gkiran6565

Deploying IPV6 With OpenStack Provider Networks - Cisco UCS

Blog Post created by gkiran6565 on Jan 25, 2017

In this post I will show the deployment of IPv6 using Provider Networks. There is no specific OpenStack release that I am dictating for this setup. I have used this config on Kilo-to-Newton.

OpenStack Provider Networks with VLANs  allows for the use of VLAN trunks from the upstream Data Center access layer/leaf/ToR switches to the Neutron networks within the OpenStack cloud.  In the use case that I am discussing here, I want to use my Data Center aggregation layer switches as my first-hop layer 3 boundary. I have no use for NAT and I have no use for Neutron L3 agents (specific to running a tenant router).

The following diagram shows the topology that I am using. In this example I have a single All-in-One (AIO) OpenStack node. That node is running on a Cisco UCS C-series with a Cisco VIC which has a VPC configuration to the access layer ToR switches. There are VLAN trunks configured between the ToRs and the Data Center aggregation layer switches (only one shown for simplicity). VLAN 22 (2001:db8:cafe:16::/64) is the VLAN that is used in my examples.  The text box in the diagram shows the NIC layout (ethX<>bonds):

ipv6-provider

If you want to know more about how Managed (M) and Other (O) flags are used with various IPv6 assignment methods, consult RFC5175.

We are going to jump right into configuration:

Assuming you have a running OpenStack deployment and have followed the guidelines for setting up Neutron to support Provider Networks with VLANs (OVS example, Linux Bridge example), all you have to do is create the provider network and subnet using the IPv6 address assignment method you want (SLAAC, Stateless DHCPv6, Stateful DHCPv6).

Create the Neutron Provider Network with VLAN

In the example below, I am indicating that the router is external (aggregation layer switches), the provider network is of the type VLAN and the VLAN (segmentation_id) associated with this network is VLAN 22:

neutron net-create --router:external --provider:physical_network provider --provider:network_type vlan --provider:segmentation_id=22 --shared external-net 

Create the Neutron Subnet using SLAAC

In the example below, I am using SLAAC as the IPv6 address assignment method.  Note: It is very important to indicate the “–allocation-pool” range with provider networks with VLANs because if you don’t then the beginning IPv6 address range will likely cause a DAD (Duplicate Address Detection) failure with IPv6 address already assigned on your upstream VLAN interfaces on the aggregation layer switches.  In this example I am starting the allocation pool range at 5 so that I do not conflict with addresses on my switches (i.e. 1 – 4)

neutron subnet-create external-net --ip-version=6 --ipv6-address-mode=slaac --ipv6-ra-mode=slaac --name=external-subnet-v6 --allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64 

Create the Neutron Subnet using Stateless DHCPv6

In the example below, I am using Stateless DHCPv6 as the IPv6 address assignment method.  With Stateless and Stateful DHCPv6 you have the option to add the “–dns-nameserver” flag (since the O-bit [Other configuration] can be set). In this example I am setting 2001:db8:cafe:a::e as the DNS entry which points to my DNS server referenced in the previous diagram.  Again, it is important to setup the “–allocation-pool” range:

neutron subnet-create external-net --ip-version=6 --ipv6-address-mode=dhcpv6-stateless --ipv6-ra-mode=dhcpv6-stateless --name=external-subnet-v6 --allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64 --dns-nameserver 2001:db8:cafe:a::e 

Create the Neutron Subnet using Stateful DHCPv6

In the example below, I am using Stateful DHCPv6 as the IPv6 address assignment method.  As was the case with Stateless DHCPv6, Stateful DHCPv6 allows  for the option to add the “–dns-nameserver” flag (since the O-bit can be set):

neutron subnet-create external-net --ip-version=6 --ipv6-address-mode=dhcpv6-stateful --ipv6-ra-mode=dhcpv6-stateful --name=external-subnet-v6 --allocation-pool start=2001:db8:cafe:16::5,end=2001:db8:cafe:16:ffff:ffff:ffff:fffe 2001:db8:cafe:16::/64 --dns-nameserver 2001:db8:cafe:a::e 

Example Configuration for the upstream Data Center aggregation layer switch (VLAN interfaces shown):

SLAAC:

This example shows VLAN22 with an IPv6 address of 2001:db8:cafe:16::1/64. HSRPv2 is used as the First-Hop Redundancy Protocol.

interface Vlan22 description Provider Network trunked for C7-os-1 ip address 172.16.22.2 255.255.255.0 ipv6 address 2001:DB8:CAFE:16::1/64 standby version 2 standby 2 ipv6 autoconfig standby 2 timers msec 250 msec 750 standby 2 priority 110 standby 2 preempt standby 2 authentication OPEN 

Stateless DHCPv6:

This example is the same as the previous one with the exception of the “ipv6 nd other-config-flag” being set. This flat sets the O-bit which allows for the DNS option (or other options) to be sent to the VM in the Router Advertisement (RA).

interface Vlan22 description Provider Network trunked for C7-os-1 ip address 172.16.22.2 255.255.255.0 ipv6 address 2001:DB8:CAFE:16::1/64 ipv6 nd other-config-flag standby version 2 standby 2 ipv6 autoconfig standby 2 timers msec 250 msec 750 standby 2 priority 110 standby 2 preempt standby 2 authentication OPEN 

Stateful DHCPv6:

This example is also the same as the first one with the exception of the “ipv6 nd managed-config-flag” being set. This sets the M (Managed) and O (other) bits. The M-bit indicates that the addressing comes from DHCPv6 (Not SLAAC) and that the host wants options (DNS):

interface Vlan22 description Provider Network trunked for C7-os-1 ip address 172.16.22.2 255.255.255.0 ipv6 address 2001:DB8:CAFE:16::1/64  ipv6 nd managed-config-flag standby version 2 standby 2 ipv6 autoconfig standby 2 timers msec 250 msec 750 standby 2 priority 110 standby 2 preempt standby 2 authentication OPEN 

Source: Degug All | Have fun.!

Outcomes