From a8a3bf6008957c343b1562b478d1f75e072c91bc Mon Sep 17 00:00:00 2001 From: Bin Hu Date: Mon, 28 Dec 2015 14:08:44 -0800 Subject: JIRA:IPVSIX-29 Change-Id: Ie9d1b6d1f4dc71af75b4e0d7859133f7e38846ed Signed-off-by: Bin Hu --- images/ipv6-poc-1.png | Bin 85313 -> 0 bytes requirements/Requirement-Analysis-Kilo.txt | 141 -------------------- requirements/Requirement-Analysis.txt | 143 --------------------- vrouter/Service_VM_as_vRouter.rst | 44 ------- vrouter/Service_VM_as_vRouter.txt | 44 ------- vrouter/setup_ipv6_vrouter.rst | 122 ------------------ vrouter/setup_ipv6_vrouter.txt | 122 ------------------ vrouter/setup_service_vm.rst | 198 ----------------------------- vrouter/setup_service_vm.txt | 198 ----------------------------- 9 files changed, 1012 deletions(-) delete mode 100644 images/ipv6-poc-1.png delete mode 100644 requirements/Requirement-Analysis-Kilo.txt delete mode 100644 requirements/Requirement-Analysis.txt delete mode 100644 vrouter/Service_VM_as_vRouter.rst delete mode 100644 vrouter/Service_VM_as_vRouter.txt delete mode 100644 vrouter/setup_ipv6_vrouter.rst delete mode 100644 vrouter/setup_ipv6_vrouter.txt delete mode 100644 vrouter/setup_service_vm.rst delete mode 100644 vrouter/setup_service_vm.txt diff --git a/images/ipv6-poc-1.png b/images/ipv6-poc-1.png deleted file mode 100644 index f4fdcf4..0000000 Binary files a/images/ipv6-poc-1.png and /dev/null differ diff --git a/requirements/Requirement-Analysis-Kilo.txt b/requirements/Requirement-Analysis-Kilo.txt deleted file mode 100644 index d6e5f45..0000000 --- a/requirements/Requirement-Analysis-Kilo.txt +++ /dev/null @@ -1,141 +0,0 @@ -===== Top Down Use Case and Gap Analysis ===== - -Here are some top down use cases of VIM-agnostic IPv6 functionality, including -infrastructure layer and VNF (VM) layer, and its gap analysis with Neutron -in Juno release: - -(1) Use Case / Requirement 1: All topologies work in a multi-tenant environment -Supported in Neutron, Kilo Release: Yes -Notes: The IPv6 design is following the Neutron tenant networks model; dnsmasq -is being used inside DHCP network namespaces, while radvd is being used inside -Neutron routers namespaces to provide full isolation between tenants. -Tenant isolation can be based on VLANs, GRE, or VXLAN encapsulation. In case of -overlays, the transport network (and VTEPs) must be IPv4 based as of today. - -(2) Use Case / Requirement 2: IPv6 VM to VM only -Supported in Neutron, Kilo Release: Yes -Notes: It is possible to assign IPv6-only addresses to VMs. Both switching -(within VMs on the same tenant network) as well as east/west routing (between -different networks of the same tenant) are supported. - -(3) Use Case / Requirement 3: IPv6 external L2 VLAN directly attached to a VM -Supported in Neutron, Kilo Release: Yes -Notes: IPv6 provider network model; RA messages from upstream (external) router -are forwarded into the VMs. - -(4) Use Case / Requirement 4: IPv6 subnet routed via L3 agent to an external -IPv6 network -(a) Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached to VMs; -(b) Must be able to support multiple L3 agents for a given external network to -support scaling (neutron scheduler to assign vRouters to the L3 agents) -Supported in Neutron, Kilo Release: (a) Yes (b) Yes -Notes: Configuration is enhanced in Kilo to allow easier setup of the upstream -gateway, without the user forced to create an IPv6 subnet for the external network. - -(5) Use Case / Requirement 5: Ability for a NIC to support both IPv4 and IPv6 -(dual stack) address; -(a) VM with a single interface associated with a network, which is then -associated with two subnets. -(b) VM with two different interfaces associated with two different networks -and two different subnets. -Supported in Neutron, Kilo Release: (a) Yes (b) Yes -Notes: Dual-stack is supported in Neutron with the addition of "Multiple IPv6 -Prefixes" Blueprint -(https://blueprints.launchpad.net/neutron/+spec/multiple-ipv6-prefixes) - -(6) Use Case / Requirement 6: Support IPv6 Address assignment modes. -(a) SLAAC -(b) DHCPv6 Stateless -(c) DHCPv6 Stateful -Supported in Neutron, Kilo Release: (a) Yes (b) Yes (c) Yes - -(7) Use Case / Requirement 7: Ability to create a port on an IPv6 DHCPv6 -Stateful subnet and assign a specific IPv6 address to the port and have it -taken out of the DHCP address pool. -Supported in Neutron, Kilo Release: Yes - -(8) Use Case / Requirement 8: Ability to create a port with fixed_ip for a -SLAAC/DHCPv6-Stateless Subnet. -Supported in Neutron, Kilo Release: No -Notes: The following patch disables this operation: -https://review.openstack.org/#/c/129144/ - -(9) Use Case / Requirement 9: Support for private IPv6 to external IPv6 -floating IP; Ability to specify floating IPs via Neutron API (REST and CLI) -as well as via Horizon, including combination of IPv6/IPv4 and IPv4/IPv6 -floating IPs if implemented. -Supported in Neutron, Kilo Release: Rejected -Notes: Blueprint proposed in upstream and got rejected. General expectation is -to avoid NAT with IPv6 by assigning GUA to tenant VMs. See -https://review.openstack.org/#/c/139731/ for discussion - -(10) Use Case / Requirement 10: Provide IPv6/IPv4 feature parity in support for -pass-through capabilities (e.g., SR-IOV). -Supported in Neutron, Kilo Release: Roadmap -Notes: The L3 configuration should be transparent for the SR-IOV implementation. -SR-IOV networking support introduced in Juno based on the sriovnicswitch ML2 -driver is expected to work with IPv4 and IPv6 enabled VMs. - -(11) Use Case / Requirement 11: Additional IPv6 extensions, for example: IPSEC, -IPv6 Anycast, Multicast -Supported in Neutron, Kilo Release: No -Notes: It doesn't appear to be considered yet (lack of clear requirements) - -(12) Use Case / Requirement 12: VM access to the meta-data server to obtain -user data, SSH keys, etc. using cloud-init with IPv6 only interfaces. -Supported in Neutron, Kilo Release: No -Notes: This is currently not supported. Config-drive or dual-stack IPv4/IPv6 -can be used as a workaround (so that the IPv4 network is used to obtain -connectivity with the metadata service). See email discussion thread -(http://openstack.10931.n7.nabble.com/Neutron-cloud-init-IPv6-support-td45386.html) - -(13) Use Case / Requirement 13: Full support for IPv6 matching (i.e. IPv6, -ICMPv6, TCP, UDP) in security groups. Ability to control and manage all IPv6 -security group capabilities via Neutron/Nova API (REST and CLI) as well as via -Horizon. -Supported in Neutron, Kilo Release: Yes - -(14) Use Case / Requirement 14: During network/subnet/router create, there -should be an option to allow user to specify the type of address management -they would like. This includes all options including those low priority if -implemented (e.g., toggle on/off router and address prefix advertisements); -It must be supported via Neutron API (REST and CLI) as well as via Horizon. -Supported in Neutron, Kilo Release: Yes -Notes: Two new Subnet attributes were introduced to control IPv6 address -assignment options: -(a) "ipv6-ra-mode" - to determine who sends Router Advertisements, and -(b) "ipv6-address-mode" - to determine how VM obtains IPv6 address, default -gateway, and/or optional information. - -(15) Use Case / Requirement 15: Security groups anti-spoofing: Prevent VM from -using a source IPv6/MAC address which is not assigned to the VM. -Supported in Neutron, Kilo Release: Yes - -(16) Use Case / Requirement 16: Protect tenant and provider network from rough RAs -Supported in Neutron, Kilo Release: Yes -Notes: When using a tenant network, Neutron is going to automatically handle the -filter rules to allow connectivity of RAs to the VMs only from the Neutron -router port; with provider networks, users are required to specify the LLA of -the upstream router during the subnet creation, or otherwise manually edit the -security-groups rules to allow incoming traffic from this specific address. - -(17) Use Case / Requirement 17: Support the ability to assign multiple IPv6 -addresses to an interface; both for Neutron router interfaces and VM interfaces. -Supported in Neutron, Kilo Release: Yes - -(18) Use Case / Requirement 18: Ability for a VM to support a mix of multiple -IPv4 and IPv6 networks, including multiples of the same type. -Supported in Neutron, Kilo Release: Yes - -(19) Use Case / Requirement 19: Support for IPv6 Prefix Delegation. -Supported in Neutron, Kilo Release: Roadmap -Notes: Planned for Liberty - -(20) Use Case / Requirement 20: Distributed Virtual Routing (DVR) support for IPv6 -Supported in Neutron, Kilo Release: No -Notes: Blueprint proposed upstream, pending discussion. - -(21) Use Case / Requirement 21: IPv6 First-Hop Security, IPv6 ND spoofing. -Supported in Neutron, Kilo Release: Roadmap -Notes: Blueprint proposed upstream. Some patches are under review. - diff --git a/requirements/Requirement-Analysis.txt b/requirements/Requirement-Analysis.txt deleted file mode 100644 index 8350eb8..0000000 --- a/requirements/Requirement-Analysis.txt +++ /dev/null @@ -1,143 +0,0 @@ -===== Top Down Use Case and Gap Analysis ===== - -Here are some top down use cases of VIM-agnostic IPv6 functionality, including -infrastructure layer and VNF (VM) layer, and its gap analysis with Neutron -in Juno release: - -(1) Use Case / Requirement 1: All topologies work in a multi-tenant environment -Supported in Neutron, Juno Release: Yes -Notes: The tenant's subnets are based on Neutron, with ML2 plugin and Single -Flat Network topology, dual-stacked. See "DHCPv6" BP -(https://review.openstack.org/#/c/102411) and "IPv6 SLAAC" BP -(http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-radvd-ra.html) - -(2) Use Case / Requirement 2: IPv6 VM to VM only -Supported in Neutron, Juno Release: Yes -Notes: Configuration and IPv6 address assignment - -(3) Use Case / Requirement 3: IPv6 external L2 VLAN directly attached to a VM -Supported in Neutron, Juno Release: Yes -Notes: Via Neutron and external router / border gateway. See "UPStream Provider -Network" BP -(http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-provider-nets-slaac.html) -To-Do: Verify - -(4) Use Case / Requirement 4: IPv6 subnet routed via L3 agent to an external -IPv6 network -(a) Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached to VMs; -(b) Must be able to support multiple L3 agents for a given external network to -support scaling (neutron scheduler to assign vRouters to the L3 agents) -Supported in Neutron, Juno Release: (a) Roadmap (b) Yes -Notes: The IPv6 support in Neutron L3 router isn't ready yet. Watch Kilo BPs -"IPv6 Router BP" (https://review.openstack.org/#/c/142224/) and -"Multiple Ipv6 Prefixes BP" (https://review.openstack.org/#/c/98217). -(b) is supported for scalability. Patches for HA are under review. - -(5) Use Case / Requirement 5: Ability for a VM to support a mix of multiple -IPv4 and IPv6 networks, i.e. across the mix of all the above topologies -including multiples of the same type. -Supported in Neutron, Juno Release: Yes for dual-stack and Roadmap for multiple -IPv4 and IPv6 subnets -Notes: Dual-stack is supported via Single Flat Network topology. Refer to Kilo -Blueprint "Multiple IPv6 Prefixes" -(https://blueprints.launchpad.net/neutron/+spec/multiple-ipv6-prefixes) -for support of multiple IPv4 and IPv6 networks -To-Do: Verify - -(6) Use Case / Requirement 6: Support DHCPv6 stateful -(a) Including the ability for a user to create a port on an IPv6 subnet and -assign a specific IPv6 address to the port and have it taken out of the DHCP -address pool; -(b) Support the ability to assign multiple IPv6 address to an interface -Supported in Neutron, Juno Release: (a) Yes and (b) Work-in-Progress -Notes: Work-in-progress and expected in Juno release. All the IPv6 -configuration modes such as SLAAC, DHCPv6 Stateless and DHCPv6 Stateful are -expected in Juno release. For (a), see -Patch 1 (https://bugs.launchpad.net/neutron/+bug/1367500) and -Patch 2 (https://bugs.launchpad.net/neutron/juno/+bug/1377843). -This is verified by Sridhar. For (b), see BP in Kilo -(https://review.openstack.org/#/c/98217/14). - -(7) Use Case / Requirement 7: Should not prevent the ability to support -non-DHCP statically assigned IPv6 addresses in the same fashion as is supported -for IPv4 -Supported in Neutron, Juno Release: No -Notes: The following patch disables this operation: (https://review.openstack.org/#/c/129144/) - -(8) Use Case / Requirement 8: Support for private IPv6 to external IPv6 -Floating IP -Supported in Neutron, Juno Release: Rejected (No) -Notes: See https://review.openstack.org/#/c/139731/ for discussion - -(9) Use Case / Requirement 9: Provide IPv6/IPv4 feature parity in support for -pass-through capabilities (e.g. SR-IOV support in OpenStack) as these features -are provided in OpenStack -Supported in Neutron, Juno Release: Roadmap -Notes: -(a) Blueprint "Managing InfiniBand SR-IOV" -(https://blueprints.launchpad.net/neutron/+spec/manage-sriov-ib-net-config) is -pending approval, -(b) Blueprint "Traffic Rate Support for SR-IOV NIC" -(https://blueprints.launchpad.net/neutron/+spec/ml2-sriov-rate-limit-extension) -is being drafted, -(c) Blueprint "HA SR-IOV Ports" -(https://blueprints.launchpad.net/neutron/+spec/high-availability-sriov-ports) -has not started yet. - -(10) Use Case / Requirement 10: Additional IPv6 extensions, for example: IPSEC, -IPv6 Anycast, Multicast -Supported in Neutron, Juno Release: No -Notes: It doesn't appear to be considered yet - -(11) Use Case / Requirement 11: Access to the meta-data server to obtain user -data and ssh keys etc -Supported in Neutron, Juno Release: No -Notes: Metadata (and GRE / VXLAN subnet) still requires IPv4. An alternate -mechanism is to use config-drive. See email thread -(http://openstack.10931.n7.nabble.com/Neutron-cloud-init-IPv6-support-td45386.html) - -(12) Use Case / Requirement 12: Full support for IPv6 tcp/udp/icmp IPv6 -security groups (same as we see for IPv4) -Supported in Neutron, Juno Release: Yes -Notes: -(a) Blueprint "Support ICMP type filter by security group" -(https://blueprints.launchpad.net/neutron/+spec/security-group-icmp-type-filter) -has not started yet. -(b) Blueprint "Security group rule for IPv6 RA guard and IPv6 Snooping" -(https://blueprints.launchpad.net/neutron/+spec/security-group-ipv6-ra-guard) -has not started. Whiteboard responses to BP (a) indicates that it is already -supported. -To-Do: for BP(b), the author was looking at the "IPv6 First-Hop Security" -feature - -(13) Use Case / Requirement 13: During network/subnet/router create, there -should be an option to allow user to specify the type of address management -they would like. (a) this includes all options including those low priority if -implemented (e.g. toggle on/off router and address prefix advertisements); -(b) It must be supported via Neutron API (restful and CLI) as well as via -Horizon -Supported in Neutron, Juno Release: Yes for various types of IPv6 subnet and -Roadmap for multiple subnets -Notes: The ability to create various types of IPv6 subnets (i.e., SLAAC / DHCPv6 -Stateless / Stateful) is supported both using Neutron router and external -router. Refer to "various combinations and how to configure Neutron subnets" -(http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-radvd-ra.html#rest-api-impact). -Refer to Blueprints "IPv6 Prefix Delegation" -(https://blueprints.launchpad.net/neutron/+spec/ipv6-prefix-delegation) and -"Multiple IPv6 Prefixes" -(https://blueprints.launchpad.net/neutron/+spec/multiple-ipv6-prefixes) for -support of multiple IPv4 and IPv6 networks - -(14) Use Case / Requirement 14: Ability to specify Floating IPs via Neutron API -(restful and CLI) as well as via Horizon, including combination of IPv6/IPv4 -and IPv4/IPv6 Floating IPs if implemented -Supported in Neutron, Juno Release: No -Notes: IPv6 Floating IPs will not be supported in Kilo. See BP -(https://review.openstack.org/#/c/139731/). Refer to previous item of floating -IPv6 functionality being rejected. - -(15) Use Case / Requirement 15: Ability to control and manage all IPv6 security -group capabilities via Neutron/Nova API (restful and CLI) as well as via Horizon -Supported in Neutron, Juno Release: Yes -Notes: Refer to previous item of IPv6 security group - diff --git a/vrouter/Service_VM_as_vRouter.rst b/vrouter/Service_VM_as_vRouter.rst deleted file mode 100644 index 8592323..0000000 --- a/vrouter/Service_VM_as_vRouter.rst +++ /dev/null @@ -1,44 +0,0 @@ -================================== -Exercising Service VM as a vRouter -================================== - -There are 3 steps to set up a service VM as a vRouter: - -- Step 1: `Get a service VM running`_ - -- Step 2: `Handling Neutron Security Group Feature`_ - -- Step 3: `Set up an IPv6 vRouter on the Service VM`_ - -*************************** -_`Get a Service VM Running` -*************************** - -Please click `Set up Service VM`_ page for instructions to get a service VM running. - -.. _`Set up Service VM`: ./setup_service_vm.html - -****************************************** -_`Handling Neutron Security Group Feature` -****************************************** - ------------------------------- -Disable Security Group Feature ------------------------------- - -If Open Stack is integrated and running with Open Daylight, we need to completely disable Security Group feature in Open Stack because Open Daylight doesn’t support it. - ----------------------------------------------------------- -Use Neutron ML2 Port Security Extension (Kilo and Liberty) ----------------------------------------------------------- - -For Open Stack Kilo or Liberty with ML2 OVS only (without Open Daylight), we need to use Port Security Extension of Neutron and disable Anti-spoofing Rule on the service VM. - -******************************************* -_`Set up an IPv6 vRouter on the Service VM` -******************************************* - -Please click `Set up IPv6 vRouter`_ page for instructions to set up an IPv6 vRouter on a Service VM. - -.. _`Set up IPv6 vRouter`: ./setup_ipv6_vrouter.html - diff --git a/vrouter/Service_VM_as_vRouter.txt b/vrouter/Service_VM_as_vRouter.txt deleted file mode 100644 index 8592323..0000000 --- a/vrouter/Service_VM_as_vRouter.txt +++ /dev/null @@ -1,44 +0,0 @@ -================================== -Exercising Service VM as a vRouter -================================== - -There are 3 steps to set up a service VM as a vRouter: - -- Step 1: `Get a service VM running`_ - -- Step 2: `Handling Neutron Security Group Feature`_ - -- Step 3: `Set up an IPv6 vRouter on the Service VM`_ - -*************************** -_`Get a Service VM Running` -*************************** - -Please click `Set up Service VM`_ page for instructions to get a service VM running. - -.. _`Set up Service VM`: ./setup_service_vm.html - -****************************************** -_`Handling Neutron Security Group Feature` -****************************************** - ------------------------------- -Disable Security Group Feature ------------------------------- - -If Open Stack is integrated and running with Open Daylight, we need to completely disable Security Group feature in Open Stack because Open Daylight doesn’t support it. - ----------------------------------------------------------- -Use Neutron ML2 Port Security Extension (Kilo and Liberty) ----------------------------------------------------------- - -For Open Stack Kilo or Liberty with ML2 OVS only (without Open Daylight), we need to use Port Security Extension of Neutron and disable Anti-spoofing Rule on the service VM. - -******************************************* -_`Set up an IPv6 vRouter on the Service VM` -******************************************* - -Please click `Set up IPv6 vRouter`_ page for instructions to set up an IPv6 vRouter on a Service VM. - -.. _`Set up IPv6 vRouter`: ./setup_ipv6_vrouter.html - diff --git a/vrouter/setup_ipv6_vrouter.rst b/vrouter/setup_ipv6_vrouter.rst deleted file mode 100644 index 06d2de8..0000000 --- a/vrouter/setup_ipv6_vrouter.rst +++ /dev/null @@ -1,122 +0,0 @@ -====================================== -Set up an IPv6 vRouter on a Service VM -====================================== - -| Here you will find the steps involved in creating a ServiceVM that acts as an IPv6 vRouter. In this example, we will be using a CentOS7 image as vRouter (we should be able to use other OS as well) and devstack for OpenStack installation. We need to enable Port Security Extension as the extension_drivers in ML2 configuration file. - -| Following is a sample configuration of devstack local.conf file. - -| **# [[local|localrc]]** -| `DATA_DIR=$DEST/data` -| `SCREEN_LOGDIR=$DATA_DIR/logs` -| `LOGFILE=$SCREEN_LOGDIR/stack.sh.log` -| `ADMIN_PASSWORD=password` -| `MYSQL_PASSWORD=password` -| `RABBIT_PASSWORD=password` -| `SERVICE_PASSWORD=password` -| `SERVICE_TOKEN=token` -| `disable_service n-net tempest h-eng h-api h-api-cfn h-api-cw` -| `enable_service q-svc q-dhcp q-meta q-agt q-l3 n-novnc` -| **# [[post-config|/$Q_PLUGIN_CONF_FILE]]** -| **# [ml2]** -| `extension_drivers=port_security` - -| After successful installation of OpenStack with the above configuration, we shall create the necessary neutron networks/subnets/ports etc. -| `cd devstack` -| `./stack.sh` - -| # Source the tenant credentials. -| `source openrc admin demo` -| # Create a Neutron router which provides external connectivity. -| `neutron router-create router1` -| # Create an external network using the appropriate values based on the data-center physical network setup. -| `neutron net-create --provider:network_type --provider:physical_network --provider:segmentation_id --router:external ext-net` -| # Configure ipv6_gateway= in the Neutron L3 agent configuration file. -| # Associate the ext-net to the neutron router. -| `neutron router-gateway-set router1 ext-net` -| # Create an IPv6 internal network. -| `neutron net-create ipv6-internal-network` -| # Create an IPv6 subnet in the internal network. -| `neutron subnet-create --name ipv6-int-subnet --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac ipv6-internal-network 2001:db8:0:1::/64` -| # Associate the internal subnet to a neutron router. -| `neutron router-interface-add router1 ipv6-int-subnet` - -| Now we shall create an isolated network which is the internal network of vRouter. -| # Create an isolated router for the tenant internal network. -| `neutron router-create router2` -| # Create a Neutron Internal Network. -| `neutron net-create tenant-internal-network` -| # Create an IPv4 subnet in the internal network. -| `neutron subnet-create --name ipv4-int-subnet tenant-internal-network 10.0.0.1/24` -| # Associate the router2 to IPv4 subnet created above. -| `neutron router-interface-add ` - -| Mapping this configuration to `PoC-1`_. - -.. _`PoC-1`: /ipv6/images/ipv6-poc-1.png - -- `ipv6-internal-network and ext-net is the Red colored network.` -- `tenant-internal-network is the Green colored network.` - -| Lets create two neutron ports one from ext-net and the other from tenant-internal-network for the vRouter VM -| `neutron port-create ipv6-internal-network --port-security-enabled=False --name enp0s3-port` -| `neutron port-create tenant-internal-network --port-security-enabled=False --name enp0s8-port` - -| Download the Centos7 image which is used as vRouter. -| `glance image-create --name 'Centos7' --disk-format qcow2 --container-format bare --is-public true --copy-from http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2` - -| Create a keypair. -| `nova keypair-add vRouterKey > ~/vRouterKey` - -| Spawn the Centos7 image with two nics (i.e., enp0s3-port and enp0s8-port) -| `nova boot --image –flavor m1.small --nic port-id=$(neutron port-show -f value -F id enp0s3-port) –nic --nic port-id=$(neutron port-show -f value -F id enp0s8-port) --key-name vRouterKey CentOSvRouter` - -| Verify that CentOSvRouter boots up successfully and keypair is injected. -| `nova list` -| `nova console-log CentOSvRouter` - -| After the image boots up successfully, from the router1 namespace, ssh to vRouter using the keypair. -| `sudo ip netns` -| `sudo ip netns exec bash` -| `ssh -i ~/vRouterKey centos@` - -| As a one time job, before we can create the snapshot, execute the steps (i.e., SLAAC setup) mentioned at the following link. -| `https://wiki.opnfv.org/ipv6_opnfv_project/vm_as_router` - -| In order to verify that the setup is working, lets create some cirros VMs on the "tenant-internal-network" (i.e., vRouter internal network). -| `nova boot --image --flavor m1.tiny --nic net-id= VM1` -| `nova boot --image --flavor m1.tiny --nic net-id= VM2` - -| Confirm that both the VMs have successfully booted up. -| `nova list` -| `nova console-log VM1` -| `nova console-log VM2` - -| Add the necessary security group ingress rules. -| `source openrc demo demo` -| # SSH access to the VMs -| `neutron security-group-rule-create --direction ingress --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 10.0.0.0/24 default` -| # Permit IPv6 Router Advts from the vRouter internal interface to the VMs. -| `neutron security-group-rule-create --direction ingress --ethertype IPv6 --protocol icmpv6 --port-range-min 134 --remote-ip-prefix fe80::/64 default` - -| SSH to the cirros VMs to check the IPv6 forwarding use-case. -| `sudo ip netns` -| `sudo ip netns exec bash` -| `ssh cirros@` - -| Note: default password of cirros image would be "cubswin:)" - -| Verify that Cirros image has an IPv6 address assigned via SLAAC with a prefix of "2001:db8:0:2::/64" -| `ip address` -| # verify that default route points to the LLA of enp0s8 interface of vRouter. -| `ip -6 route` - -| Try pinging to the internal router interface of router1 (i.e., 2001:db8:0:1::1/64) -| `ping6 2001:db8:0:1::1/64` - -| If all goes well, ping6 should succeed which shows that vRouter is forwarding the IPv6 traffic of instances on the tenant-internal-network. - -| At this state, we can create a snapshot of the CentOSvRouter and use it in any other similar OpenStack setup. -| `nova image-create ` -| `nova image-list #You will find the snapshot you just created above.` - diff --git a/vrouter/setup_ipv6_vrouter.txt b/vrouter/setup_ipv6_vrouter.txt deleted file mode 100644 index 06d2de8..0000000 --- a/vrouter/setup_ipv6_vrouter.txt +++ /dev/null @@ -1,122 +0,0 @@ -====================================== -Set up an IPv6 vRouter on a Service VM -====================================== - -| Here you will find the steps involved in creating a ServiceVM that acts as an IPv6 vRouter. In this example, we will be using a CentOS7 image as vRouter (we should be able to use other OS as well) and devstack for OpenStack installation. We need to enable Port Security Extension as the extension_drivers in ML2 configuration file. - -| Following is a sample configuration of devstack local.conf file. - -| **# [[local|localrc]]** -| `DATA_DIR=$DEST/data` -| `SCREEN_LOGDIR=$DATA_DIR/logs` -| `LOGFILE=$SCREEN_LOGDIR/stack.sh.log` -| `ADMIN_PASSWORD=password` -| `MYSQL_PASSWORD=password` -| `RABBIT_PASSWORD=password` -| `SERVICE_PASSWORD=password` -| `SERVICE_TOKEN=token` -| `disable_service n-net tempest h-eng h-api h-api-cfn h-api-cw` -| `enable_service q-svc q-dhcp q-meta q-agt q-l3 n-novnc` -| **# [[post-config|/$Q_PLUGIN_CONF_FILE]]** -| **# [ml2]** -| `extension_drivers=port_security` - -| After successful installation of OpenStack with the above configuration, we shall create the necessary neutron networks/subnets/ports etc. -| `cd devstack` -| `./stack.sh` - -| # Source the tenant credentials. -| `source openrc admin demo` -| # Create a Neutron router which provides external connectivity. -| `neutron router-create router1` -| # Create an external network using the appropriate values based on the data-center physical network setup. -| `neutron net-create --provider:network_type --provider:physical_network --provider:segmentation_id --router:external ext-net` -| # Configure ipv6_gateway= in the Neutron L3 agent configuration file. -| # Associate the ext-net to the neutron router. -| `neutron router-gateway-set router1 ext-net` -| # Create an IPv6 internal network. -| `neutron net-create ipv6-internal-network` -| # Create an IPv6 subnet in the internal network. -| `neutron subnet-create --name ipv6-int-subnet --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac ipv6-internal-network 2001:db8:0:1::/64` -| # Associate the internal subnet to a neutron router. -| `neutron router-interface-add router1 ipv6-int-subnet` - -| Now we shall create an isolated network which is the internal network of vRouter. -| # Create an isolated router for the tenant internal network. -| `neutron router-create router2` -| # Create a Neutron Internal Network. -| `neutron net-create tenant-internal-network` -| # Create an IPv4 subnet in the internal network. -| `neutron subnet-create --name ipv4-int-subnet tenant-internal-network 10.0.0.1/24` -| # Associate the router2 to IPv4 subnet created above. -| `neutron router-interface-add ` - -| Mapping this configuration to `PoC-1`_. - -.. _`PoC-1`: /ipv6/images/ipv6-poc-1.png - -- `ipv6-internal-network and ext-net is the Red colored network.` -- `tenant-internal-network is the Green colored network.` - -| Lets create two neutron ports one from ext-net and the other from tenant-internal-network for the vRouter VM -| `neutron port-create ipv6-internal-network --port-security-enabled=False --name enp0s3-port` -| `neutron port-create tenant-internal-network --port-security-enabled=False --name enp0s8-port` - -| Download the Centos7 image which is used as vRouter. -| `glance image-create --name 'Centos7' --disk-format qcow2 --container-format bare --is-public true --copy-from http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2` - -| Create a keypair. -| `nova keypair-add vRouterKey > ~/vRouterKey` - -| Spawn the Centos7 image with two nics (i.e., enp0s3-port and enp0s8-port) -| `nova boot --image –flavor m1.small --nic port-id=$(neutron port-show -f value -F id enp0s3-port) –nic --nic port-id=$(neutron port-show -f value -F id enp0s8-port) --key-name vRouterKey CentOSvRouter` - -| Verify that CentOSvRouter boots up successfully and keypair is injected. -| `nova list` -| `nova console-log CentOSvRouter` - -| After the image boots up successfully, from the router1 namespace, ssh to vRouter using the keypair. -| `sudo ip netns` -| `sudo ip netns exec bash` -| `ssh -i ~/vRouterKey centos@` - -| As a one time job, before we can create the snapshot, execute the steps (i.e., SLAAC setup) mentioned at the following link. -| `https://wiki.opnfv.org/ipv6_opnfv_project/vm_as_router` - -| In order to verify that the setup is working, lets create some cirros VMs on the "tenant-internal-network" (i.e., vRouter internal network). -| `nova boot --image --flavor m1.tiny --nic net-id= VM1` -| `nova boot --image --flavor m1.tiny --nic net-id= VM2` - -| Confirm that both the VMs have successfully booted up. -| `nova list` -| `nova console-log VM1` -| `nova console-log VM2` - -| Add the necessary security group ingress rules. -| `source openrc demo demo` -| # SSH access to the VMs -| `neutron security-group-rule-create --direction ingress --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 10.0.0.0/24 default` -| # Permit IPv6 Router Advts from the vRouter internal interface to the VMs. -| `neutron security-group-rule-create --direction ingress --ethertype IPv6 --protocol icmpv6 --port-range-min 134 --remote-ip-prefix fe80::/64 default` - -| SSH to the cirros VMs to check the IPv6 forwarding use-case. -| `sudo ip netns` -| `sudo ip netns exec bash` -| `ssh cirros@` - -| Note: default password of cirros image would be "cubswin:)" - -| Verify that Cirros image has an IPv6 address assigned via SLAAC with a prefix of "2001:db8:0:2::/64" -| `ip address` -| # verify that default route points to the LLA of enp0s8 interface of vRouter. -| `ip -6 route` - -| Try pinging to the internal router interface of router1 (i.e., 2001:db8:0:1::1/64) -| `ping6 2001:db8:0:1::1/64` - -| If all goes well, ping6 should succeed which shows that vRouter is forwarding the IPv6 traffic of instances on the tenant-internal-network. - -| At this state, we can create a snapshot of the CentOSvRouter and use it in any other similar OpenStack setup. -| `nova image-create ` -| `nova image-list #You will find the snapshot you just created above.` - diff --git a/vrouter/setup_service_vm.rst b/vrouter/setup_service_vm.rst deleted file mode 100644 index a9c0a87..0000000 --- a/vrouter/setup_service_vm.rst +++ /dev/null @@ -1,198 +0,0 @@ -================================================ -Set up a Service VM Running as a vRouter (SLAAC) -================================================ - -| # Current network setup for IPv6 router VM on local virtualbox setup -| # /etc/sysconfig/network-scripts/ifcfg-enp0s3 -| # Network interface enp0s3 is IPv4 for public internet access -| TYPE="Ethernet" -| BOOTPROTO="dhcp" -| DEFROUTE="yes" -| PEERDNS="yes" -| PEERROUTES="yes" -| IPV4_FAILURE_FATAL="no" -| IPV6INIT="yes" -| IPV6_AUTOCONF="yes" -| IPV6_DEFROUTE="yes" -| IPV6_PEERDNS="yes" -| IPV6_PEERROUTES="yes" -| IPV6_FAILURE_FATAL="no" -| NAME="enp0s3" -| UUID="32bad876-680a-4f78-a364-726eae21bfcf" -| DEVICE="enp0s3" -| ONBOOT="yes" - -| # /etc/sysconfig/network-scripts/ifcfg-enp0s8 -| # Network interface enp0s8 is IPv6 internal interface to provide IPv6 to internal hosts -| BOOTPROTO=static -| IPV6INIT=yes -| IPV6ADDR="2001:db8:0:2::1/64" -| NAME=enp0s8 -| UUID=e931a806-2f76-425d-b035-d37813b81df5 -| DEVICE=enp0s8 -| ONBOOT=yes -| NM_CONTROLLED=no - -| # Disable NetworkManager -| systemctl disable NetworkManager - -| # Install dhcp.x86_64, dhcp-common.x86_64, radvd.x86_64 if not already installed -| yum install dhcp-common -| yum install dhcp -| yum install radvd - -| # /etc/sysctl.conf Set sysctl to enable IPv6 forwarding -| net.ipv6.conf.all.forwarding=1 -| net.ipv6.conf.enp0s3.accept_ra=2 -| net.ipv6.conf.enp0s3.accept_ra_defrtr=1 -| net.ipv6.conf.enp0s3.router_solicitations=1 - -| # /etc/radvd.conf -| interface enp0s8 -| { -| # This is the primary "on switch" for RADVD -| AdvSendAdvert on; -| # -| # These settings determine how often advertisements will be sent every X-Y. -| # X and Y are in seconds. -| # With these settings you will be sending a advert every 60 seconds -| # -| MinRtrAdvInterval 60; -| MaxRtrAdvInterval 180; -| # -| # Disable Mobile IPv6 support -| # -| AdvHomeAgentFlag off; -| # -| # Here we set our managed flags -| # -| AdvManagedFlag on; -| AdvOtherConfigFlag on; -| # -| # Enter our IPv6 prefix and CIDR -| # -| prefix 2001:db8:0:2::/64 -| { -| AdvOnLink on; -| # On link tells the host that the default router is on the same "link" as it is -| AdvAutonomous on; -| AdvRouterAddr off; -| }; -| }; - -# Enable radvd service -systemctl enable radvd - -# In /etc/sysconfig/network add -IPV6FORWARDING=yes - -================================================================= -Set up a Service VM Running as a vRouter (DHCPv6 Stateful Server) -================================================================= - -| # Current network setup for IPv6 router VM on local virtualbox setup -| # /etc/sysconfig/network-scripts/ifcfg-enp0s3 -| # Network interface enp0s3 is IPv4 for public internet access -| TYPE="Ethernet" -| BOOTPROTO="dhcp" -| DEFROUTE="yes" -| PEERDNS="yes" -| PEERROUTES="yes" -| IPV4_FAILURE_FATAL="no" -| IPV6INIT="yes" -| IPV6_AUTOCONF="yes" -| IPV6_DEFROUTE="yes" -| IPV6_PEERDNS="yes" -| IPV6_PEERROUTES="yes" -| IPV6_FAILURE_FATAL="no" -| NAME="enp0s3" -| UUID="32bad876-680a-4f78-a364-726eae21bfcf" -| DEVICE="enp0s3" -| ONBOOT="yes" - -| # /etc/sysconfig/network-scripts/ifcfg-enp0s8 -| # Network interface enp0s8 is IPv6 internal interface to provide IPv6 to internal hosts -| BOOTPROTO=static -| IPV6INIT=yes -| IPV6ADDR="2001:db8:0:2::1/64" -| NAME=enp0s8 -| UUID=e931a806-2f76-425d-b035-d37813b81df5 -| DEVICE=enp0s8 -| ONBOOT=yes -| NM_CONTROLLED=no - -| # Disable NetworkManager -| systemctl disable NetworkManager - -| # Install dhcp.x86_64, dhcp-common.x86_64, radvd.x86_64 if not already installed -| yum install dhcp-common -| yum install dhcp -| yum install radvd - -| # /etc/sysctl.conf Set sysctl to enable IPv6 forwarding -| net.ipv6.conf.all.forwarding=1 -| net.ipv6.conf.enp0s3.accept_ra=2 -| net.ipv6.conf.enp0s3.accept_ra_defrtr=1 -| net.ipv6.conf.enp0s3.router_solicitations=1 - -| # /etc/dhcp/dhcpd6.conf -| # DHCP for IPv6 Server Configuration file. - -| # Enable RFC 5007 support (same than for DHCPv4) - allow leasequery; - -| # IPv6 address valid lifetime -| # (at the end the address is no longer usable by the client) -| # (set to 30 days, the usual IPv6 default) -| default-lease-time 2592000; - -| # IPv6 address preferred lifetime -| # (at the end the address is deprecated, i.e., the client should use -| # other addresses for new connections) -| # (set to 7 days, the usual IPv6 default) -| preferred-lifetime 604800; - -| # T1, the delay before Renew -| # (default is 1/2 preferred lifetime) -| # (set to 1 hour) -| option dhcp-renewal-time 3600; - -| # T2, the delay before Rebind (if Renews failed) -| # (default is 3/4 preferred lifetime) -| # (set to 2 hours) -| option dhcp-rebinding-time 7200; - -| # The path of the lease file -| dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases"; - -| # Set preference to 255 (maximum) in order to avoid waiting for -| # additional servers when there is only one -| option dhcp6.preference 255; - -| # Server side command to enable rapid-commit (2 packet exchange) -| option dhcp6.rapid-commit; - -| # The delay before information-request refresh -| # (minimum is 10 minutes, maximum one day, default is to not refresh) -| # (set to 6 hours) - option dhcp6.info-refresh-time 21600; - -| # Set this to `interim` when doing ddns updates -| ddns-update-style interim; -| -| subnet6 2001:db8:0:2::/64 { -| option dhcp6.name-servers 2001:db8:0:2::1; -| option dhcp6.domain-search "opnfv.local"; -| ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), ".wired"); -| ddns-domainname = "opnfv.local"; -| # Our address range 1000 through 1fff -| range6 2001:db8:0:2::1000 2001:db8:0:2::1fff; -| } -| -| # In /etc/sysconfig/network add -| IPV6FORWARDING=yes - -For reference, refer to `How to set up RADVd DHCPv6 and DNS on CentOS 6`_. - -.. _`How to set up RADVd DHCPv6 and DNS on CentOS 6`: http://www.percula.info/archives/196 - diff --git a/vrouter/setup_service_vm.txt b/vrouter/setup_service_vm.txt deleted file mode 100644 index a9c0a87..0000000 --- a/vrouter/setup_service_vm.txt +++ /dev/null @@ -1,198 +0,0 @@ -================================================ -Set up a Service VM Running as a vRouter (SLAAC) -================================================ - -| # Current network setup for IPv6 router VM on local virtualbox setup -| # /etc/sysconfig/network-scripts/ifcfg-enp0s3 -| # Network interface enp0s3 is IPv4 for public internet access -| TYPE="Ethernet" -| BOOTPROTO="dhcp" -| DEFROUTE="yes" -| PEERDNS="yes" -| PEERROUTES="yes" -| IPV4_FAILURE_FATAL="no" -| IPV6INIT="yes" -| IPV6_AUTOCONF="yes" -| IPV6_DEFROUTE="yes" -| IPV6_PEERDNS="yes" -| IPV6_PEERROUTES="yes" -| IPV6_FAILURE_FATAL="no" -| NAME="enp0s3" -| UUID="32bad876-680a-4f78-a364-726eae21bfcf" -| DEVICE="enp0s3" -| ONBOOT="yes" - -| # /etc/sysconfig/network-scripts/ifcfg-enp0s8 -| # Network interface enp0s8 is IPv6 internal interface to provide IPv6 to internal hosts -| BOOTPROTO=static -| IPV6INIT=yes -| IPV6ADDR="2001:db8:0:2::1/64" -| NAME=enp0s8 -| UUID=e931a806-2f76-425d-b035-d37813b81df5 -| DEVICE=enp0s8 -| ONBOOT=yes -| NM_CONTROLLED=no - -| # Disable NetworkManager -| systemctl disable NetworkManager - -| # Install dhcp.x86_64, dhcp-common.x86_64, radvd.x86_64 if not already installed -| yum install dhcp-common -| yum install dhcp -| yum install radvd - -| # /etc/sysctl.conf Set sysctl to enable IPv6 forwarding -| net.ipv6.conf.all.forwarding=1 -| net.ipv6.conf.enp0s3.accept_ra=2 -| net.ipv6.conf.enp0s3.accept_ra_defrtr=1 -| net.ipv6.conf.enp0s3.router_solicitations=1 - -| # /etc/radvd.conf -| interface enp0s8 -| { -| # This is the primary "on switch" for RADVD -| AdvSendAdvert on; -| # -| # These settings determine how often advertisements will be sent every X-Y. -| # X and Y are in seconds. -| # With these settings you will be sending a advert every 60 seconds -| # -| MinRtrAdvInterval 60; -| MaxRtrAdvInterval 180; -| # -| # Disable Mobile IPv6 support -| # -| AdvHomeAgentFlag off; -| # -| # Here we set our managed flags -| # -| AdvManagedFlag on; -| AdvOtherConfigFlag on; -| # -| # Enter our IPv6 prefix and CIDR -| # -| prefix 2001:db8:0:2::/64 -| { -| AdvOnLink on; -| # On link tells the host that the default router is on the same "link" as it is -| AdvAutonomous on; -| AdvRouterAddr off; -| }; -| }; - -# Enable radvd service -systemctl enable radvd - -# In /etc/sysconfig/network add -IPV6FORWARDING=yes - -================================================================= -Set up a Service VM Running as a vRouter (DHCPv6 Stateful Server) -================================================================= - -| # Current network setup for IPv6 router VM on local virtualbox setup -| # /etc/sysconfig/network-scripts/ifcfg-enp0s3 -| # Network interface enp0s3 is IPv4 for public internet access -| TYPE="Ethernet" -| BOOTPROTO="dhcp" -| DEFROUTE="yes" -| PEERDNS="yes" -| PEERROUTES="yes" -| IPV4_FAILURE_FATAL="no" -| IPV6INIT="yes" -| IPV6_AUTOCONF="yes" -| IPV6_DEFROUTE="yes" -| IPV6_PEERDNS="yes" -| IPV6_PEERROUTES="yes" -| IPV6_FAILURE_FATAL="no" -| NAME="enp0s3" -| UUID="32bad876-680a-4f78-a364-726eae21bfcf" -| DEVICE="enp0s3" -| ONBOOT="yes" - -| # /etc/sysconfig/network-scripts/ifcfg-enp0s8 -| # Network interface enp0s8 is IPv6 internal interface to provide IPv6 to internal hosts -| BOOTPROTO=static -| IPV6INIT=yes -| IPV6ADDR="2001:db8:0:2::1/64" -| NAME=enp0s8 -| UUID=e931a806-2f76-425d-b035-d37813b81df5 -| DEVICE=enp0s8 -| ONBOOT=yes -| NM_CONTROLLED=no - -| # Disable NetworkManager -| systemctl disable NetworkManager - -| # Install dhcp.x86_64, dhcp-common.x86_64, radvd.x86_64 if not already installed -| yum install dhcp-common -| yum install dhcp -| yum install radvd - -| # /etc/sysctl.conf Set sysctl to enable IPv6 forwarding -| net.ipv6.conf.all.forwarding=1 -| net.ipv6.conf.enp0s3.accept_ra=2 -| net.ipv6.conf.enp0s3.accept_ra_defrtr=1 -| net.ipv6.conf.enp0s3.router_solicitations=1 - -| # /etc/dhcp/dhcpd6.conf -| # DHCP for IPv6 Server Configuration file. - -| # Enable RFC 5007 support (same than for DHCPv4) - allow leasequery; - -| # IPv6 address valid lifetime -| # (at the end the address is no longer usable by the client) -| # (set to 30 days, the usual IPv6 default) -| default-lease-time 2592000; - -| # IPv6 address preferred lifetime -| # (at the end the address is deprecated, i.e., the client should use -| # other addresses for new connections) -| # (set to 7 days, the usual IPv6 default) -| preferred-lifetime 604800; - -| # T1, the delay before Renew -| # (default is 1/2 preferred lifetime) -| # (set to 1 hour) -| option dhcp-renewal-time 3600; - -| # T2, the delay before Rebind (if Renews failed) -| # (default is 3/4 preferred lifetime) -| # (set to 2 hours) -| option dhcp-rebinding-time 7200; - -| # The path of the lease file -| dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases"; - -| # Set preference to 255 (maximum) in order to avoid waiting for -| # additional servers when there is only one -| option dhcp6.preference 255; - -| # Server side command to enable rapid-commit (2 packet exchange) -| option dhcp6.rapid-commit; - -| # The delay before information-request refresh -| # (minimum is 10 minutes, maximum one day, default is to not refresh) -| # (set to 6 hours) - option dhcp6.info-refresh-time 21600; - -| # Set this to `interim` when doing ddns updates -| ddns-update-style interim; -| -| subnet6 2001:db8:0:2::/64 { -| option dhcp6.name-servers 2001:db8:0:2::1; -| option dhcp6.domain-search "opnfv.local"; -| ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), ".wired"); -| ddns-domainname = "opnfv.local"; -| # Our address range 1000 through 1fff -| range6 2001:db8:0:2::1000 2001:db8:0:2::1fff; -| } -| -| # In /etc/sysconfig/network add -| IPV6FORWARDING=yes - -For reference, refer to `How to set up RADVd DHCPv6 and DNS on CentOS 6`_. - -.. _`How to set up RADVd DHCPv6 and DNS on CentOS 6`: http://www.percula.info/archives/196 - -- cgit 1.2.3-korg