From 6c3236b04bf6913c40e7b0e4fb8e4f2883520f97 Mon Sep 17 00:00:00 2001 From: Bin Hu Date: Tue, 23 Jun 2015 12:00:30 -0700 Subject: JIRA: IPVSIX-2 Change-Id: Ifddda2ead55601db368e3d4a69767de412bc66cf Signed-off-by: Bin Hu --- INFO | 25 +++++ requirements/Requirement-Analysis-Kilo.txt | 141 +++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) create mode 100644 INFO create mode 100644 requirements/Requirement-Analysis-Kilo.txt diff --git a/INFO b/INFO new file mode 100644 index 0000000..41e522c --- /dev/null +++ b/INFO @@ -0,0 +1,25 @@ +Project: IPv6-enabled OPNFV Project (ipv6) +Project Creation Date: November 25, 2014 +Project Category: Integration & Testing +Lifecycle State: Incubation +Primary Contact: Bin Hu +Project Lead: Bin Hu +Gerrit Repository: ipv6 +Jira Project Name: IPv6-enabled OPNFV Project +Jira Project Prefix: IPVSIX +Mailing list tag: [ipv6] +IRC: Server:freenode.net Channel:#opnfv-ipv6 +Etherpad: http://etherpad.opnfv.org/p/ipv6 + +Committers: +bh526r@att.com +tnadeau@brocade.com +plee@clearpathnet.com +mmedina@clearpathnet.com +jonne.soininen@nsn.com +gessau@cisco.com +prakash.ramchandran@huawei.com +sgaddam@redhat.com +sridhar.gaddam@redhat.com + + diff --git a/requirements/Requirement-Analysis-Kilo.txt b/requirements/Requirement-Analysis-Kilo.txt new file mode 100644 index 0000000..d6e5f45 --- /dev/null +++ b/requirements/Requirement-Analysis-Kilo.txt @@ -0,0 +1,141 @@ +===== Top Down Use Case and Gap Analysis ===== + +Here are some top down use cases of VIM-agnostic IPv6 functionality, including +infrastructure layer and VNF (VM) layer, and its gap analysis with Neutron +in Juno release: + +(1) Use Case / Requirement 1: All topologies work in a multi-tenant environment +Supported in Neutron, Kilo Release: Yes +Notes: The IPv6 design is following the Neutron tenant networks model; dnsmasq +is being used inside DHCP network namespaces, while radvd is being used inside +Neutron routers namespaces to provide full isolation between tenants. +Tenant isolation can be based on VLANs, GRE, or VXLAN encapsulation. In case of +overlays, the transport network (and VTEPs) must be IPv4 based as of today. + +(2) Use Case / Requirement 2: IPv6 VM to VM only +Supported in Neutron, Kilo Release: Yes +Notes: It is possible to assign IPv6-only addresses to VMs. Both switching +(within VMs on the same tenant network) as well as east/west routing (between +different networks of the same tenant) are supported. + +(3) Use Case / Requirement 3: IPv6 external L2 VLAN directly attached to a VM +Supported in Neutron, Kilo Release: Yes +Notes: IPv6 provider network model; RA messages from upstream (external) router +are forwarded into the VMs. + +(4) Use Case / Requirement 4: IPv6 subnet routed via L3 agent to an external +IPv6 network +(a) Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached to VMs; +(b) Must be able to support multiple L3 agents for a given external network to +support scaling (neutron scheduler to assign vRouters to the L3 agents) +Supported in Neutron, Kilo Release: (a) Yes (b) Yes +Notes: Configuration is enhanced in Kilo to allow easier setup of the upstream +gateway, without the user forced to create an IPv6 subnet for the external network. + +(5) Use Case / Requirement 5: Ability for a NIC to support both IPv4 and IPv6 +(dual stack) address; +(a) VM with a single interface associated with a network, which is then +associated with two subnets. +(b) VM with two different interfaces associated with two different networks +and two different subnets. +Supported in Neutron, Kilo Release: (a) Yes (b) Yes +Notes: Dual-stack is supported in Neutron with the addition of "Multiple IPv6 +Prefixes" Blueprint +(https://blueprints.launchpad.net/neutron/+spec/multiple-ipv6-prefixes) + +(6) Use Case / Requirement 6: Support IPv6 Address assignment modes. +(a) SLAAC +(b) DHCPv6 Stateless +(c) DHCPv6 Stateful +Supported in Neutron, Kilo Release: (a) Yes (b) Yes (c) Yes + +(7) Use Case / Requirement 7: Ability to create a port on an IPv6 DHCPv6 +Stateful subnet and assign a specific IPv6 address to the port and have it +taken out of the DHCP address pool. +Supported in Neutron, Kilo Release: Yes + +(8) Use Case / Requirement 8: Ability to create a port with fixed_ip for a +SLAAC/DHCPv6-Stateless Subnet. +Supported in Neutron, Kilo Release: No +Notes: The following patch disables this operation: +https://review.openstack.org/#/c/129144/ + +(9) Use Case / Requirement 9: Support for private IPv6 to external IPv6 +floating IP; Ability to specify floating IPs via Neutron API (REST and CLI) +as well as via Horizon, including combination of IPv6/IPv4 and IPv4/IPv6 +floating IPs if implemented. +Supported in Neutron, Kilo Release: Rejected +Notes: Blueprint proposed in upstream and got rejected. General expectation is +to avoid NAT with IPv6 by assigning GUA to tenant VMs. See +https://review.openstack.org/#/c/139731/ for discussion + +(10) Use Case / Requirement 10: Provide IPv6/IPv4 feature parity in support for +pass-through capabilities (e.g., SR-IOV). +Supported in Neutron, Kilo Release: Roadmap +Notes: The L3 configuration should be transparent for the SR-IOV implementation. +SR-IOV networking support introduced in Juno based on the sriovnicswitch ML2 +driver is expected to work with IPv4 and IPv6 enabled VMs. + +(11) Use Case / Requirement 11: Additional IPv6 extensions, for example: IPSEC, +IPv6 Anycast, Multicast +Supported in Neutron, Kilo Release: No +Notes: It doesn't appear to be considered yet (lack of clear requirements) + +(12) Use Case / Requirement 12: VM access to the meta-data server to obtain +user data, SSH keys, etc. using cloud-init with IPv6 only interfaces. +Supported in Neutron, Kilo Release: No +Notes: This is currently not supported. Config-drive or dual-stack IPv4/IPv6 +can be used as a workaround (so that the IPv4 network is used to obtain +connectivity with the metadata service). See email discussion thread +(http://openstack.10931.n7.nabble.com/Neutron-cloud-init-IPv6-support-td45386.html) + +(13) Use Case / Requirement 13: Full support for IPv6 matching (i.e. IPv6, +ICMPv6, TCP, UDP) in security groups. Ability to control and manage all IPv6 +security group capabilities via Neutron/Nova API (REST and CLI) as well as via +Horizon. +Supported in Neutron, Kilo Release: Yes + +(14) Use Case / Requirement 14: During network/subnet/router create, there +should be an option to allow user to specify the type of address management +they would like. This includes all options including those low priority if +implemented (e.g., toggle on/off router and address prefix advertisements); +It must be supported via Neutron API (REST and CLI) as well as via Horizon. +Supported in Neutron, Kilo Release: Yes +Notes: Two new Subnet attributes were introduced to control IPv6 address +assignment options: +(a) "ipv6-ra-mode" - to determine who sends Router Advertisements, and +(b) "ipv6-address-mode" - to determine how VM obtains IPv6 address, default +gateway, and/or optional information. + +(15) Use Case / Requirement 15: Security groups anti-spoofing: Prevent VM from +using a source IPv6/MAC address which is not assigned to the VM. +Supported in Neutron, Kilo Release: Yes + +(16) Use Case / Requirement 16: Protect tenant and provider network from rough RAs +Supported in Neutron, Kilo Release: Yes +Notes: When using a tenant network, Neutron is going to automatically handle the +filter rules to allow connectivity of RAs to the VMs only from the Neutron +router port; with provider networks, users are required to specify the LLA of +the upstream router during the subnet creation, or otherwise manually edit the +security-groups rules to allow incoming traffic from this specific address. + +(17) Use Case / Requirement 17: Support the ability to assign multiple IPv6 +addresses to an interface; both for Neutron router interfaces and VM interfaces. +Supported in Neutron, Kilo Release: Yes + +(18) Use Case / Requirement 18: Ability for a VM to support a mix of multiple +IPv4 and IPv6 networks, including multiples of the same type. +Supported in Neutron, Kilo Release: Yes + +(19) Use Case / Requirement 19: Support for IPv6 Prefix Delegation. +Supported in Neutron, Kilo Release: Roadmap +Notes: Planned for Liberty + +(20) Use Case / Requirement 20: Distributed Virtual Routing (DVR) support for IPv6 +Supported in Neutron, Kilo Release: No +Notes: Blueprint proposed upstream, pending discussion. + +(21) Use Case / Requirement 21: IPv6 First-Hop Security, IPv6 ND spoofing. +Supported in Neutron, Kilo Release: Roadmap +Notes: Blueprint proposed upstream. Some patches are under review. + -- cgit 1.2.3-korg