Re: [openstack-dev] [Neutron][IPv6] Small feedback about Management Network & API Endpoints
Guys, I did a few changes on my environment (OpenStack IceHouse on IPv6), everything seems to be working smoothly now... Just deployed Heat on IPv6 too... I didn't tested Ceilomenter and "Cinder Volume" (iSCSI traffic) with IPv6 yet... I'm writing a new "Multinode Quick Guide" to deploy OpenStack IceHouse on an (almost) IPv6-Only environment. Nevertheless, OpenStack still depends on an IPv4-Only networks for Metadata, for "GRE / VXLAN" tunnels and for "Project Subnets" (no Neutron IPv6 yet), everything else (Management, APIs and Endpoints) seems to be working with IPv6 (including RabbitMQ, MySQL, Keystone, Nova, Glance, Neutron (API/Endpoint), Horizon, SPICE Consoles, Heat, Cinder (APIs / Management (iSCSI not tests with IPv6 yet))... Soon as I finish the new guide, I'll post it here... BTW, because of Glance can't use Proxy to download Images, I configured a NAT64/DNS64 here, so, it can reach the old Internet infrastructure normally... Best! Thiago On 13 May 2014 03:17, Martinx - ジェームズ wrote: > Guys, > > I'm running OpenStack IceHouse configured with IPv6 in almost every part > of it, I can say that both `Management Network` and `API Endpoints` works > with IPv6, but, there are still only three places that I am unable to use > it with IPv6, which is: > > > 1- Metadata (no IPv6 here, the equivalent of 169.254.0.0/16 for IPv6 is > the subnet fe80::/64, am I right?); > > 2- VXLAN / GRE tunnels, precisely at `local_ip` in ml2_conf.ini (it > doesn't work when with IPv6); > > 3- Tenant subnet (IPv6 works with Flat Networks and statically/manually > configured, no SLAAC and no Neutron L3 with IPv6 yet). > > > NOTE: I still did not tested Heat, Cinder or Swift. > > > Everything else is working with IPv6! > > Here is a few more details about my environment: > > Controller's /etc/network/interface file: > > --- > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > # > # OpenStack API Endpoints > auto eth0 > iface eth0 inet6 static > address 2804:29X:Y:dead::10 > netmask 64 > gateway 2804:29X:Y:dead::1 > dns-domain tcmc.com.br > dns-search tcmc.com.br > dns-nameservers 2804:29X:4::1 2001:129X:2bX::1 > > # OpenStack - Management > auto eth1 > iface eth1 inet6 static > address fddc:3c8c:6e8c:b129::10 > netmask 64 > > # Legacy - Only required because of Metadata, it doesn't have an IPv6 > # equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64) > iface eth1 inet static > address 192.168.5.10 > netmask 24 > --- > > Network Node /etc/network/interfaces file: > > --- > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface. > auto lo > iface lo inet loopback > > # > # Reachable from the Internet. > # > > # The primary network interface. Node Internet access. > auto eth0 > iface eth0 inet6 static > address 2804:29X:Y:dead::20 > netmask 64 > gateway 2804:29X:Y:dead::1 > dns-domain tcmc.com.br > dns-search tcmc.com.br > dns-nameservers 2804:290:4::1 2001:1291:2bf::1 > > # > # Unreachable from the Internet. > # > > # OpenStack - Management > auto eth1 > iface eth1 inet6 static > address fddc:3c8c:6e8c:b129::20 > netmask 64 > > # Legacy - Only required because of Metadata, it doesn't have an IPv6 > # equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64). > iface eth1 inet static > address 192.168.5.20 > netmask 24 > > # VXLAN Traffic - Not working right now with IPv6. > auto eth2 > iface eth2 inet6 static > address fda2:c917:cd2e:0552::20 > netmask 64 > > # Legacy - Only required because Neutron doesn't support VXLAN tunnels on > top > # of a IPv6 network. > iface eth2 inet static > address 192.168.6.20 > netmask 24 > > # > # Reachable from the Internet only from within each Namespace router. > # > > # Bridge br-ex attached here, this is the "WAN Port" of tenant's routers. > auto eth3 > iface eth3 inet manual > up ip addr add 0/0 dev eth3 > up ip link set dev $IFACE up > up ip link set $IFACE promisc on > up ethtool --offload $IFACE gro off > down ip link set $IFACE promisc off > down ip link set $IFACE down > --- > > > Common /etc/hosts file across the Cloud: > > --- > 127.0.0.1 localhost.localdomain localhost > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > # OpenStack APIs Endpoints > 2804:29X:Y:dead::10 psuaa-1.tcmc.com.br psuaa-1 > 2804:29X:Y:dead::20 psuab-1.tcmc.com.br psuab-1 > 2804:29X:Y:dead::30 psuac-1.tcmc.com.br psuac-1 > 2804:29X:Y:dead::1000 psuah
[openstack-dev] [Neutron][IPv6] Small feedback about Management Network & API Endpoints
Guys, I'm running OpenStack IceHouse configured with IPv6 in almost every part of it, I can say that both `Management Network` and `API Endpoints` works with IPv6, but, there are still only three places that I am unable to use it with IPv6, which is: 1- Metadata (no IPv6 here, the equivalent of 169.254.0.0/16 for IPv6 is the subnet fe80::/64, am I right?); 2- VXLAN / GRE tunnels, precisely at `local_ip` in ml2_conf.ini (it doesn't work when with IPv6); 3- Tenant subnet (IPv6 works with Flat Networks and statically/manually configured, no SLAAC and no Neutron L3 with IPv6 yet). NOTE: I still did not tested Heat, Cinder or Swift. Everything else is working with IPv6! Here is a few more details about my environment: Controller's /etc/network/interface file: --- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface # # OpenStack API Endpoints auto eth0 iface eth0 inet6 static address 2804:29X:Y:dead::10 netmask 64 gateway 2804:29X:Y:dead::1 dns-domain tcmc.com.br dns-search tcmc.com.br dns-nameservers 2804:29X:4::1 2001:129X:2bX::1 # OpenStack - Management auto eth1 iface eth1 inet6 static address fddc:3c8c:6e8c:b129::10 netmask 64 # Legacy - Only required because of Metadata, it doesn't have an IPv6 # equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64) iface eth1 inet static address 192.168.5.10 netmask 24 --- Network Node /etc/network/interfaces file: --- # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface. auto lo iface lo inet loopback # # Reachable from the Internet. # # The primary network interface. Node Internet access. auto eth0 iface eth0 inet6 static address 2804:29X:Y:dead::20 netmask 64 gateway 2804:29X:Y:dead::1 dns-domain tcmc.com.br dns-search tcmc.com.br dns-nameservers 2804:290:4::1 2001:1291:2bf::1 # # Unreachable from the Internet. # # OpenStack - Management auto eth1 iface eth1 inet6 static address fddc:3c8c:6e8c:b129::20 netmask 64 # Legacy - Only required because of Metadata, it doesn't have an IPv6 # equivalent service for subnet IPv4 = 169.254.0.0/16 (IPv6 = fc80::/64). iface eth1 inet static address 192.168.5.20 netmask 24 # VXLAN Traffic - Not working right now with IPv6. auto eth2 iface eth2 inet6 static address fda2:c917:cd2e:0552::20 netmask 64 # Legacy - Only required because Neutron doesn't support VXLAN tunnels on top # of a IPv6 network. iface eth2 inet static address 192.168.6.20 netmask 24 # # Reachable from the Internet only from within each Namespace router. # # Bridge br-ex attached here, this is the "WAN Port" of tenant's routers. auto eth3 iface eth3 inet manual up ip addr add 0/0 dev eth3 up ip link set dev $IFACE up up ip link set $IFACE promisc on up ethtool --offload $IFACE gro off down ip link set $IFACE promisc off down ip link set $IFACE down --- Common /etc/hosts file across the Cloud: --- 127.0.0.1 localhost.localdomain localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # OpenStack APIs Endpoints 2804:29X:Y:dead::10 psuaa-1.tcmc.com.br psuaa-1 2804:29X:Y:dead::20 psuab-1.tcmc.com.br psuab-1 2804:29X:Y:dead::30 psuac-1.tcmc.com.br psuac-1 2804:29X:Y:dead::1000 psuah-1.tcmc.com.br psuah-1 # OpenStack Management - MySQL, RabbitMQ, SPICE, Glance... fddc:3c8c:6e8c:b129::10 psuaa-1.mng.tcmc.com.br psuaa-1.mng fddc:3c8c:6e8c:b129::20 psuab-1.mng.tcmc.com.br psuab-1.mng fddc:3c8c:6e8c:b129::1000 psuah-1.mng.tcmc.com.br psuah-1.mng # VXLAN Network - Project's subnet - DOESN'T WORK WITH IPv6 fda2:c917:cd2e:0552::20 psuab-1.vxlan.tcmc.com.br psuab-1.vxlan fda2:c917:cd2e:0552::1000 psuah-1.vxlan.tcmc.com.br psuah-1.vxlan # Cinder Network - iSCSI Traffic fd72:3148:4c74:2f60::30 psuac-1.blk.tcmc.com.br psuac-1.blk fd72:3148:4c74:2f60::1000 psuah-1.blk.tcmc.com.br psuah-1.blk --- NOTE: Those private IPv6 subnets was generated here: http://www.simpledns.com/private-ipv6.aspx Then, for example, I configured `auth_host` under `[keystone_authtoken]` poiting to `psuaa-1.mng.tcmc.com.br` and `auth_uri` poiting to `http://psuaa-1.tcmc.com.br:5000`. But, as I figured out, Metadata doesn't work with IPv6, which means that `metadata_host / metadata_listen` is configured to `192.168.5.10` at Controller's nova.conf (it doesn't work when I tried it with ` fddc:3c8c:6e8c:b129::10`) and, at my Network Node, the `local_ip` at `ml2_conf.ini` points