Public bug reported: As the ipv6 device more and more popularize, we should make our ipv6 VMs more easily connect to external network,but neutron don't support Floating IP and NAT for ipv6. The bgp-dynamic-routing is a optional way to make the ipv6 VMs accessed by external network. But the bgp configuration is more complex, it depend on the external physical router.
So, I propose a eaiser way to make the ipv6 VMs accessed by external network: In openstack l3 router we set 'proxy_ndp' [1] kernal paramer as '1', like this: 'sysctl -w net.ipv6.conf.all.proxy_ndp=1', then we can add proxied address to gateway tap device, like this: 'ip -6 neigh add proxy 2001:400:1234:567:ffff::8 dev qg-733bd76b-62'. In external router we just need to add a static direct route, like this: 'ip route add 2001:400:1234:567:ffff::/80 dev fake-gw-port'. In this way, the external traffic can accurately forward to proper openstack router and then forward to specify VM. We can implement a plugin to support some APIs, these APIs should support add a single address proxy entry to router external gateway port, in order to that we can control advertise which address to external network. And the iptables can be used to break the trafffic immediately when user delete a address proxy entry. To guarantee the address is unique, the address scope should be considered. [1] https://www.geeklab.info/2013/05/ipv6-neighbour-proxy/ ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1877301 Title: [RFE] L3 Router support ndp proxy Status in neutron: New Bug description: As the ipv6 device more and more popularize, we should make our ipv6 VMs more easily connect to external network,but neutron don't support Floating IP and NAT for ipv6. The bgp-dynamic-routing is a optional way to make the ipv6 VMs accessed by external network. But the bgp configuration is more complex, it depend on the external physical router. So, I propose a eaiser way to make the ipv6 VMs accessed by external network: In openstack l3 router we set 'proxy_ndp' [1] kernal paramer as '1', like this: 'sysctl -w net.ipv6.conf.all.proxy_ndp=1', then we can add proxied address to gateway tap device, like this: 'ip -6 neigh add proxy 2001:400:1234:567:ffff::8 dev qg-733bd76b-62'. In external router we just need to add a static direct route, like this: 'ip route add 2001:400:1234:567:ffff::/80 dev fake-gw-port'. In this way, the external traffic can accurately forward to proper openstack router and then forward to specify VM. We can implement a plugin to support some APIs, these APIs should support add a single address proxy entry to router external gateway port, in order to that we can control advertise which address to external network. And the iptables can be used to break the trafffic immediately when user delete a address proxy entry. To guarantee the address is unique, the address scope should be considered. [1] https://www.geeklab.info/2013/05/ipv6-neighbour-proxy/ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1877301/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
