode 100644 docs/installationprocedure/scenario.installation.instruction.rst create mode 100644 docs/userguide/feature.usage.rst delete mode 100644 docs/userguide/featureusage.rst diff --git a/docs/installationprocedure/installation.instruction.rst b/docs/installationprocedure/installation.instruction.rst new file mode 100644 index 0000000..166880a --- /dev/null +++ b/docs/installationprocedure/installation.instruction.rst @@ -0,0 +1,205 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +========================================= +Install OPNFV on IPv6-Only Infrastructure +========================================= + +This section provides instructions to install OPNFV on IPv6-only Infrastructure. All underlay networks +and API endpoints will be IPv6-only except: + +1. "admin" network in underlay/undercloud still has to be IPv4, due to lack of support of IPMI + over IPv6 or PXE over IPv6. +2. OVS VxLAN (or GRE) tunnel endpoint is still IPv4 only, although IPv6 traffic can be + encapsulated within the tunnel. +3. Metadata server is still IPv4 only. + +Except the limitations above, the use case scenario of the IPv6-only infrastructure includes: + +1. Support OPNFV deployment on an IPv6 only infrastructure. +2. Horizon/ODL-DLUX access using IPv6 address from an external host. +3. OpenStack API access using IPv6 addresses from various python-clients. +4. Ability to create Neutron Routers, IPv6 subnets (e.g. SLAAC/DHCPv6-Stateful/ + DHCPv6-Stateless) to support North-South traffic. +5. Inter VM communication (East-West routing) when VMs are spread + across two compute nodes. +6. VNC access into a VM using IPv6 addresses. + +------------------------------------------- +Install OPNFV in OpenStack-Only Environment +------------------------------------------- + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -i -n /etc/opnfv-apex/network_setting_v6.yaml + + # Non-HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # Non-HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -i -n /etc/opnfv-apex/network_setting_v6.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i " is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting.yaml" for deployment in IPv4 infrastructure + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +-------------------------------------------------- +Install OPNFV in OpenStack with ODL-L2 Environment +-------------------------------------------------- + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -i -n /etc/opnfv-apex/network_setting_v6.yaml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # There is no settings file provided by default for odl_l2 non-HA deployment + # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file + # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml + # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: + + # - For Non-HA, Virtual deployment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # - For Non-HA, Bare Metal deployment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -i -n /etc/opnfv-apex/network_setting_v6.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i " is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting.yaml" for deployment in IPv4 infrastructure + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +------------------- +Testing Methodology +------------------- + +There are 2 levels of testing to validate the deployment. + +++++++++++++++++ +Underlay Testing +++++++++++++++++ + +**Underlay** Testing is to validate that API endpoints are listening on IPv6 addresses. +This can be as simple as validating Keystone service, and as complete as validating each +API endpoint. It is important to reuse Tempest API testing. + +Please **Note** that, to the best of our knowledge, Tempest API testing does not validate +API endpoints listening on IPv6 addresses. Thus Underlay Testing is postponed to future +release until Tempest API testing is ready to validate API endpoints listening on IPv6 addresses. + ++++++++++++++++ +Overlay Testing ++++++++++++++++ + +**Overlay** Testing is to validate that IPv6 is supported in tenant networks, subnets and routers. +Both Tempest API testing and Tempest Scenario testing are used in our Overlay Testing. + +Tempest API testing validates that the Neutron API supports the creation of IPv6 networks, subnets, routers, etc: + +.. code-block:: bash + + tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_network + tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_port + tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_subnet + tempest.api.network.test_networks.NetworksIpV6Test.test_create_update_delete_network_subnet + tempest.api.network.test_networks.NetworksIpV6Test.test_external_network_visibility + tempest.api.network.test_networks.NetworksIpV6Test.test_list_networks + tempest.api.network.test_networks.NetworksIpV6Test.test_list_subnets + tempest.api.network.test_networks.NetworksIpV6Test.test_show_network + tempest.api.network.test_networks.NetworksIpV6Test.test_show_subnet + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_create_update_delete_network_subnet + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_external_network_visibility + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_list_networks + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_list_subnets + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_show_network + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_show_subnet + tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_port_in_allowed_allocation_pools + tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_port_with_no_securitygroups + tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_update_delete_port + tempest.api.network.test_ports.PortsIpV6TestJSON.test_list_ports + tempest.api.network.test_ports.PortsIpV6TestJSON.test_show_port + tempest.api.network.test_routers.RoutersIpV6Test.test_add_multiple_router_interfaces + tempest.api.network.test_routers.RoutersIpV6Test.test_add_remove_router_interface_with_port_id + tempest.api.network.test_routers.RoutersIpV6Test.test_add_remove_router_interface_with_subnet_id + tempest.api.network.test_routers.RoutersIpV6Test.test_create_show_list_update_delete_router + tempest.api.network.test_security_groups.SecGroupIPv6Test.test_create_list_update_show_delete_security_group + tempest.api.network.test_security_groups.SecGroupIPv6Test.test_create_show_delete_security_group_rule + tempest.api.network.test_security_groups.SecGroupIPv6Test.test_list_security_groups + +Tempest Scenario testing validates some specific overlay IPv6 scenarios +(i.e. use cases) as follows: + +.. code-block:: bash + + tempest.scenario.test_network_v6.TestGettingAddress.test_dhcp6_stateless_from_os + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_dhcp6_stateless_from_os + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_dhcpv6_stateless + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_slaac + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_slaac_from_os + tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_dhcpv6_stateless + tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_slaac + tempest.scenario.test_network_v6.TestGettingAddress.test_slaac_from_os + +The above Tempest API testing and Scenario testing are quite comprehensive to validate +overlay IPv6 tenant networks. They are used in Smoke Test in FuncTest, which is integrated +into OPNFV's CI/CD environment. + diff --git a/docs/installationprocedure/scenario.installation.instruction.rst b/docs/installationprocedure/scenario.installation.instruction.rst deleted file mode 100644 index 166880a..0000000 --- a/docs/installationprocedure/scenario.installation.instruction.rst +++ /dev/null @@ -1,205 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) - -========================================= -Install OPNFV on IPv6-Only Infrastructure -========================================= - -This section provides instructions to install OPNFV on IPv6-only Infrastructure. All underlay networks -and API endpoints will be IPv6-only except: - -1. "admin" network in underlay/undercloud still has to be IPv4, due to lack of support of IPMI - over IPv6 or PXE over IPv6. -2. OVS VxLAN (or GRE) tunnel endpoint is still IPv4 only, although IPv6 traffic can be - encapsulated within the tunnel. -3. Metadata server is still IPv4 only. - -Except the limitations above, the use case scenario of the IPv6-only infrastructure includes: - -1. Support OPNFV deployment on an IPv6 only infrastructure. -2. Horizon/ODL-DLUX access using IPv6 address from an external host. -3. OpenStack API access using IPv6 addresses from various python-clients. -4. Ability to create Neutron Routers, IPv6 subnets (e.g. SLAAC/DHCPv6-Stateful/ - DHCPv6-Stateless) to support North-South traffic. -5. Inter VM communication (East-West routing) when VMs are spread - across two compute nodes. -6. VNC access into a VM using IPv6 addresses. - -------------------------------------------- -Install OPNFV in OpenStack-Only Environment -------------------------------------------- - -**Apex Installer**: - -.. code-block:: bash - - # HA, Virtual deployment in OpenStack-only environment - ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ - -n /etc/opnfv-apex/network_setting_v6.yaml - - # HA, Bare Metal deployment in OpenStack-only environment - ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ - -i -n /etc/opnfv-apex/network_setting_v6.yaml - - # Non-HA, Virtual deployment in OpenStack-only environment - ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ - -n /etc/opnfv-apex/network_setting_v6.yaml - - # Non-HA, Bare Metal deployment in OpenStack-only environment - ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ - -i -n /etc/opnfv-apex/network_setting_v6.yaml - - # Note: - # - # 1. Parameter ""-v" is mandatory for Virtual deployment - # 2. Parameter "-i " is mandatory for Bare Metal deployment - # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file - # 3. You can use "-n /etc/opnfv-apex/network_setting.yaml" for deployment in IPv4 infrastructure - -**Joid** Installer: - -.. code-block:: bash - - # HA deployment in OpenStack-only environment - ./deploy.sh -o mitaka -s nosdn -t ha -l default -f ipv6 - - # Non-HA deployment in OpenStack-only environment - ./deploy.sh -o mitaka -s nosdn -t nonha -l default -f ipv6 - -Please **NOTE** that: - -* You need to refer to **installer's documentation** for other necessary - parameters applicable to your deployment. -* You need to refer to **Release Notes** and **installer's documentation** if there is - any issue in installation. - --------------------------------------------------- -Install OPNFV in OpenStack with ODL-L2 Environment --------------------------------------------------- - -**Apex Installer**: - -.. code-block:: bash - - # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment - ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ - -n /etc/opnfv-apex/network_setting_v6.yaml - - # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment - ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ - -i -n /etc/opnfv-apex/network_setting_v6.yaml - - # Non-HA deployment in OpenStack with Open Daylight L2-only environment - # There is no settings file provided by default for odl_l2 non-HA deployment - # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file - # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml - # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: - - # - For Non-HA, Virtual deployment - ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ - -n /etc/opnfv-apex/network_setting_v6.yaml - - # - For Non-HA, Bare Metal deployment - ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ - -i -n /etc/opnfv-apex/network_setting_v6.yaml - - # Note: - # - # 1. Parameter ""-v" is mandatory for Virtual deployment - # 2. Parameter "-i " is mandatory for Bare Metal deployment - # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file - # 3. You can use "-n /etc/opnfv-apex/network_setting.yaml" for deployment in IPv4 infrastructure - -**Joid** Installer: - -.. code-block:: bash - - # HA deployment in OpenStack with Open Daylight L2-only environment - ./deploy.sh -o mitaka -s odl -t ha -l default -f ipv6 - - # Non-HA deployment in OpenStack with Open Daylight L2-only environment - ./deploy.sh -o mitaka -s odl -t nonha -l default -f ipv6 - -Please **NOTE** that: - -* You need to refer to **installer's documentation** for other necessary - parameters applicable to your deployment. -* You need to refer to **Release Notes** and **installer's documentation** if there is - any issue in installation. - -------------------- -Testing Methodology -------------------- - -There are 2 levels of testing to validate the deployment. - -++++++++++++++++ -Underlay Testing -++++++++++++++++ - -**Underlay** Testing is to validate that API endpoints are listening on IPv6 addresses. -This can be as simple as validating Keystone service, and as complete as validating each -API endpoint. It is important to reuse Tempest API testing. - -Please **Note** that, to the best of our knowledge, Tempest API testing does not validate -API endpoints listening on IPv6 addresses. Thus Underlay Testing is postponed to future -release until Tempest API testing is ready to validate API endpoints listening on IPv6 addresses. - -+++++++++++++++ -Overlay Testing -+++++++++++++++ - -**Overlay** Testing is to validate that IPv6 is supported in tenant networks, subnets and routers. -Both Tempest API testing and Tempest Scenario testing are used in our Overlay Testing. - -Tempest API testing validates that the Neutron API supports the creation of IPv6 networks, subnets, routers, etc: - -.. code-block:: bash - - tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_network - tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_port - tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_subnet - tempest.api.network.test_networks.NetworksIpV6Test.test_create_update_delete_network_subnet - tempest.api.network.test_networks.NetworksIpV6Test.test_external_network_visibility - tempest.api.network.test_networks.NetworksIpV6Test.test_list_networks - tempest.api.network.test_networks.NetworksIpV6Test.test_list_subnets - tempest.api.network.test_networks.NetworksIpV6Test.test_show_network - tempest.api.network.test_networks.NetworksIpV6Test.test_show_subnet - tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_create_update_delete_network_subnet - tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_external_network_visibility - tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_list_networks - tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_list_subnets - tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_show_network - tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_show_subnet - tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_port_in_allowed_allocation_pools - tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_port_with_no_securitygroups - tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_update_delete_port - tempest.api.network.test_ports.PortsIpV6TestJSON.test_list_ports - tempest.api.network.test_ports.PortsIpV6TestJSON.test_show_port - tempest.api.network.test_routers.RoutersIpV6Test.test_add_multiple_router_interfaces - tempest.api.network.test_routers.RoutersIpV6Test.test_add_remove_router_interface_with_port_id - tempest.api.network.test_routers.RoutersIpV6Test.test_add_remove_router_interface_with_subnet_id - tempest.api.network.test_routers.RoutersIpV6Test.test_create_show_list_update_delete_router - tempest.api.network.test_security_groups.SecGroupIPv6Test.test_create_list_update_show_delete_security_group - tempest.api.network.test_security_groups.SecGroupIPv6Test.test_create_show_delete_security_group_rule - tempest.api.network.test_security_groups.SecGroupIPv6Test.test_list_security_groups - -Tempest Scenario testing validates some specific overlay IPv6 scenarios -(i.e. use cases) as follows: - -.. code-block:: bash - - tempest.scenario.test_network_v6.TestGettingAddress.test_dhcp6_stateless_from_os - tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_dhcp6_stateless_from_os - tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_dhcpv6_stateless - tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_slaac - tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_slaac_from_os - tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_dhcpv6_stateless - tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_slaac - tempest.scenario.test_network_v6.TestGettingAddress.test_slaac_from_os - -The above Tempest API testing and Scenario testing are quite comprehensive to validate -overlay IPv6 tenant networks. They are used in Smoke Test in FuncTest, which is integrated -into OPNFV's CI/CD environment. - diff --git a/docs/userguide/feature.usage.rst b/docs/userguide/feature.usage.rst new file mode 100644 index 0000000..12e7b91 --- /dev/null +++ b/docs/userguide/feature.usage.rst @@ -0,0 +1,194 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +====================================== +Using IPv6 Feature of Colorado Release +====================================== + +This section provides the users with gap analysis regarding IPv6 feature requirements with +OpenStack Mitaka Official Release and Open Daylight Boron Official Release. The gap analysis +serves as feature specific user guides and references when as a user you may leverage the +IPv6 feature in the platform and need to perform some IPv6 related operations. + +*************************************** +IPv6 Gap Analysis with OpenStack Mitaka +*************************************** + +This section provides users with IPv6 gap analysis regarding feature requirement with +OpenStack Neutron in Mitaka Official Release. The following table lists the use cases / feature +requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF +(VM) layer, and its gap analysis with OpenStack Neutron in Mitaka Official Release. + +.. table:: + :class: longtable + + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Use Case / Requirement |Supported in Mitaka|Notes | + +===========================================================+===================+====================================================================+ + |All topologies work in a multi-tenant environment |Yes |The IPv6 design is following the Neutron tenant networks model; | + | | |dnsmasq is being used inside DHCP network namespaces, while radvd | + | | |is being used inside Neutron routers namespaces to provide full | + | | |isolation between tenants. Tenant isolation can be based on VLANs, | + | | |GRE, or VXLAN encapsulation. In case of overlays, the transport | + | | |network (and VTEPs) must be IPv4 based as of today. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 VM to VM only |Yes |It is possible to assign IPv6-only addresses to VMs. Both switching | + | | |(within VMs on the same tenant network) as well as east/west routing| + | | |(between different networks of the same tenant) are supported. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 external L2 VLAN directly attached to a VM |Yes |IPv6 provider network model; RA messages from upstream (external) | + | | |router are forwarded into the VMs | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 subnet routed via L3 agent to an external IPv6 network| |Configuration is enhanced since Kilo to allow easier setup of the | + | |1. Yes |upstream gateway, without the user being forced to create an IPv6 | + |1. Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached | |subnet for the external network. | + | to VMs; | | | + |2. Must be able to support multiple L3 agents for a given |2. Yes | | + | external network to support scaling (neutron scheduler | | | + | to assign vRouters to the L3 agents) | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability for a NIC to support both IPv4 and IPv6 (dual | |Dual-stack is supported in Neutron with the addition of | + |stack) address. | |``Multiple IPv6 Prefixes`` Blueprint | + | | | | + |1. VM with a single interface associated with a network, |1. Yes | | + | which is then associated with two subnets. | | | + |2. VM with two different interfaces associated with two |2. Yes | | + | different networks and two different subnets. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support IPv6 Address assignment modes. |1. Yes | | + | | | | + |1. SLAAC |2. Yes | | + |2. DHCPv6 Stateless | | | + |3. DHCPv6 Stateful |3. Yes | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability to create a port on an IPv6 DHCPv6 Stateful subnet |Yes | | + |and assign a specific IPv6 address to the port and have it | | | + |taken out of the DHCP address pool. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability to create a port with fixed_ip for a |**No** |The following patch disables this operation: | + |SLAAC/DHCPv6-Stateless Subnet. | |https://review.openstack.org/#/c/129144/ | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support for private IPv6 to external IPv6 floating IP; |**Rejected** |Blueprint proposed in upstream and got rejected. General expectation| + |Ability to specify floating IPs via Neutron API (REST and | |is to avoid NAT with IPv6 by assigning GUA to tenant VMs. See | + |CLI) as well as via Horizon, including combination of | |https://review.openstack.org/#/c/139731/ for discussion. | + |IPv6/IPv4 and IPv4/IPv6 floating IPs if implemented. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Provide IPv6/IPv4 feature parity in support for |**To-Do** |The L3 configuration should be transparent for the SR-IOV | + |pass-through capabilities (e.g., SR-IOV). | |implementation. SR-IOV networking support introduced in Juno based | + | | |on the ``sriovnicswitch`` ML2 driver is expected to work with IPv4 | + | | |and IPv6 enabled VMs. We need to verify if it works or not. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Additional IPv6 extensions, for example: IPSEC, IPv6 |**No** |It does not appear to be considered yet (lack of clear requirements)| + |Anycast, Multicast | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |VM access to the meta-data server to obtain user data, SSH |**No** |This is currently not supported. Config-drive or dual-stack IPv4 / | + |keys, etc. using cloud-init with IPv6 only interfaces. | |IPv6 can be used as a workaround (so that the IPv4 network is used | + | | |to obtain connectivity with the metadata service) | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, |Yes | | + |UDP) in security groups. Ability to control and manage all | | | + |IPv6 security group capabilities via Neutron/Nova API (REST| | | + |and CLI) as well as via Horizon. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |During network/subnet/router create, there should be an |Yes |Two new Subnet attributes were introduced to control IPv6 address | + |option to allow user to specify the type of address | |assignment options: | + |management they would like. This includes all options | | | + |including those low priority if implemented (e.g., toggle | |* ``ipv6-ra-mode``: to determine who sends Router Advertisements; | + |on/off router and address prefix advertisements); It must | | | + |be supported via Neutron API (REST and CLI) as well as via | |* ``ipv6-address-mode``: to determine how VM obtains IPv6 address, | + |Horizon | | default gateway, and/or optional information. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Security groups anti-spoofing: Prevent VM from using a |Yes | | + |source IPv6/MAC address which is not assigned to the VM | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Protect tenant and provider network from rogue RAs |Yes |When using a tenant network, Neutron is going to automatically | + | | |handle the filter rules to allow connectivity of RAs to the VMs only| + | | |from the Neutron router port; with provider networks, users are | + | | |required to specify the LLA of the upstream router during the subnet| + | | |creation, or otherwise manually edit the security-groups rules to | + | | |allow incoming traffic from this specific address. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support the ability to assign multiple IPv6 addresses to |Yes | | + |an interface; both for Neutron router interfaces and VM | | | + |interfaces. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability for a VM to support a mix of multiple IPv4 and IPv6|Yes | | + |networks, including multiples of the same type. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support for IPv6 Prefix Delegation. |Yes |Partial support in Mitaka | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Distributed Virtual Routing (DVR) support for IPv6 |**No** |Blueprint proposed upstream, pending discussion. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 First-Hop Security, IPv6 ND spoofing |Yes | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 support in Neutron Layer3 High Availability |Yes | | + |(keepalived+VRRP). | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + +****************************************** +IPv6 Gap Analysis with Open Daylight Boron +****************************************** + +This section provides users with IPv6 gap analysis regarding feature requirement with +Open Daylight Boron Official Release. The following table lists the use cases / feature +requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF +(VM) layer, and its gap analysis with Open Daylight Boron Official Release. + +**Open Daylight Boron Status** + +There are 2 options in Open Daylight Boron to provide Virtualized Networks: + +1 ``Old Netvirt``: netvirt implementation used in Open Daylight Beryllium Release + identified by feature ``odl-ovsdb-openstack`` + +2 ``New Netvirt``: netvirt implementation which will replace the Old Netvirt in the + future releases based on a more modular design. It is identified by feature + ``odl-netvirt-openstack`` + +.. table:: + :class: longtable + + +--------------------------------------------------+---------------------------------------------+--------------------------------------------------------------+ + |Use Case / Requirement | Supported in ODL Boron |Notes | + | +---------------------+-----------------------+ | + | | Old Netvirt | New Netvirt | | + | |(odl-ovsdb-openstack)|(odl-netvirt-openstack)| | + +==================================================+=====================+=======================+==============================================================+ + |REST API support for IPv6 subnet creation in ODL |Yes |Yes |Yes, it is possible to create IPv6 subnets in ODL using | + | | | |Neutron REST API. | + | | | | | + | | | |For a network which has both IPv4 and IPv6 subnets, ODL | + | | | |mechanism driver will send the port information which includes| + | | | |IPv4/v6 addresses to ODL Neutron northbound API. When port | + | | | |information is queried it displays IPv4 and IPv6 addresses. | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPv6 Router support in ODL |**No** |**Partial** |IPv6 Router support is work in progress in ODL. | + | | | | | + |1. Communication between VMs on same compute node | | |Currently communication between VMs on the same network is | + |2. Communication between VMs on different compute | | |supported, and the support for the other modes is work in | + | nodes (east-west) | | |progress. | + |3. External routing (north-south) | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPAM: Support for IPv6 Address assignment modes. |**No** |Yes |ODL IPv6 Router supports all the IPv6 Address assignment modes| + | | | |along with Neutron DHCP Agent. | + |1. SLAAC | | | | + |2. DHCPv6 Stateless | | | | + |3. DHCPv6 Stateful | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |When using ODL for L2 forwarding/tunneling, it is |Yes |Yes | | + |compatible with IPv6. | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |Full support for IPv6 matching (i.e. IPv6, ICMPv6,|**Partial** |**Partial** |Security Groups for IPv6 is a work in progress, and some | + |TCP, UDP) in security groups. Ability to control | | |partial support is available. | + |and manage all IPv6 security group capabilities | | | | + |via Neutron/Nova API (REST and CLI) as well as via| | | | + |Horizon | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |Shared Networks support |Yes |Yes | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPv6 external L2 VLAN directly attached to a VM. |**ToDo** |**ToDo** | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |ODL on an IPv6 only Infrastructure. |**No** |**Work in Progress** |Deploying OpenStack with ODL on an IPv6 only infrastructure | + | | | |where the API endpoints are all IPv6 addresses. | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ diff --git a/docs/userguide/featureusage.rst b/docs/userguide/featureusage.rst deleted file mode 100644 index 12e7b91..0000000 --- a/docs/userguide/featureusage.rst +++ /dev/null @@ -1,194 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) - -====================================== -Using IPv6 Feature of Colorado Release -====================================== - -This section provides the users with gap analysis regarding IPv6 feature requirements with -OpenStack Mitaka Official Release and Open Daylight Boron Official Release. The gap analysis -serves as feature specific user guides and references when as a user you may leverage the -IPv6 feature in the platform and need to perform some IPv6 related operations. - -*************************************** -IPv6 Gap Analysis with OpenStack Mitaka -*************************************** - -This section provides users with IPv6 gap analysis regarding feature requirement with -OpenStack Neutron in Mitaka Official Release. The following table lists the use cases / feature -requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF -(VM) layer, and its gap analysis with OpenStack Neutron in Mitaka Official Release. - -.. table:: - :class: longtable - - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Use Case / Requirement |Supported in Mitaka|Notes | - +===========================================================+===================+====================================================================+ - |All topologies work in a multi-tenant environment |Yes |The IPv6 design is following the Neutron tenant networks model; | - | | |dnsmasq is being used inside DHCP network namespaces, while radvd | - | | |is being used inside Neutron routers namespaces to provide full | - | | |isolation between tenants. Tenant isolation can be based on VLANs, | - | | |GRE, or VXLAN encapsulation. In case of overlays, the transport | - | | |network (and VTEPs) must be IPv4 based as of today. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 VM to VM only |Yes |It is possible to assign IPv6-only addresses to VMs. Both switching | - | | |(within VMs on the same tenant network) as well as east/west routing| - | | |(between different networks of the same tenant) are supported. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 external L2 VLAN directly attached to a VM |Yes |IPv6 provider network model; RA messages from upstream (external) | - | | |router are forwarded into the VMs | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 subnet routed via L3 agent to an external IPv6 network| |Configuration is enhanced since Kilo to allow easier setup of the | - | |1. Yes |upstream gateway, without the user being forced to create an IPv6 | - |1. Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached | |subnet for the external network. | - | to VMs; | | | - |2. Must be able to support multiple L3 agents for a given |2. Yes | | - | external network to support scaling (neutron scheduler | | | - | to assign vRouters to the L3 agents) | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability for a NIC to support both IPv4 and IPv6 (dual | |Dual-stack is supported in Neutron with the addition of | - |stack) address. | |``Multiple IPv6 Prefixes`` Blueprint | - | | | | - |1. VM with a single interface associated with a network, |1. Yes | | - | which is then associated with two subnets. | | | - |2. VM with two different interfaces associated with two |2. Yes | | - | different networks and two different subnets. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support IPv6 Address assignment modes. |1. Yes | | - | | | | - |1. SLAAC |2. Yes | | - |2. DHCPv6 Stateless | | | - |3. DHCPv6 Stateful |3. Yes | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability to create a port on an IPv6 DHCPv6 Stateful subnet |Yes | | - |and assign a specific IPv6 address to the port and have it | | | - |taken out of the DHCP address pool. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability to create a port with fixed_ip for a |**No** |The following patch disables this operation: | - |SLAAC/DHCPv6-Stateless Subnet. | |https://review.openstack.org/#/c/129144/ | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support for private IPv6 to external IPv6 floating IP; |**Rejected** |Blueprint proposed in upstream and got rejected. General expectation| - |Ability to specify floating IPs via Neutron API (REST and | |is to avoid NAT with IPv6 by assigning GUA to tenant VMs. See | - |CLI) as well as via Horizon, including combination of | |https://review.openstack.org/#/c/139731/ for discussion. | - |IPv6/IPv4 and IPv4/IPv6 floating IPs if implemented. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Provide IPv6/IPv4 feature parity in support for |**To-Do** |The L3 configuration should be transparent for the SR-IOV | - |pass-through capabilities (e.g., SR-IOV). | |implementation. SR-IOV networking support introduced in Juno based | - | | |on the ``sriovnicswitch`` ML2 driver is expected to work with IPv4 | - | | |and IPv6 enabled VMs. We need to verify if it works or not. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Additional IPv6 extensions, for example: IPSEC, IPv6 |**No** |It does not appear to be considered yet (lack of clear requirements)| - |Anycast, Multicast | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |VM access to the meta-data server to obtain user data, SSH |**No** |This is currently not supported. Config-drive or dual-stack IPv4 / | - |keys, etc. using cloud-init with IPv6 only interfaces. | |IPv6 can be used as a workaround (so that the IPv4 network is used | - | | |to obtain connectivity with the metadata service) | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, |Yes | | - |UDP) in security groups. Ability to control and manage all | | | - |IPv6 security group capabilities via Neutron/Nova API (REST| | | - |and CLI) as well as via Horizon. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |During network/subnet/router create, there should be an |Yes |Two new Subnet attributes were introduced to control IPv6 address | - |option to allow user to specify the type of address | |assignment options: | - |management they would like. This includes all options | | | - |including those low priority if implemented (e.g., toggle | |* ``ipv6-ra-mode``: to determine who sends Router Advertisements; | - |on/off router and address prefix advertisements); It must | | | - |be supported via Neutron API (REST and CLI) as well as via | |* ``ipv6-address-mode``: to determine how VM obtains IPv6 address, | - |Horizon | | default gateway, and/or optional information. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Security groups anti-spoofing: Prevent VM from using a |Yes | | - |source IPv6/MAC address which is not assigned to the VM | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Protect tenant and provider network from rogue RAs |Yes |When using a tenant network, Neutron is going to automatically | - | | |handle the filter rules to allow connectivity of RAs to the VMs only| - | | |from the Neutron router port; with provider networks, users are | - | | |required to specify the LLA of the upstream router during the subnet| - | | |creation, or otherwise manually edit the security-groups rules to | - | | |allow incoming traffic from this specific address. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support the ability to assign multiple IPv6 addresses to |Yes | | - |an interface; both for Neutron router interfaces and VM | | | - |interfaces. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Ability for a VM to support a mix of multiple IPv4 and IPv6|Yes | | - |networks, including multiples of the same type. | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Support for IPv6 Prefix Delegation. |Yes |Partial support in Mitaka | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |Distributed Virtual Routing (DVR) support for IPv6 |**No** |Blueprint proposed upstream, pending discussion. | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 First-Hop Security, IPv6 ND spoofing |Yes | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - |IPv6 support in Neutron Layer3 High Availability |Yes | | - |(keepalived+VRRP). | | | - +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ - -****************************************** -IPv6 Gap Analysis with Open Daylight Boron -****************************************** - -This section provides users with IPv6 gap analysis regarding feature requirement with -Open Daylight Boron Official Release. The following table lists the use cases / feature -requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF -(VM) layer, and its gap analysis with Open Daylight Boron Official Release. - -**Open Daylight Boron Status** - -There are 2 options in Open Daylight Boron to provide Virtualized Networks: - -1 ``Old Netvirt``: netvirt implementation used in Open Daylight Beryllium Release - identified by feature ``odl-ovsdb-openstack`` - -2 ``New Netvirt``: netvirt implementation which will replace the Old Netvirt in the - future releases based on a more modular design. It is identified by feature - ``odl-netvirt-openstack`` - -.. table:: - :class: longtable - - +--------------------------------------------------+---------------------------------------------+--------------------------------------------------------------+ - |Use Case / Requirement | Supported in ODL Boron |Notes | - | +---------------------+-----------------------+ | - | | Old Netvirt | New Netvirt | | - | |(odl-ovsdb-openstack)|(odl-netvirt-openstack)| | - +==================================================+=====================+=======================+==============================================================+ - |REST API support for IPv6 subnet creation in ODL |Yes |Yes |Yes, it is possible to create IPv6 subnets in ODL using | - | | | |Neutron REST API. | - | | | | | - | | | |For a network which has both IPv4 and IPv6 subnets, ODL | - | | | |mechanism driver will send the port information which includes| - | | | |IPv4/v6 addresses to ODL Neutron northbound API. When port | - | | | |information is queried it displays IPv4 and IPv6 addresses. | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |IPv6 Router support in ODL |**No** |**Partial** |IPv6 Router support is work in progress in ODL. | - | | | | | - |1. Communication between VMs on same compute node | | |Currently communication between VMs on the same network is | - |2. Communication between VMs on different compute | | |supported, and the support for the other modes is work in | - | nodes (east-west) | | |progress. | - |3. External routing (north-south) | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |IPAM: Support for IPv6 Address assignment modes. |**No** |Yes |ODL IPv6 Router supports all the IPv6 Address assignment modes| - | | | |along with Neutron DHCP Agent. | - |1. SLAAC | | | | - |2. DHCPv6 Stateless | | | | - |3. DHCPv6 Stateful | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |When using ODL for L2 forwarding/tunneling, it is |Yes |Yes | | - |compatible with IPv6. | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |Full support for IPv6 matching (i.e. IPv6, ICMPv6,|**Partial** |**Partial** |Security Groups for IPv6 is a work in progress, and some | - |TCP, UDP) in security groups. Ability to control | | |partial support is available. | - |and manage all IPv6 security group capabilities | | | | - |via Neutron/Nova API (REST and CLI) as well as via| | | | - |Horizon | | | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |Shared Networks support |Yes |Yes | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |IPv6 external L2 VLAN directly attached to a VM. |**ToDo** |**ToDo** | | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ - |ODL on an IPv6 only Infrastructure. |**No** |**Work in Progress** |Deploying OpenStack with ODL on an IPv6 only infrastructure | - | | | |where the API endpoints are all IPv6 addresses. | - +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ -- cgit 1.2.3-korg