OpenStack Icehouse Over IPv6
Upcoming SlideShare
Loading in...5
×
 

OpenStack Icehouse Over IPv6

on

  • 1,488 views

Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we ...

Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we discussed the use cases we had tried to cover, the architectural design we had proposed and the solution being implemented. A demo was provided by the end of the session to showcase the IPv6 connectivity between a dual-stack VM and its default gateway using recently released OpenStack Icehouse.

This slide, "OpenStack Icehouse on IPv6", was presented on April 24 in Triangle OpenStack Meetups sponsored by Cisco System in Raleigh-Durham area, NC, USA.

We will periodically publish more slides to share our key findings or key learnings from other stackers or our customers with respect to OpenStack and IPv6.

Stay tuned!

Shixiong

Statistics

Views

Total Views
1,488
Views on SlideShare
1,460
Embed Views
28

Actions

Likes
4
Downloads
72
Comments
0

2 Embeds 28

http://www.slideee.com 26
https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

OpenStack Icehouse Over IPv6 OpenStack Icehouse Over IPv6 Presentation Transcript

  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack  Icehouse  on  IPv6 Shixiong  Shang   v1.3
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Introduction § Overview § Use Cases § Design and Implementation § Demo § Next Steps Agenda 2
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Nephos6 – Founded in June, 2011 – Service assurance company – Twitter: @Nephos6 – Web: http://www.nephos6.com § Shixiong Shang – Head of Engineering – Twitter: @shshang – Email: shshang@nephos6.com Introduction 3 § Ciprian Popoviciu – Founder, CEO – IPv6 expert – Twitter: @Nephos6 – Email: chip@nephos6.com
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § “The promise of Cloud cannot be fully met without IPv6” - Nephos6 § “The Road To IPv6, Bumpy” - Paul Saab from Facebook, 2014 V6 World Congress in Paris ! ! ! ! ! ! ! § Facebook’s goal: – 75% of internal traffic is now IPv6 with a goal to be at 100% by Q3 2014 or earlier – First IPv6 only cluster (no RFC1918) by end of 2014 – 100% IPv6 only (no RFC1918) in 2-3 years IPv6…? IPv6 NOW! 4
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § OpenStack Neutron IPv6 sub team. § Have been working with other stackers on weekly basis – Comcast, IBM, Cisco, etc. § Nephos6 main contributions: – Proposed 4 + 1 blueprints – Implemented 3 + 1 blueprints – Submitted 400+ lines of python source code plus 300+ lines of unit testing code § Target: OpenStack Icehouse with IPv6 in April, 2014 § Status: Look forward to Juno….:) Overview 5
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Current main focuses: – Router Advertisement and Address Assignment ‣ SLAAC ‣ DHCPv6 (Stateful and Stateless) – Tenant network ‣ Public ‣ Private/Provider § Primary seven use cases – Neutron Client (CLI + Dashboard): IBM and Cisco – Neutron APIs: Comcast and IBM – Database: Comcast – Neutron DHCP Agent: Nephos6 Scope 6
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 IPv6 Address Auto-Configuration 7 SLAAC* DHCPv6* IPv6 Address (non-link-local) By exchanging Router Solicitation and Router Advertisement messages with neighboring routers. From DHCPv6 server Additional Information None From DHCPv6 server Default Gateway The only way to announce default route is using Router Advertisement! Pros Plug and play IPv4-like approach, but better More control Cons Doesn’t provide Hostname, DNS server, WINS, etc. Operational overhead (extra DHCP server, HA, etc.) * Based on ICMPv6
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 8 neutron  router tenant  network   (inside) VM external  network  side   (outside) Router Advertisement Address Assignment: SLAAC neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateful dhcpv6  server  (stateful) neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateless dhcpv6  server  (stateless) Provided  by   OpenStack 1 2 3
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 9 tenant  network   (inside) external  network  side   (outside) neutron  router dhcpv6  server  (stateful) Provided  by   OpenStack Provided  by   customer Provided  by   customer VM VMneutron  router dhcpv6  server  (stateless) 4 5 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Provider Tenant Network 10 tenant  network   (inside) physical  router Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  router external  network  side   (outside) 6 7 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 11 tenant  network   (inside) No  external  network  side   (outside) physical  switch Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  switch Use Cases - Private Tenant Network 8 9 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
  • Who Sends RA? Who Assign Address? Network Type OpenStack ipv6_ra_mode OpenStack ipv6_address_mode Description external router (A=1, M=0, O=0) external router off off VM obtains IPv6 address from external router using SLAAC external router (A=0, M=1, O=1) external DHCPv6 server off off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Private / Provider off dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful external router (A=1, M=0, O=1) external DHCPv6 server off off VM obtains IPv6 address from external router by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Private / Provider off dhcpv6-stateless VM obtains IPv6 address from external router by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless OpenStack dnsmasq (A=1, M=0, O=0) OpenStack dnsmasq Public slaac slaac VM obtains IPv6 address from OpenStack using SLAAC OpenStack dnsmasq (A=0, M=1, O=1) external DHCPv6 server Public dhcpv6-stateful off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Public dhcpv6-stateful dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful OpenStack dnsmasq (A=1, M=0, O=1) external DHCPv6 server Public dhcpv6-stateless off VM obtains IPv6 address from OpenStack by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Public dhcpv6-stateless dhcpv6-stateless VM obtains IPv6 address from OpenStack by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless This  table  is  created  and  submitted  to  Neutron  IPv6  subteam  by  Shixiong  Shang  from  Nephos6.
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Separate the control of Router Advertisement from Address Assignment using two new attributes: Design Proposal 13 Attribute Description Possible Values ipv6_ra_mode Determine who sends RA and which AMO bits are set. dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank) ipv6_address_mode Determine how VM obtains IPv6 address, default gateway, and/or optional information dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank)
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Implementation 14 neutron  client   (via  cli  or  horizon) Neutron  API Plugin RabbitMQ DHCP  Agent Controller   Node Driver  (dnsmasq) Network   Node New  User   Interface Translate   customer   inputs  to  key/ value  pairs  in   API  call Validate  two   attributes   combination Attach  two   attributes   values  to   IPv6  subnet Event  /  Task Launch  dnsmasq  for  IPv6   subnets  based  on  two   attributes DB
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 15 Neutron Subnet Creation neutron subnet-create --ip-version 6 --name subnet-name network-name ipv6_prefix --enable-dhcp true --ipv6_ra_mode slaac --ipv6_address_mode slaac Neutron  Client Neutron  API MySQL  DB
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Public Network 16 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c qr-­‐  interface   192.168.1.1 qr-­‐  interface   2001:db8:1:1::1 qrouter  namespace VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 4.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 3.  OpenStack  needs  to  know   VM’s  self-­‐calculated  IPv6   address  in  SLAAC  case 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  RA   and/or  DHCPv6 IPv4  DHCP security  policy Switching 2.  Launch  a  dnsmasq  instance  for   IPv6  subnet,  bind  it  to  the  qr-­‐  gw   interface  and  send  RA  from  there.   May  use  dnsmasq  as  DHCPv6  server.
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Private/Provider Network 17 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 2.  Launch  a  separate  dnsmasq   instance  for  IPv6  subnet  and  bind  it   to  the  ns-­‐  interface.  Use  it  as   DHCPv6  server  without  sending  RA 3.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  DHCPv6IPv4  DHCP security  policy Switching
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 18 eth0 Network Node Compute Node Tenant Data Networks Tenant External Network Router mysql db rabbitmq horizon keystone glance swift cinder nova-api nova-scheduler nova-consoleauth nova-novncproxy nova-cert nova-conductor neutron-server Controller Node eth0 eth1 eth2 eth0 eth2 Management and API Networks neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch neutron-openvswitch- agent dnsmasq nova-compute openvswitch-agent openvswitch
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 19 Network Node Compute Node net1_priv1 sub1_priv1_ipv4: 192.168.1.0/24 sub1_priv1_ipv6: 2001:db8:1:1::/64 VM OVSwitchOVSwitchOVSwitch Neutron Router Physical Router 192.168.1.1 2001:db8:1:1::1 192.168.1.d 2001:db8:1:1:x:y:z:e
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 20
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 21
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 22
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 23
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Robustness § ML2…friend or foe? § IPv6 External network § Prefix Delegation § …and more! Next Step 24 “Any  product  that  is  not  IPv6  based  is  legacy  from  day  one.”  -­‐  Nephos6
  • OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6