SlideShare uma empresa Scribd logo
1 de 25
Baixar para ler offline
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack	
  Icehouse	
  on	
  IPv6
Shixiong	
  Shang	
  
v1.3
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ Introduction
§ Overview
§ Use Cases
§ Design and Implementation
§ Demo
§ Next Steps
Agenda
2
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ Nephos6
– Founded in June, 2011
– Service assurance company
– Twitter: @Nephos6
– Web: http://www.nephos6.com
§ Shixiong Shang
– Head of Engineering
– Twitter: @shshang
– Email: shshang@nephos6.com
Introduction
3
§ Ciprian Popoviciu
– Founder, CEO
– IPv6 expert
– Twitter: @Nephos6
– Email: chip@nephos6.com
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ “The promise of Cloud cannot be fully met without IPv6” - Nephos6
§ “The Road To IPv6, Bumpy” - Paul Saab from Facebook, 2014 V6 World Congress in
Paris
!
!
!
!
!
!
!
§ Facebook’s goal:
– 75% of internal traffic is now IPv6 with a goal to be at 100% by Q3 2014 or earlier
– First IPv6 only cluster (no RFC1918) by end of 2014
– 100% IPv6 only (no RFC1918) in 2-3 years
IPv6…? IPv6 NOW!
4
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ OpenStack Neutron IPv6 sub team.
§ Have been working with other stackers on weekly basis
– Comcast, IBM, Cisco, etc.
§ Nephos6 main contributions:
– Proposed 4 + 1 blueprints
– Implemented 3 + 1 blueprints
– Submitted 400+ lines of python source code plus 300+ lines of unit testing
code
§ Target: OpenStack Icehouse with IPv6 in April, 2014
§ Status: Look forward to Juno….:)
Overview
5
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ Current main focuses:
– Router Advertisement and Address Assignment
‣ SLAAC
‣ DHCPv6 (Stateful and Stateless)
– Tenant network
‣ Public
‣ Private/Provider
§ Primary seven use cases
– Neutron Client (CLI + Dashboard): IBM and Cisco
– Neutron APIs: Comcast and IBM
– Database: Comcast
– Neutron DHCP Agent: Nephos6
Scope
6
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
IPv6 Address Auto-Configuration
7
SLAAC* DHCPv6*
IPv6 Address
(non-link-local)
By exchanging Router
Solicitation and Router
Advertisement messages with
neighboring routers.
From DHCPv6 server
Additional Information None From DHCPv6 server
Default Gateway The only way to announce default route is using Router
Advertisement!
Pros Plug and play IPv4-like approach, but better
More control
Cons Doesn’t provide Hostname,
DNS server, WINS, etc.
Operational overhead (extra
DHCP server, HA, etc.)
* Based on ICMPv6
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
Use Cases - Public Tenant Network
8
neutron	
  router
tenant	
  network	
  
(inside)
VM
external	
  network	
  side	
  
(outside)
Router Advertisement Address Assignment: SLAAC
neutron	
  router VM
Router Advertisement Address Assignment: DHCPv6 Stateful
dhcpv6	
  server	
  (stateful)
neutron	
  router VM
Router Advertisement Address Assignment: DHCPv6 Stateless
dhcpv6	
  server	
  (stateless)
Provided	
  by	
  
OpenStack
1
2
3
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
Use Cases - Public Tenant Network
9
tenant	
  network	
  
(inside)
external	
  network	
  side	
  
(outside)
neutron	
  router dhcpv6	
  server	
  (stateful)
Provided	
  by	
  
OpenStack
Provided	
  by	
  
customer
Provided	
  by	
  
customer
VM
VMneutron	
  router dhcpv6	
  server	
  (stateless)
4
5
Router Advertisement Address Assignment: DHCPv6 Stateful
Address Assignment: DHCPv6 StatelessRouter Advertisement
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
Use Cases - Provider Tenant Network
10
tenant	
  network	
  
(inside)
physical	
  router
Provided	
  by	
  
customer
Provided	
  by	
  
OpenStack
Provided	
  by	
  
Openstack
VM
VMphysical	
  router
external	
  network	
  side	
  
(outside)
6
7
Router Advertisement Address Assignment: DHCPv6 Stateful
Address Assignment: DHCPv6 StatelessRouter Advertisement
dhcpv6	
  server	
  (stateful)
dhcpv6	
  server	
  (stateless)
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 11
tenant	
  network	
  
(inside)
No	
  external	
  network	
  side	
  
(outside)
physical	
  switch
Provided	
  by	
  
customer
Provided	
  by	
  
OpenStack
Provided	
  by	
  
Openstack
VM
VMphysical	
  switch
Use Cases - Private Tenant Network
8
9
Router Advertisement Address Assignment: DHCPv6 Stateful
Address Assignment: DHCPv6 StatelessRouter Advertisement
dhcpv6	
  server	
  (stateful)
dhcpv6	
  server	
  (stateless)
Who Sends RA?
Who Assign
Address?
Network
Type
OpenStack
ipv6_ra_mode
OpenStack
ipv6_address_mode
Description
external router
(A=1, M=0, O=0)
external router off off
VM obtains IPv6 address from external router using
SLAAC
external router
(A=0, M=1, O=1)
external DHCPv6
server
off off
VM obtains IPv6 address and optional info from external
DHCPv6 server using DHCPv6 Stateful
OpenStack
dnsmasq
Private /
Provider
off dhcpv6-stateful
VM obtains IPv6 address and optional info from
OpenStack dnsmasq using DHCPv6 Stateful
external router
(A=1, M=0, O=1)
external DHCPv6
server
off off
VM obtains IPv6 address from external router by SLAAC
and optional info from external DHCPv6 server using
DHCPv6 Stateless
OpenStack
dnsmasq
Private /
Provider
off dhcpv6-stateless
VM obtains IPv6 address from external router by SLAAC
and optional info from OpenStack dnsmasq using
DHCPv6 Stateless
OpenStack dnsmasq
(A=1, M=0, O=0)
OpenStack
dnsmasq
Public slaac slaac VM obtains IPv6 address from OpenStack using SLAAC
OpenStack dnsmasq
(A=0, M=1, O=1)
external DHCPv6
server
Public dhcpv6-stateful off
VM obtains IPv6 address and optional info from external
DHCPv6 server using DHCPv6 Stateful
OpenStack
dnsmasq
Public dhcpv6-stateful dhcpv6-stateful
VM obtains IPv6 address and optional info from
OpenStack dnsmasq using DHCPv6 Stateful
OpenStack dnsmasq
(A=1, M=0, O=1)
external DHCPv6
server
Public dhcpv6-stateless off
VM obtains IPv6 address from OpenStack by SLAAC and
optional info from external DHCPv6 server using
DHCPv6 Stateless
OpenStack
dnsmasq
Public dhcpv6-stateless dhcpv6-stateless
VM obtains IPv6 address from OpenStack by SLAAC and
optional info from OpenStack dnsmasq using DHCPv6
Stateless
This	
  table	
  is	
  created	
  and	
  submitted	
  to	
  Neutron	
  IPv6	
  subteam	
  by	
  Shixiong	
  Shang	
  from	
  Nephos6.
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ Separate the control of Router Advertisement from Address
Assignment using two new attributes:
Design Proposal
13
Attribute Description Possible Values
ipv6_ra_mode
Determine who sends RA and
which AMO bits are set.
dhcpv6-stateful
dhcpv6-stateless
slaac
attr_not_specified (i.e. blank)
ipv6_address_mode
Determine how VM obtains IPv6
address, default gateway, and/or
optional information
dhcpv6-stateful
dhcpv6-stateless
slaac
attr_not_specified (i.e. blank)
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
Implementation
14
neutron	
  client	
  
(via	
  cli	
  or	
  horizon)
Neutron	
  API
Plugin
RabbitMQ
DHCP	
  Agent
Controller	
  
Node
Driver	
  (dnsmasq)
Network	
  
Node
New	
  User	
  
Interface
Translate	
  
customer	
  
inputs	
  to	
  key/
value	
  pairs	
  in	
  
API	
  call
Validate	
  two	
  
attributes	
  
combination
Attach	
  two	
  
attributes	
  
values	
  to	
  
IPv6	
  subnet
Event	
  /	
  Task
Launch	
  dnsmasq	
  for	
  IPv6	
  
subnets	
  based	
  on	
  two	
  
attributes
DB
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 15
Neutron Subnet Creation
neutron subnet-create --ip-version 6 --name subnet-name network-name ipv6_prefix
--enable-dhcp true --ipv6_ra_mode slaac --ipv6_address_mode slaac
Neutron	
  Client
Neutron	
  API
MySQL	
  DB
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
Challenges: Public Network
16
Network	
  
Node
qdhcp	
  namespace
ns-­‐	
  interface	
  
192.168.1.2	
  
2001:db8:1:1::a:b:c
qr-­‐	
  interface	
  
192.168.1.1
qr-­‐	
  interface	
  
2001:db8:1:1::1
qrouter	
  namespace
VM
Compute	
  
Node
vnic	
  
192.168.1.3	
  
2001:db8:1:1::x:y:z
4.	
  Need	
  ip6tables	
  
filter	
  rules	
  to	
  
enable	
  ICMPv6	
  at	
  
inbound	
  direction
3.	
  OpenStack	
  needs	
  to	
  know	
  
VM’s	
  self-­‐calculated	
  IPv6	
  
address	
  in	
  SLAAC	
  case
1.	
  Keep	
  dnsmasq	
  behavior	
  
intact	
  for	
  IPv4	
  subnet
IPv6	
  RA	
  
and/or	
  DHCPv6
IPv4	
  DHCP
security	
  policy
Switching
2.	
  Launch	
  a	
  dnsmasq	
  instance	
  for	
  
IPv6	
  subnet,	
  bind	
  it	
  to	
  the	
  qr-­‐	
  gw	
  
interface	
  and	
  send	
  RA	
  from	
  there.	
  
May	
  use	
  dnsmasq	
  as	
  DHCPv6	
  server.
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
Challenges: Private/Provider Network
17
Network	
  
Node
qdhcp	
  namespace
ns-­‐	
  interface	
  
192.168.1.2	
  
2001:db8:1:1::a:b:c
VM
Compute	
  
Node
vnic	
  
192.168.1.3	
  
2001:db8:1:1::x:y:z
2.	
  Launch	
  a	
  separate	
  dnsmasq	
  
instance	
  for	
  IPv6	
  subnet	
  and	
  bind	
  it	
  
to	
  the	
  ns-­‐	
  interface.	
  Use	
  it	
  as	
  
DHCPv6	
  server	
  without	
  sending	
  RA
3.	
  Need	
  ip6tables	
  
filter	
  rules	
  to	
  
enable	
  ICMPv6	
  at	
  
inbound	
  direction
1.	
  Keep	
  dnsmasq	
  behavior	
  
intact	
  for	
  IPv4	
  subnet
IPv6	
  DHCPv6IPv4	
  DHCP
security	
  policy
Switching
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack Icehouse On IPv6 Demo
18
eth0
Network Node
Compute Node
Tenant Data Networks
Tenant External Network
Router
mysql db
rabbitmq
horizon
keystone
glance
swift
cinder
nova-api
nova-scheduler
nova-consoleauth
nova-novncproxy
nova-cert
nova-conductor
neutron-server
Controller Node
eth0 eth1 eth2 eth0 eth2
Management and API Networks
neutron-dhcp-agent
neutron-l3-agent
neutron-metadata-agent
openvswitch
neutron-openvswitch-
agent
dnsmasq
nova-compute
openvswitch-agent
openvswitch
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack Icehouse On IPv6 Demo
19
Network Node Compute Node
net1_priv1
sub1_priv1_ipv4: 192.168.1.0/24
sub1_priv1_ipv6: 2001:db8:1:1::/64
VM
OVSwitchOVSwitchOVSwitch
Neutron Router
Physical Router
192.168.1.1
2001:db8:1:1::1
192.168.1.d
2001:db8:1:1:x:y:z:e
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack Icehouse On IPv6 Demo
20
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack Icehouse On IPv6 Demo
21
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack Icehouse On IPv6 Demo
22
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
OpenStack Icehouse On IPv6 Demo
23
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6
§ Robustness
§ ML2…friend or foe?
§ IPv6 External network
§ Prefix Delegation
§ …and more!
Next Step
24
“Any	
  product	
  that	
  is	
  not	
  IPv6	
  based	
  is	
  legacy	
  from	
  day	
  one.”	
  -­‐	
  Nephos6
OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6

Mais conteúdo relacionado

Mais procurados

APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationTom Paseka
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDCCumulus Networks
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronMichelle Holley
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Kentaro Ebisawa
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석Yongyoon Shin
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi  802x eap tls peap mscha pv2Presentation iv implementasi  802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2Hell19
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostCumulus Networks
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?Yongyoon Shin
 
Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4InfraEngineer
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesCumulus Networks
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PROIDEA
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICAPNIC
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionRedge Technologies
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecShortestPathFirst
 

Mais procurados (20)

APRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering AutomationAPRICOT 2015 - NetConf for Peering Automation
APRICOT 2015 - NetConf for Peering Automation
 
Operationalizing BGP in the SDDC
Operationalizing BGP in the SDDCOperationalizing BGP in the SDDC
Operationalizing BGP in the SDDC
 
Service Function Chaining in Openstack Neutron
Service Function Chaining in Openstack NeutronService Function Chaining in Openstack Neutron
Service Function Chaining in Openstack Neutron
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
IPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi PaletIPv6 in cellular networks - Jordi Palet
IPv6 in cellular networks - Jordi Palet
 
IPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi PaletIPv6 transition and coexistance - Jordi Palet
IPv6 transition and coexistance - Jordi Palet
 
IPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi PaletIPv6 deployment planning Jordi Palet
IPv6 deployment planning Jordi Palet
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
 
Presentation iv implementasi 802x eap tls peap mscha pv2
Presentation iv implementasi  802x eap tls peap mscha pv2Presentation iv implementasi  802x eap tls peap mscha pv2
Presentation iv implementasi 802x eap tls peap mscha pv2
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
 
OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?OpenStack DVR_What is DVR?
OpenStack DVR_What is DVR?
 
Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4Packet walks in_kubernetes-v4
Packet walks in_kubernetes-v4
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
NFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center ArchitecturesNFD9 - Dinesh Dutt, Data Center Architectures
NFD9 - Dinesh Dutt, Data Center Architectures
 
IPv6 DHCP
IPv6 DHCPIPv6 DHCP
IPv6 DHCP
 
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
PLNOG15: Practical deployments of Kea, a high performance scalable DHCP - Tom...
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
An Introduction to BGP Flow Spec
An Introduction to BGP Flow SpecAn Introduction to BGP Flow Spec
An Introduction to BGP Flow Spec
 

Semelhante a OpenStack Icehouse Over IPv6

Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocolnewbie2019
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6Private
 
APNIC Update
APNIC Update APNIC Update
APNIC Update APNIC
 
Analyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and statelessAnalyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and statelessMarco Canales NAveda
 
Apnic IPv6 Deployment
Apnic IPv6 DeploymentApnic IPv6 Deployment
Apnic IPv6 DeploymentAPNIC
 
June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on Videoguy
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-Eduardo Coelho
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Hari
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNICAPNIC
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringChristian Elsen
 
Group-7-DHCPv4.pptx
Group-7-DHCPv4.pptxGroup-7-DHCPv4.pptx
Group-7-DHCPv4.pptxIvanTabanag1
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNICIndonesia Network Operators Group
 
Openstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate ITOpenstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate ITMirantis
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and RealitySwiss IPv6 Council
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...gogo6
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in productionShapeBlue
 

Semelhante a OpenStack Icehouse Over IPv6 (20)

Dynamic Host Configuration Protocol
Dynamic Host Configuration ProtocolDynamic Host Configuration Protocol
Dynamic Host Configuration Protocol
 
Getting started with IPv6
Getting started with IPv6Getting started with IPv6
Getting started with IPv6
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
APNIC Update
APNIC Update APNIC Update
APNIC Update
 
Analyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and statelessAnalyzing dhc pv6 stateful and stateless
Analyzing dhc pv6 stateful and stateless
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
 
Apnic IPv6 Deployment
Apnic IPv6 DeploymentApnic IPv6 Deployment
Apnic IPv6 Deployment
 
June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on June 2004 IPv6 – Hands on
June 2004 IPv6 – Hands on
 
2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-2012 11-09 facex - i pv6 transition planning-
2012 11-09 facex - i pv6 transition planning-
 
Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)Building Linux IPv6 DNS Server (Draft Copy)
Building Linux IPv6 DNS Server (Draft Copy)
 
IPv6 deployment at APNIC
IPv6 deployment at APNICIPv6 deployment at APNIC
IPv6 deployment at APNIC
 
Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140) Network Security Best Practice (BCP38 & 140)
Network Security Best Practice (BCP38 & 140)
 
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration EngineeringCAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
CAv6TF Meeting - 2014-05-27 - IPv6@ VMware Integration Engineering
 
Group-7-DHCPv4.pptx
Group-7-DHCPv4.pptxGroup-7-DHCPv4.pptx
Group-7-DHCPv4.pptx
 
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
02 - IDNOG04 - Sheryl Hermoso (APNIC) - IPv6 Deployment at APNIC
 
Openstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate ITOpenstack meetup: Bootstrapping OpenStack to Corporate IT
Openstack meetup: Bootstrapping OpenStack to Corporate IT
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
IPv6 Security - Myths and Reality
IPv6 Security - Myths and RealityIPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 
CloudStack IPv6 in production
CloudStack IPv6 in productionCloudStack IPv6 in production
CloudStack IPv6 in production
 

Último

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 

Último (20)

Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 

OpenStack Icehouse Over IPv6

  • 1. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack  Icehouse  on  IPv6 Shixiong  Shang   v1.3
  • 2. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Introduction § Overview § Use Cases § Design and Implementation § Demo § Next Steps Agenda 2
  • 3. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Nephos6 – Founded in June, 2011 – Service assurance company – Twitter: @Nephos6 – Web: http://www.nephos6.com § Shixiong Shang – Head of Engineering – Twitter: @shshang – Email: shshang@nephos6.com Introduction 3 § Ciprian Popoviciu – Founder, CEO – IPv6 expert – Twitter: @Nephos6 – Email: chip@nephos6.com
  • 4. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § “The promise of Cloud cannot be fully met without IPv6” - Nephos6 § “The Road To IPv6, Bumpy” - Paul Saab from Facebook, 2014 V6 World Congress in Paris ! ! ! ! ! ! ! § Facebook’s goal: – 75% of internal traffic is now IPv6 with a goal to be at 100% by Q3 2014 or earlier – First IPv6 only cluster (no RFC1918) by end of 2014 – 100% IPv6 only (no RFC1918) in 2-3 years IPv6…? IPv6 NOW! 4
  • 5. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § OpenStack Neutron IPv6 sub team. § Have been working with other stackers on weekly basis – Comcast, IBM, Cisco, etc. § Nephos6 main contributions: – Proposed 4 + 1 blueprints – Implemented 3 + 1 blueprints – Submitted 400+ lines of python source code plus 300+ lines of unit testing code § Target: OpenStack Icehouse with IPv6 in April, 2014 § Status: Look forward to Juno….:) Overview 5
  • 6. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Current main focuses: – Router Advertisement and Address Assignment ‣ SLAAC ‣ DHCPv6 (Stateful and Stateless) – Tenant network ‣ Public ‣ Private/Provider § Primary seven use cases – Neutron Client (CLI + Dashboard): IBM and Cisco – Neutron APIs: Comcast and IBM – Database: Comcast – Neutron DHCP Agent: Nephos6 Scope 6
  • 7. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 IPv6 Address Auto-Configuration 7 SLAAC* DHCPv6* IPv6 Address (non-link-local) By exchanging Router Solicitation and Router Advertisement messages with neighboring routers. From DHCPv6 server Additional Information None From DHCPv6 server Default Gateway The only way to announce default route is using Router Advertisement! Pros Plug and play IPv4-like approach, but better More control Cons Doesn’t provide Hostname, DNS server, WINS, etc. Operational overhead (extra DHCP server, HA, etc.) * Based on ICMPv6
  • 8. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 8 neutron  router tenant  network   (inside) VM external  network  side   (outside) Router Advertisement Address Assignment: SLAAC neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateful dhcpv6  server  (stateful) neutron  router VM Router Advertisement Address Assignment: DHCPv6 Stateless dhcpv6  server  (stateless) Provided  by   OpenStack 1 2 3
  • 9. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Public Tenant Network 9 tenant  network   (inside) external  network  side   (outside) neutron  router dhcpv6  server  (stateful) Provided  by   OpenStack Provided  by   customer Provided  by   customer VM VMneutron  router dhcpv6  server  (stateless) 4 5 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement
  • 10. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Use Cases - Provider Tenant Network 10 tenant  network   (inside) physical  router Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  router external  network  side   (outside) 6 7 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
  • 11. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 11 tenant  network   (inside) No  external  network  side   (outside) physical  switch Provided  by   customer Provided  by   OpenStack Provided  by   Openstack VM VMphysical  switch Use Cases - Private Tenant Network 8 9 Router Advertisement Address Assignment: DHCPv6 Stateful Address Assignment: DHCPv6 StatelessRouter Advertisement dhcpv6  server  (stateful) dhcpv6  server  (stateless)
  • 12. Who Sends RA? Who Assign Address? Network Type OpenStack ipv6_ra_mode OpenStack ipv6_address_mode Description external router (A=1, M=0, O=0) external router off off VM obtains IPv6 address from external router using SLAAC external router (A=0, M=1, O=1) external DHCPv6 server off off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Private / Provider off dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful external router (A=1, M=0, O=1) external DHCPv6 server off off VM obtains IPv6 address from external router by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Private / Provider off dhcpv6-stateless VM obtains IPv6 address from external router by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless OpenStack dnsmasq (A=1, M=0, O=0) OpenStack dnsmasq Public slaac slaac VM obtains IPv6 address from OpenStack using SLAAC OpenStack dnsmasq (A=0, M=1, O=1) external DHCPv6 server Public dhcpv6-stateful off VM obtains IPv6 address and optional info from external DHCPv6 server using DHCPv6 Stateful OpenStack dnsmasq Public dhcpv6-stateful dhcpv6-stateful VM obtains IPv6 address and optional info from OpenStack dnsmasq using DHCPv6 Stateful OpenStack dnsmasq (A=1, M=0, O=1) external DHCPv6 server Public dhcpv6-stateless off VM obtains IPv6 address from OpenStack by SLAAC and optional info from external DHCPv6 server using DHCPv6 Stateless OpenStack dnsmasq Public dhcpv6-stateless dhcpv6-stateless VM obtains IPv6 address from OpenStack by SLAAC and optional info from OpenStack dnsmasq using DHCPv6 Stateless This  table  is  created  and  submitted  to  Neutron  IPv6  subteam  by  Shixiong  Shang  from  Nephos6.
  • 13. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Separate the control of Router Advertisement from Address Assignment using two new attributes: Design Proposal 13 Attribute Description Possible Values ipv6_ra_mode Determine who sends RA and which AMO bits are set. dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank) ipv6_address_mode Determine how VM obtains IPv6 address, default gateway, and/or optional information dhcpv6-stateful dhcpv6-stateless slaac attr_not_specified (i.e. blank)
  • 14. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Implementation 14 neutron  client   (via  cli  or  horizon) Neutron  API Plugin RabbitMQ DHCP  Agent Controller   Node Driver  (dnsmasq) Network   Node New  User   Interface Translate   customer   inputs  to  key/ value  pairs  in   API  call Validate  two   attributes   combination Attach  two   attributes   values  to   IPv6  subnet Event  /  Task Launch  dnsmasq  for  IPv6   subnets  based  on  two   attributes DB
  • 15. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 15 Neutron Subnet Creation neutron subnet-create --ip-version 6 --name subnet-name network-name ipv6_prefix --enable-dhcp true --ipv6_ra_mode slaac --ipv6_address_mode slaac Neutron  Client Neutron  API MySQL  DB
  • 16. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Public Network 16 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c qr-­‐  interface   192.168.1.1 qr-­‐  interface   2001:db8:1:1::1 qrouter  namespace VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 4.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 3.  OpenStack  needs  to  know   VM’s  self-­‐calculated  IPv6   address  in  SLAAC  case 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  RA   and/or  DHCPv6 IPv4  DHCP security  policy Switching 2.  Launch  a  dnsmasq  instance  for   IPv6  subnet,  bind  it  to  the  qr-­‐  gw   interface  and  send  RA  from  there.   May  use  dnsmasq  as  DHCPv6  server.
  • 17. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 Challenges: Private/Provider Network 17 Network   Node qdhcp  namespace ns-­‐  interface   192.168.1.2   2001:db8:1:1::a:b:c VM Compute   Node vnic   192.168.1.3   2001:db8:1:1::x:y:z 2.  Launch  a  separate  dnsmasq   instance  for  IPv6  subnet  and  bind  it   to  the  ns-­‐  interface.  Use  it  as   DHCPv6  server  without  sending  RA 3.  Need  ip6tables   filter  rules  to   enable  ICMPv6  at   inbound  direction 1.  Keep  dnsmasq  behavior   intact  for  IPv4  subnet IPv6  DHCPv6IPv4  DHCP security  policy Switching
  • 18. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 18 eth0 Network Node Compute Node Tenant Data Networks Tenant External Network Router mysql db rabbitmq horizon keystone glance swift cinder nova-api nova-scheduler nova-consoleauth nova-novncproxy nova-cert nova-conductor neutron-server Controller Node eth0 eth1 eth2 eth0 eth2 Management and API Networks neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent openvswitch neutron-openvswitch- agent dnsmasq nova-compute openvswitch-agent openvswitch
  • 19. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 19 Network Node Compute Node net1_priv1 sub1_priv1_ipv4: 192.168.1.0/24 sub1_priv1_ipv6: 2001:db8:1:1::/64 VM OVSwitchOVSwitchOVSwitch Neutron Router Physical Router 192.168.1.1 2001:db8:1:1::1 192.168.1.d 2001:db8:1:1:x:y:z:e
  • 20. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 20
  • 21. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 21
  • 22. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 22
  • 23. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 OpenStack Icehouse On IPv6 Demo 23
  • 24. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6 § Robustness § ML2…friend or foe? § IPv6 External network § Prefix Delegation § …and more! Next Step 24 “Any  product  that  is  not  IPv6  based  is  legacy  from  day  one.”  -­‐  Nephos6
  • 25. OpenStack Icehouse on IPv6. Copyright ©2014 Nephos6