SlideShare uma empresa Scribd logo

OpenStack Icehouse Over IPv6

Shixiong Shang
Shixiong Shang

Since my previous meetup presentation in last Dec., a lot of progress has been made jointly between Nephos6, Comcast, IBM, and Cisco teams to enable IPv6 in OpenStack Icehouse. In this session, we discussed the use cases we had tried to cover, the architectural design we had proposed and the solution being implemented. A demo was provided by the end of the session to showcase the IPv6 connectivity between a dual-stack VM and its default gateway using recently released OpenStack Icehouse. This slide, "OpenStack Icehouse on IPv6", was presented on April 24 in Triangle OpenStack Meetups sponsored by Cisco System in Raleigh-Durham area, NC, USA. We will periodically publish more slides to share our key findings or key learnings from other stackers or our customers with respect to OpenStack and IPv6. Stay tuned! Shixiong

Tecnologia
1 de 25
Baixar para ler offline
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack  Icehouse  on  IPv6 Shixiong  Shang   v1.3
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Introduction § Overview § Use Cases § Design and Implementation § Demo § Next Steps Agenda 2
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Nephos6 – Founded in June, 2011 – Service assurance company – Twitter: @Nephos6 – Web: http://www.nephos6.com § Shixiong Shang – Head of Engineering – Twitter: @shshang – Email: shshang@nephos6.com Introduction 3 § Ciprian Popoviciu – Founder, CEO – IPv6 expert – Twitter: @Nephos6 – Email: chip@nephos6.com
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § “The promise of Cloud cannot be fully met without IPv6” - Nephos6 § “The Road To IPv6, Bumpy” - Paul Saab from Facebook, 2014 V6 World Congress in Paris ! ! ! ! ! ! ! § Facebook’s goal: – 75% of internal traffic is now IPv6 with a goal to be at 100% by Q3 2014 or earlier – First IPv6 only cluster (no RFC1918) by end of 2014 – 100% IPv6 only (no RFC1918) in 2-3 years IPv6…? IPv6 NOW! 4
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § OpenStack Neutron IPv6 sub team. § Have been working with other stackers on weekly basis – Comcast, IBM, Cisco, etc. § Nephos6 main contributions: – Proposed 4 + 1 blueprints – Implemented 3 + 1 blueprints – Submitted 400+ lines of python source code plus 300+ lines of unit testing code § Target: OpenStack Icehouse with IPv6 in April, 2014 § Status: Look forward to Juno….:) Overview 5
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Current main focuses: – Router Advertisement and Address Assignment ‣ SLAAC ‣ DHCPv6 (Stateful and Stateless) – Tenant network ‣ Public ‣ Private/Provider § Primary seven use cases – Neutron Client (CLI + Dashboard): IBM and Cisco – Neutron APIs: Comcast and IBM – Database: Comcast – Neutron DHCP Agent: Nephos6 Scope 6
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 IPv6 Address Auto-Configuration 7 SLAAC* DHCPv6* IPv6 Address (non-link-local) By exchanging Router Solicitation and Router Advertisement messages with neighboring routers. From DHCPv6 server Additional Information None From DHCPv6 server Default Gateway The only way to announce default route is using Router Advertisement! Pros Plug and play IPv4-like approach, but better More control Cons Doesn’t provide Hostname, DNS server, WINS, etc. Operational overhead (extra DHCP server, HA, etc.) * Based on ICMPv6
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 8 neutron  router tenant  network   (inside) VM external  network  side   (outside) Router Advertisement Address Assignment: SLAAC neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateful dhcpv6  server  (stateful) neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateless dhcpv6  server  (stateless) Provided  by   OpenStack 1 2 3
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 9 tenant  network   (inside) external  network  side   (outside) neutron  router dhcpv6  server  (stateful) Provided  by   OpenStack Provided  by   customer Provided  by   customer VM VMneutron  router dhcpv6  server  (stateless) 4 5 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Provider Tenant Network 10 tenant  network   (inside) physical  router Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  router external  network  side   (outside) 6 7 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 11 tenant  network   (inside) No  external  network  side   (outside) physical  switch Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  switch Use Cases - Private Tenant Network 8 9 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
Who Sends RA? Who Assign Address? Network Type OpenStack ipv6_ra_mode OpenStack ipv6_address_mode Description external router (A=1, M=0, O=0) external router off off VM obtains IPv6 address from external router using SLAAC external router (A=0, M=1, O=1) external DHCPv6 server off off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Private / Provider off dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful external router (A=1, M=0, O=1) external DHCPv6 server off off VM obtains IPv6 address from external router by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Private / Provider off dhcpv6-stateless VM obtains IPv6 address from external router by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless OpenStack dnsmasq (A=1, M=0, O=0) OpenStack dnsmasq Public slaac slaac VM obtains IPv6 address from OpenStack using SLAAC OpenStack dnsmasq (A=0, M=1, O=1) external DHCPv6 server Public dhcpv6-stateful off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Public dhcpv6-stateful dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful OpenStack dnsmasq (A=1, M=0, O=1) external DHCPv6 server Public dhcpv6-stateless off VM obtains IPv6 address from OpenStack by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Public dhcpv6-stateless dhcpv6-stateless VM obtains IPv6 address from OpenStack by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless This  table  is  created  and  submitted  to  Neutron  IPv6  subteam  by  Shixiong  Shang  from  Nephos6.
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Separate the control of Router Advertisement from Address Assignment using two new attributes: Design Proposal 13 Attribute Description Possible Values ipv6_ra_mode Determine who sends RA and which AMO bits are set. dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank) ipv6_address_mode Determine how VM obtains IPv6 address, default gateway, and/or optional information dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank)
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Implementation 14 neutron  client   (via  cli  or  horizon) Neutron  API Plugin RabbitMQ DHCP  Agent Controller   Node Driver  (dnsmasq) Network   Node New  User   Interface Translate   customer   inputs  to  key/ value  pairs  in   API  call Validate  two   attributes   combination Attach  two   attributes   values  to   IPv6  subnet Event  /  Task Launch  dnsmasq  for  IPv6   subnets  based  on  two   attributes DB
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 15 Neutron Subnet Creation neutron subnet-create --ip-version 6 --name subnet-name network-name ipv6_prefix --enable-dhcp true --ipv6_ra_mode slaac --ipv6_address_mode slaac Neutron  Client Neutron  API MySQL  DB
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Public Network 16 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c qr-­‐  interface   192.168.1.1 qr-­‐  interface   2001:db8:1:1::1 qrouter  namespace VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 4.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 3.  OpenStack  needs  to  know   VM’s  self-­‐calculated  IPv6   address  in  SLAAC  case 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  RA   and/or  DHCPv6 IPv4  DHCP security  policy Switching 2.  Launch  a  dnsmasq  instance  for   IPv6  subnet,  bind  it  to  the  qr-­‐  gw   interface  and  send  RA  from  there.   May  use  dnsmasq  as  DHCPv6  server.
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Private/Provider Network 17 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 2.  Launch  a  separate  dnsmasq   instance  for  IPv6  subnet  and  bind  it   to  the  ns-­‐  interface.  Use  it  as   DHCPv6  server  without  sending  RA 3.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  DHCPv6IPv4  DHCP security  policy Switching
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 18 eth0 Network Node Compute Node Tenant Data Networks Tenant External Network Router mysql db rabbitmq horizon keystone glance swift cinder nova-api nova-scheduler nova-consoleauth nova-novncproxy nova-cert nova-conductor neutron-server Controller Node eth0 eth1 eth2 eth0 eth2 Management and API Networks neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch neutron-openvswitch- agent dnsmasq nova-compute openvswitch-agent openvswitch
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 19 Network Node Compute Node net1_priv1 sub1_priv1_ipv4: 192.168.1.0/24 sub1_priv1_ipv6: 2001:db8:1:1::/64 VM OVSwitchOVSwitchOVSwitch Neutron Router Physical Router 192.168.1.1 2001:db8:1:1::1 192.168.1.d 2001:db8:1:1:x:y:z:e
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 20
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 21
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 22
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 23
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Robustness § ML2…friend or foe? § IPv6 External network § Prefix Delegation § …and more! Next Step 24 “Any  product  that  is  not  IPv6  based  is  legacy  from  day  one.”  -­‐  Nephos6
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6

Recomendados

OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6Rohit Agarwalla
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachBangladesh Network Operators Group
 
Automating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleAutomating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleBangladesh Network Operators Group
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick grazianiAlejandro Reyes
 

Recomendados

OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6Shixiong Shang
 
Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
OpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsOpenStack Neutron IPv6 Lessons
OpenStack Neutron IPv6 LessonsAkihiro Motoki
 
Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6Rohit Agarwalla
 
Route Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS ApproachBangladesh Network Operators Group
 
Automating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleAutomating Network Infrastructure : Ansible
Automating Network Infrastructure : AnsibleBangladesh Network Operators Group
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick grazianiAlejandro Reyes
 
APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletРегистар националног Интернет домена Србије - РНИДС
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Kentaro Ebisawa
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?Yongyoon Shin
 
Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4InfraEngineer
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
IPv6 DHCP
IPv6 DHCPIPv6 DHCP
IPv6 DHCPIrsandi Hasan
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 
Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocolnewbie2019
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 

Mais conteúdo relacionado

Mais procurados

APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Kentaro Ebisawa
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?Yongyoon Shin
 
Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4InfraEngineer
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 

Mais procurados (20)

APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering Automation
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDC
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi Palet
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi Palet
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?
 
Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
IPv6 DHCP
IPv6 DHCPIPv6 DHCP
IPv6 DHCP
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 

Semelhante a OpenStack Icehouse Over IPv6

Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocolnewbie2019
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Analyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and statelessAnalyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and statelessMarco Canales NAveda
 
Apnic IPv6 Deployment
Apnic IPv6 DeploymentApnic IPv6 Deployment
Apnic IPv6 DeploymentAPNIC
 
June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on Videoguy
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-Eduardo Coelho
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Hari
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringChristian Elsen
 
Group-7-DHCPv4.pptx
Group-7-DHCPv4.pptxGroup-7-DHCPv4.pptx
Group-7-DHCPv4.pptxIvanTabanag1
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
Openstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate ITOpenstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate ITMirantis
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in productionShapeBlue
 

Semelhante a OpenStack Icehouse Over IPv6 (20)

Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Analyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and statelessAnalyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and stateless
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
Apnic IPv6 Deployment
Apnic IPv6 DeploymentApnic IPv6 Deployment
Apnic IPv6 Deployment
 
June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNIC
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
 
Group-7-DHCPv4.pptx
Group-7-DHCPv4.pptxGroup-7-DHCPv4.pptx
Group-7-DHCPv4.pptx
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
 
Openstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate ITOpenstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate IT
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in production
 

Último

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

OpenStack Icehouse Over IPv6

  • 1. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack  Icehouse  on  IPv6 Shixiong  Shang   v1.3
  • 2. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Introduction § Overview § Use Cases § Design and Implementation § Demo § Next Steps Agenda 2
  • 3. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Nephos6 – Founded in June, 2011 – Service assurance company – Twitter: @Nephos6 – Web: http://www.nephos6.com § Shixiong Shang – Head of Engineering – Twitter: @shshang – Email: shshang@nephos6.com Introduction 3 § Ciprian Popoviciu – Founder, CEO – IPv6 expert – Twitter: @Nephos6 – Email: chip@nephos6.com
  • 4. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § “The promise of Cloud cannot be fully met without IPv6” - Nephos6 § “The Road To IPv6, Bumpy” - Paul Saab from Facebook, 2014 V6 World Congress in Paris ! ! ! ! ! ! ! § Facebook’s goal: – 75% of internal traffic is now IPv6 with a goal to be at 100% by Q3 2014 or earlier – First IPv6 only cluster (no RFC1918) by end of 2014 – 100% IPv6 only (no RFC1918) in 2-3 years IPv6…? IPv6 NOW! 4
  • 5. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § OpenStack Neutron IPv6 sub team. § Have been working with other stackers on weekly basis – Comcast, IBM, Cisco, etc. § Nephos6 main contributions: – Proposed 4 + 1 blueprints – Implemented 3 + 1 blueprints – Submitted 400+ lines of python source code plus 300+ lines of unit testing code § Target: OpenStack Icehouse with IPv6 in April, 2014 § Status: Look forward to Juno….:) Overview 5
  • 6. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Current main focuses: – Router Advertisement and Address Assignment ‣ SLAAC ‣ DHCPv6 (Stateful and Stateless) – Tenant network ‣ Public ‣ Private/Provider § Primary seven use cases – Neutron Client (CLI + Dashboard): IBM and Cisco – Neutron APIs: Comcast and IBM – Database: Comcast – Neutron DHCP Agent: Nephos6 Scope 6
  • 7. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 IPv6 Address Auto-Configuration 7 SLAAC* DHCPv6* IPv6 Address (non-link-local) By exchanging Router Solicitation and Router Advertisement messages with neighboring routers. From DHCPv6 server Additional Information None From DHCPv6 server Default Gateway The only way to announce default route is using Router Advertisement! Pros Plug and play IPv4-like approach, but better More control Cons Doesn’t provide Hostname, DNS server, WINS, etc. Operational overhead (extra DHCP server, HA, etc.) * Based on ICMPv6
  • 8. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 8 neutron  router tenant  network   (inside) VM external  network  side   (outside) Router Advertisement Address Assignment: SLAAC neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateful dhcpv6  server  (stateful) neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateless dhcpv6  server  (stateless) Provided  by   OpenStack 1 2 3
  • 9. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 9 tenant  network   (inside) external  network  side   (outside) neutron  router dhcpv6  server  (stateful) Provided  by   OpenStack Provided  by   customer Provided  by   customer VM VMneutron  router dhcpv6  server  (stateless) 4 5 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement
  • 10. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Provider Tenant Network 10 tenant  network   (inside) physical  router Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  router external  network  side   (outside) 6 7 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
  • 11. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 11 tenant  network   (inside) No  external  network  side   (outside) physical  switch Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  switch Use Cases - Private Tenant Network 8 9 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
  • 12. Who Sends RA? Who Assign Address? Network Type OpenStack ipv6_ra_mode OpenStack ipv6_address_mode Description external router (A=1, M=0, O=0) external router off off VM obtains IPv6 address from external router using SLAAC external router (A=0, M=1, O=1) external DHCPv6 server off off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Private / Provider off dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful external router (A=1, M=0, O=1) external DHCPv6 server off off VM obtains IPv6 address from external router by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Private / Provider off dhcpv6-stateless VM obtains IPv6 address from external router by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless OpenStack dnsmasq (A=1, M=0, O=0) OpenStack dnsmasq Public slaac slaac VM obtains IPv6 address from OpenStack using SLAAC OpenStack dnsmasq (A=0, M=1, O=1) external DHCPv6 server Public dhcpv6-stateful off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Public dhcpv6-stateful dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful OpenStack dnsmasq (A=1, M=0, O=1) external DHCPv6 server Public dhcpv6-stateless off VM obtains IPv6 address from OpenStack by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Public dhcpv6-stateless dhcpv6-stateless VM obtains IPv6 address from OpenStack by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless This  table  is  created  and  submitted  to  Neutron  IPv6  subteam  by  Shixiong  Shang  from  Nephos6.
  • 13. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Separate the control of Router Advertisement from Address Assignment using two new attributes: Design Proposal 13 Attribute Description Possible Values ipv6_ra_mode Determine who sends RA and which AMO bits are set. dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank) ipv6_address_mode Determine how VM obtains IPv6 address, default gateway, and/or optional information dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank)
  • 14. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Implementation 14 neutron  client   (via  cli  or  horizon) Neutron  API Plugin RabbitMQ DHCP  Agent Controller   Node Driver  (dnsmasq) Network   Node New  User   Interface Translate   customer   inputs  to  key/ value  pairs  in   API  call Validate  two   attributes   combination Attach  two   attributes   values  to   IPv6  subnet Event  /  Task Launch  dnsmasq  for  IPv6   subnets  based  on  two   attributes DB
  • 15. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 15 Neutron Subnet Creation neutron subnet-create --ip-version 6 --name subnet-name network-name ipv6_prefix --enable-dhcp true --ipv6_ra_mode slaac --ipv6_address_mode slaac Neutron  Client Neutron  API MySQL  DB
  • 16. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Public Network 16 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c qr-­‐  interface   192.168.1.1 qr-­‐  interface   2001:db8:1:1::1 qrouter  namespace VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 4.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 3.  OpenStack  needs  to  know   VM’s  self-­‐calculated  IPv6   address  in  SLAAC  case 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  RA   and/or  DHCPv6 IPv4  DHCP security  policy Switching 2.  Launch  a  dnsmasq  instance  for   IPv6  subnet,  bind  it  to  the  qr-­‐  gw   interface  and  send  RA  from  there.   May  use  dnsmasq  as  DHCPv6  server.
  • 17. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Private/Provider Network 17 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 2.  Launch  a  separate  dnsmasq   instance  for  IPv6  subnet  and  bind  it   to  the  ns-­‐  interface.  Use  it  as   DHCPv6  server  without  sending  RA 3.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  DHCPv6IPv4  DHCP security  policy Switching
  • 18. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 18 eth0 Network Node Compute Node Tenant Data Networks Tenant External Network Router mysql db rabbitmq horizon keystone glance swift cinder nova-api nova-scheduler nova-consoleauth nova-novncproxy nova-cert nova-conductor neutron-server Controller Node eth0 eth1 eth2 eth0 eth2 Management and API Networks neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch neutron-openvswitch- agent dnsmasq nova-compute openvswitch-agent openvswitch
  • 19. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 19 Network Node Compute Node net1_priv1 sub1_priv1_ipv4: 192.168.1.0/24 sub1_priv1_ipv6: 2001:db8:1:1::/64 VM OVSwitchOVSwitchOVSwitch Neutron Router Physical Router 192.168.1.1 2001:db8:1:1::1 192.168.1.d 2001:db8:1:1:x:y:z:e
  • 20. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 20
  • 21. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 21
  • 22. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 22
  • 23. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 23
  • 24. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Robustness § ML2…friend or foe? § IPv6 External network § Prefix Delegation § …and more! Next Step 24 “Any  product  that  is  not  IPv6  based  is  legacy  from  day  one.”  -­‐  Nephos6
  • 25. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6