deploying ipv6 in openstack environments
play

Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE - PowerPoint PPT Presentation

Nov 30, 2022 •353 likes •872 views

Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer Cloud Platform & Services Group @eyepv6 Agenda General OpenStack + IPv6 Stuff Tenant IPv6 Address Assignment: SLAAC, Stateless

  1. Deploying IPv6 in OpenStack Environments Shannon McFarland - CCIE #5245 Distinguished Engineer Cloud Platform & Services Group @eyepv6

  2. Agenda • General OpenStack + IPv6 Stuff • Tenant IPv6 • Address Assignment: SLAAC, Stateless DHCPv6, Stateful DHCPv6 • Provider Networks • IPv6 Only • IPv6 Prefix Delegation • IPv6 with Heat • IPv6 with L3 High-Availability • Next Time • Conclusion

  3. Reference Material • https://github.com/shmcfarl/my-heat-templates • https://github.com/shmcfarl/my-heat-templates/blob/master/new-v6-only- lbaasv2.yaml • Some posts with more details: http://www.debug-all.com/ • Tenant IPv6 Deployment: http://www.debug-all.com/?m=201505 • Tenant IPv6 Deployment using Heat: http://www.debug- all.com/?m=201506

  4. General OpenStack + IPv6 Stuff

  5. It’s The End Of The World As We Know It • IANA and RIRs are out or almost out of IPv4 addresses: • https://www.arin.net/knowledge/ipv6_info_center.html • https://www.ripe.net/publications/ipv6-info-centre • https://www.apnic.net/community/ipv6-program • http://afrinic.net/services/ipv6-programme • http://portalipv6.lacnic.net/en/ • It’s easy to get IPv6 addressing and the general deployment of IPv6 on your infrastructure is much easier to do than it used to be - no excuses not to do it

  6. The Hard Stuff – IPv6 + Cloud Inside of a Cloud stack you have a lot of moving parts and they all ride on IP: • API endpoints • Provisioning, Orchestration and Management services • Boatload of protocols and databases and high-availability components • Virtual networking services <> Physical networking • It has been a bumpy road to getting a solid IPv6 implementation in OpenStack • Most of the core IPv6 requirements are met except for IPv6 PD HA and IPv6-only Metadata (config-drive seems to • be good enough) Tenant IPv6 Address Assignment via: • SLAAC, Stateful DHCPv6, Stateless DHCPv6 • ipv6_ra_mode attribute - Control of router advertisements for a subnet • ipv6_address_mode attribute - Control of how addressing is handled by OpenStack • Two common approaches for IPv6 support: • Dual-Stack everything (Service Tier + Tenant Access Tier [Tenant management interface along with VM network access]) • Conditional Dual stack (Tenant Access Tier only – API endpoints & DBs are still IPv4) •

  7. Cloud Stack – IP Version Options Dual-Stack Everything Conditional Dual-Stack Service Tier/Control Service Tier/Control Tenant 2 Tenant Tenant 1 Plane Plane Access Tier Access Tier Access Tier VM Operating VM Operating VM Operating API endpoints IPv4 API endpoints IPv4/IPv6 IPv6 IPv4/IPv6 IPv4/IPv6 System System System IPv4 IPv4/IPv6 Database(s) Database(s) Virtual Virtual Virtual IPv6 IPv4/IPv6 IPv4/IPv6 Networking Networking Networking Automation IPv4 Automation IPv4/IPv6 (L2/L3) (L2/L3) (L2/L3) Virtual Virtual Virtual Interface Interface IPv6 IPv4/IPv6 Network Network Network IPv4/IPv6 IPv4/IPv6 IPv4/IPv6 (GUI, CLI) (GUI, CLI) Services Services Services (SLB/FW) (SLB/FW) (SLB/FW) Tenant Tenant Tenant IPv6 IPv4/IPv6 IPv4/IPv6 Interface Interface Interface (GUI, CLI) (GUI, CLI) (GUI, CLI)

  8. Tenant IPv6 Deployment

  9. Address Assignment: Neutron L3-Router - SLAAC, DHCPv6 Stateless, DHCPv6 Stateful

  10. Tenant IPv6 Address Options Don’t do this Tenant 1 = 2001:DB8:1::/48 Tenant 1 = 2001:DB8:1::/48 2001:420::/32 Tenant 2 = 2001:DB8:2::/48 Tenant 2 = 2001:DB8:2::/48 XLATE/Proxy :BAD:BEEF::/64 :DEAD:BEEF::/64 :1000::/64 :2000::/64 ULA Block/48 ULA Block/48 ::A ::A ::A ::A ::A ::A FDDE:50EE:79DA:1::/64 FD9C:58ED:7D73:1::/64 Web Web Web Web Web Web :DEAD:FACE::/64 :BAD:FACE::/64 Server Server Server Server Server Server :1001::/64 :2001::/64 ::1 ::1 ::1 ::1 ::1 ::1 ::2 ::2 ::2 ::2 ::2 ::2 App App App App App App Server Server Server Server Server Server Tenant 1 Tenant 2 Tenant 1 Tenant 2 Tenant 1 Tenant 2 Option 1 Option 2 Option 3 Cloud Provider-assigned Tenant Brings Addressing Prefix Translation Addressing

  11. Neutron Addressing Schemes Reference ipv6_ra_mode ipv6_address_mode Result Address Value SLAAC N/S Address using Neutron router Configuration N/S SLAAC Address using external router Flags Auto 1 SLAAC SLAAC Address using Neutron router Managed 0 ipv6_ra_mode ipv6_address_mode Result Other 0 DHCPv6- N/S Address using Neutron router and optional stateless information using external service Address Value N/S DHCPv6-stateless Address using external router and optional Configuration information using Neutron DHCP Flags implementation Auto 1 DHCPv6- DHCPv6-stateless Address and optional information using Managed 0 stateless Neutron router and DHCP implementation Other 1 respectively ipv6_ra_mode ipv6_address_mode Result Address Value DHCPv6-stateful N/S Address and optional information using Configuration external service Flags N/S DHCPv6-stateful Address and optional information using Auto 0 Neutron DHCP implementation Managed 1 DHCPv6-stateful DHCPv6-stateful Address and optional information using Other 1 Neutron DHCP implementation http://docs.openstack.org/mitaka/networking-guide/config-ipv6.html

  12. Tenant IPv6 - Neutron L3 Example

  13. Create the Public Network/Subnet neutron net-create public --router:external neutron subnet-create --name public-subnet --allocation-pool start=172.16.12.5, end=172.16.12.254 public 172.16.12.0/24 neutron subnet-create --ip-version=6 --name=public-v6-subnet --allocation-pool start=2001:db8:cafe:d::5, end=2001:db8:cafe:d:ffff:ffff:ffff:fffe --disable-dhcp public 2001:db8:cafe:d::/64 DC rtr IPv4: 172.16.12.0/24 IPv6: 2001:db8:cafe:d::/64 .5 ::5 Router

  14. 2001:db8:cafe:a::e SLAAC Mode DNS neutron net-create private DC neutron subnet-create --ip-version=6 --name=private_v6_subnet --ipv6-address-mode=slaac --ipv6-ra-mode=slaac private 2001:db8:cafe::/64 +-------------------+-----------------------------------------------------------------------------+ | Field | Value | IPv6: 2001:db8:cafe:d::/64 IPv4: 172.16.12.0/24 +-------------------+-----------------------------------------------------------------------------+ .5 ::5 | allocation_pools | {"start": "2001:db8:cafe::2", "end": "2001:db8:cafe:0:ffff:ffff:ffff:fffe"} | | cidr | 2001:db8:cafe::/64 | Router | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 2001:db8:cafe::1 | .1 ::1 | host_routes | | | id | 42cc3dbc-938b-4ad6-b12e-59aef7618477 | | ip_version | 6 | IPv4: 10.0.0.0/24 IPv6: 2001:db8:cafe:0::/64 | ipv6_address_mode | slaac | | ipv6_ra_mode | slaac | | name | private_v6_subnet | Instance | network_id | 7166ce15-c581-4195-9479-ad2283193d06 | | subnetpool_id | | IPv4: 10.0.0.9 | tenant_id | f057804eb39b4618b40e06196e16265b | IPv6: 2001:db8:cafe:0:f816:3eff:fe79:5acc +-------------------+-----------------------------------------------------------------------------+

  15. 2001:db8:cafe:a::e Router Example DNS neutron router-create private-router DC neutron router-gateway-set private-router public neutron router-interface-add private-router private-v4-subnet IPv6: 2001:db8:cafe:d::/64 IPv4: 172.16.12.0/24 .5 ::5 neutron router-interface-add private-router private-v6-subnet Router .1 ::1 IPv4: 10.0.0.0/24 IPv6: 2001:db8:cafe:0::/64 Instance IPv4: 10.0.0.9 IPv6: 2001:db8:cafe:0:f816:3eff:fe79:5acc

  16. SLAAC Mode Info • OpenStack will not inject the IPv6 DNS entry from the subnet dns_nameservers entry • Options • Manually setting the IPv6 DNS server entry in the resolv.conf file allows for correct IPv6-based name resolution • Bake DNS settings into your image • Cloud-init to inject the DNS configuration • You do get A and AAAA records back over IPv4 transport • Basically, it works as it should

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture

Best Practices for Deploying OpenStack Trove: An Inside look at Database as a Service Architecture OpenStack Summit at Barcelona, October 2016 Who are we? Sriram Kalyanasundaram, Director Implementations Tesora Inc. OpenStack Summit

812 views • 23 slides
CIRAs experience in deploying IPv6 Canadian Internet

CIRAs experience in deploying IPv6 Canadian Internet

CIRAs experience in deploying IPv6 Canadian Internet Registra9on Authority (CIRA) Jacques Latour Director, Informa9on Technology Singapore, June 20, 2011

356 views • 19 slides
Deploying OpenStack What options do we have? Agenda Introduction Deployment projects

Deploying OpenStack What options do we have? Agenda Introduction Deployment projects

01.05.2019 Deploying OpenStack What options do we have? Agenda Introduction Deployment projects LCM projects Commercial offerings Summary Preconditions Use case Lifecycle management POC, private cloud, public

380 views • 19 slides
Deploying IPv6 in Fixed and Mobile Broadband Access Networks

Deploying IPv6 in Fixed and Mobile Broadband Access Networks

Deploying IPv6 in Fixed and Mobile Broadband Access Networks Toms Lynch Ericsson Jordi Palet Mar8nez Consulintel Ariel Weher LACNOG

1.38k views • 127 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
Guaranteeing Performance in High- Density OpenStack Environments Endre Sara VP of Dev

Guaranteeing Performance in High- Density OpenStack Environments Endre Sara VP of Dev

Guaranteeing Performance in High- Density OpenStack Environments Endre Sara VP of Dev @VMTurbo 1 OpenStack Workload Management Challenges Limited workload scheduler Lack of real-time control VM placement decisions are static and

203 views • 9 slides
Lessons Learned in Deploying OpenStack for HPC Users Graham T. Allan Edward Munsell Evan F.

Lessons Learned in Deploying OpenStack for HPC Users Graham T. Allan Edward Munsell Evan F.

Lessons Learned in Deploying OpenStack for HPC Users Graham T. Allan Edward Munsell Evan F. Bollig Minnesota Supercomputing Institute Stratus: A Private Cloud for HPC Users Project Goals Fill gaps in HPC service offerings HPC-like

580 views • 35 slides
Lessons learned from deploying SUSE OpenStack Cloud and Enterprise Storage in the Public Cloud

Lessons learned from deploying SUSE OpenStack Cloud and Enterprise Storage in the Public Cloud

Lessons learned from deploying SUSE OpenStack Cloud and Enterprise Storage in the Public Cloud TUT1224 Thursday, April 04, 03:15 PM - 04:15 PM | Belmont 1 Friday, April 05, 10:15 AM - 11:15 AM | Belmont 2 Mike Friesenegger Solution Architect

683 views • 35 slides
Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid

Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid

Hyper-scaling on Openstack with Open Source tooling A use case in deploying hyper-scale grid computing on Open Telekom Cloud Why Open Source? Open Open Design Open Choice Standards Community Lead Contributor Model No-Lock in Cloud Design

416 views • 14 slides
Telekom Malaysia Global IPv6 Summit , Taiwan 13 th December 2016 Azura Mat Salim Network

Telekom Malaysia Global IPv6 Summit , Taiwan 13 th December 2016 Azura Mat Salim Network

IPv6 Deployment in Telekom Malaysia Global IPv6 Summit , Taiwan 13 th December 2016 Azura Mat Salim Network Architecture &amp; Technology Planning Telekom Malaysia Agenda o About TM o The Journey o The Importance of Deploying IPv6 o General

461 views • 13 slides
Self-service virtual environments at Deutsche Telekom based on OpenStack Alexander Stellwag

Self-service virtual environments at Deutsche Telekom based on OpenStack Alexander Stellwag

Self-service virtual environments at Deutsche Telekom based on OpenStack Alexander Stellwag Deutsche Telekom AG Products &amp; Innovation Agenda Introduction Short History Of Wolke-7 Planning and Setup Virtual Private

481 views • 16 slides
IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can

What is OpenStack ? Hello! I am Thierry Carrez I work for the OpenStack Foundation. You can find me at @tcarrez on Twitter And ttx on IRC No, really What is OpenStack ? An open source project A common goal A coalition of

672 views • 33 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter:

Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter:

Deploying a baremetal cloud is hard Julia Kreger Open Source Developer Advocate IBM Twitter: @ashinclouds OpenStack Summit Sydney Email: juliaashleykreger@gmail.com November 6th, 2017 A little about me! Ironic contributor since early 2015.

733 views • 47 slides
Web Content Cartography Bernhard Ager uhlbauer Wolfgang M Georgios Smaragdakis Steve

Web Content Cartography Bernhard Ager uhlbauer Wolfgang M Georgios Smaragdakis Steve

Web Content Cartography Bernhard Ager uhlbauer Wolfgang M Georgios Smaragdakis Steve Uhlig Technische Universtit at Berlin / T-Labs ETH Z urich Internet Measurement Conference 2011 Ager, M uhlbauer, Smaragdakis,

302 views • 28 slides
LHCONE status and future Alice workshop Tsukuba, 7 th March 2014 Edoardo.Martelli@cern.ch CERN

LHCONE status and future Alice workshop Tsukuba, 7 th March 2014 Edoardo.Martelli@cern.ch CERN

LHCONE status and future Alice workshop Tsukuba, 7 th March 2014 Edoardo.Martelli@cern.ch CERN IT Department CH-1211 Genve 23 Switzerland www.cern.ch/i t 1 Summary - Networking for WLCG - LHCOPN - LHCONE - services - how to join -

703 views • 52 slides
2016 Americas Forum ABA Section of International Law Mandarin Oriental Miami March 1, 2016

2016 Americas Forum ABA Section of International Law Mandarin Oriental Miami March 1, 2016

2016 Americas Forum ABA Section of International Law Mandarin Oriental Miami March 1, 2016 www.gray-robinson.com CAFTA v. NAFTA or the TPP? Which is the better deal? Peter Quinter, Attorney Customs &amp; International Trade Law Group

166 views • 16 slides
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of

Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of

Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties Every request gets an answer System Buffers should never

656 views • 64 slides
Australis Oil &amp; Gas Limited September 2017 Investor Presentation Large strategic acreage

Australis Oil &amp; Gas Limited September 2017 Investor Presentation Large strategic acreage

Australis Oil &amp; Gas Limited September 2017 Investor Presentation Large strategic acreage position in one of the few emerging oil shale basins in the USA Investor Presentation Important Notice and Disclaimer This presentation has been

665 views • 32 slides
The University of Chicago Library Digital Repository (LDR) Charles Blair 2015-01-27:14-00-00

The University of Chicago Library Digital Repository (LDR) Charles Blair 2015-01-27:14-00-00

The University of Chicago Library Digital Repository (LDR) Charles Blair 2015-01-27:14-00-00 Contents 1 Past 2 1.1 Foundational Documents . . . . . . . . . . . . . . . . . . . . . 2 1.1.1 Preserving Digital Information: Report of the

242 views • 11 slides
Foreign Assets Control Facilitation: g Preparing for Heightened Enforcement Identifying and

Foreign Assets Control Facilitation: g Preparing for Heightened Enforcement Identifying and

Presenting a live 90 minute webinar with interactive Q&amp;A Foreign Assets Control Facilitation: g Preparing for Heightened Enforcement Identifying and Mitigating Risks for U.S. Persons and Companies Absent Clear Guidance THURS DAY, APRIL 7,

683 views • 46 slides
Course Objectives Why and How to Manage University Budgets I. Why Manage and Some Budget Basics

Course Objectives Why and How to Manage University Budgets I. Why Manage and Some Budget Basics

6/13/201 WA S H I N G T O N S T AT E 6 U N I V E R S I T Y Managing and Reconciling Your Unit/Department Budget Management Track Washington State University Presented by Kris Boreen, Finance/Budget Manager Department of Physics and

530 views • 22 slides

More recommend