Provider Networking - upstream SLAAC Support¶
It should be possible to create a Provider Network in Neutron, that uses an upstream switch or router that advertises RA’s - so that instances can use SLAAC to configure their IPv6 networking, while still utilizing the Neutron APIs for security group rules.
https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac
Problem description¶
A deployer of OpenStack that wishes to use IPv6 and already has configured IPv6 on northbound networking devices, may wish to advertise IPv6 routes by having non-OpenStack hardware transmit ICMPv6 Router Advertisement packets.
Proposed change¶
OpenStack Neutron should support this configuration, and display the correct IP address for instances, since Neutron has enough information to generate the EUI-64 address.
Alternatives¶
None
Data model impact¶
None
REST API impact¶
The Neutron REST API for IPv6 Subnets allows the following combinations, as well as disallowing certain combinations. In short, when both ipv6_ra_mode and ipv6_address_mode are set, they must be equal. When only one attribute is set, the setting is automatically valid.
ipv6_ra_mode |
ipv6_address_mode |
valid |
RA Settings |
|---|---|---|---|
ATTR_NOT_SPECIFIED |
ATTR_NOT_SPECIFIED |
yes |
ANY |
ATTR_NOT_SPECIFIED |
slaac |
yes |
“A=1,M=0,O=0” |
ATTR_NOT_SPECIFIED |
dhcpv6-stateful |
yes |
“A=0,M=1,O=1” |
ATTR_NOT_SPECIFIED |
dhcpv6-stateless |
yes |
“A=1,M=0,O=1” |
slaac |
ATTR_NOT_SPECIFIED |
yes |
“A=1,M=0,O=0” |
dhcpv6-stateful |
ATTR_NOT_SPECIFIED |
yes |
“A=0,M=1,O=1” |
dhcpv6-stateless |
ATTR_NOT_SPECIFIED |
yes |
“A=1,M=0,O=1” |
slaac |
slaac |
yes |
“A=1,M=0,O=0” |
dhcpv6-stateful |
dhcpv6-stateful |
yes |
“A=0,M=1,O=1” |
dhcpv6-stateless |
dhcpv6-stateless |
yes |
“A=1,M=0,O=1” |
slaac |
dhcpv6-stateful |
no |
UNDEF |
slaac |
dhcpv6-stateless |
no |
UNDEF |
dhcpv6-stateful |
slaac |
no |
UNDEF |
dhcpv6-stateful |
dhcpv6-stateless |
no |
UNDEF |
dhcpv6-stateless |
slaac |
no |
UNDEF |
dhcpv6-stateless |
dhcpv6-stateful |
no |
UNDEF |
This blueprint will implement the functionality required to satisfy IPv6 Subnets that are set with ipv6_address_mode set to ‘slaac’, and ipv6_ra_mode not set.
Security impact¶
None
Notifications impact¶
None
Other end user impact¶
This change will require support in python-neutronclient for the two IPv6 subnet attributes - which is currently in review
Performance Impact¶
None
Other deployer impact¶
This change will change the behavior of Neutron in specific configurations, when the IPv6 attributes for Subnets are set. Previously, the attributes were no-ops.
Developer impact¶
None
Implementation¶
Subnets will be created with the ipv6_address_mode set to slaac and ipv6_ra_mode not set.
Neutron will calculate the IP address of a port, using the MAC address and the CIDR.
Assignee(s)¶
- Primary assignee:
scollins
Work Items¶
Dependencies¶
The IPv6 Subnet Attributes must be returned in API calls.
Testing¶
Add unit tests to support Subnets created with only the ipv6_address_mode set.
Verify that ports with allocations from a subnet with ipv6_address_mode set are not touched by the DHCP agent.
Documentation Impact¶
Documentation about this network configuration will need to be written.
