SlideShare ist ein Scribd-Unternehmen logo

OpenStack Neutron IPv6 Lessons

‱
‱
Akihiro Motoki
Akihiro Motoki

Presentation at OpenStack Summit Boston. This talk covers various lessons on IPv6 Neutron deployments like address allocation, address configuration, router consideration and so on.

Internet
1 von 37
Downloaden Sie, um offline zu lesen
Lessons in IPv6 deployment in OpenStack environments May 8, 2017 Akihiro Motoki OSS Promotion Center, NEC
2 © NEC Corporation 2017 Why IPv6? IPv4 Address has run out! Smart City and IoT needs lots of addresses All the Industry and Telecom has to prepare IPv6 Era
3 © NEC Corporation 2017 Agenda ▌Many consideration points on IPv6 deployments with OpenStack ▌[0] Understanding IPv6 words ▌[1] IPv6 address allocation ïŹHow to manage IPv6 address pools ïŹGlobal unique addresses for tenants ▌[2] IPv6 address configuration ïŹHow to distribute IPv6 address to clients ▌[3] Routing considerations ïŹHow to reach tenants’ network? ïŹHow to prevent unauthorized global addresses? ▌[4] VNF choices ïŹNeutron router? ïŹ3-rd party VNF router? Firewall? ▌This presentation is based on OpenStack Mitaka release
IPv6 address allocation How to manage IPv6 address pools?
5 © NEC Corporation 2017 IPv6 address allocation ▌What we need? ▌GUA (Global unique address) are assigned to tenants ▌GUA should be assigned to a specified address range ▌Tenants still need to use their own addresses ïŹUnless they are not connected to external ïŹULA (Unique local address) Neutron Subnet Pool Legacy way to specify CIDR (or tenant subnet pool)
6 © NEC Corporation 2017 Neutron “subnet pool” ▌“Subnet pool” defines CIDR pool and allocates CIDR for a subnet from the pool ▌What we can? ïŹNo need to care which CIDR is used or not. Subnet pool manages assigned CIDR. ïŹOpenStack operators pre-defines a desired IP address range ïŹIt allows us to assign non-overlapping address ranges across tenants Subnet Pool Pool Prefixes 203.0.113.0/24 Prefix Length default: 26 Max: 25, Min: 28 Subnet 1 203.0.113.0/26 Subnet 2 203.0.113.128/25 Subnet 3 203.0.113.64/27 neutron subnetpool-create --pool-prefix 203.0.113.0/24 --default-prefixlen 26 --shared --is-default demo-subnetpool neutron subnet-create --subnetpool demo-subnetpool --ip-version 4 demo-net neutron subnet-create --use-default-subnetpool --ip-version 4 demo-net neutron subnetpool-update --pool-prefix 203.0.113.0/24 --pool-prefix 198.51.100.0/24 demo-subnetpool
7 © NEC Corporation 2017 IPv6 address allocation – admin ▌We use “subnet pool” to manage IPv6 address ranges ▌Create a subnet pool for GUA ïŹopenstack subnet pool create --pool-prefix 2001:DB8:1234::/48 --default-prefix-length 64 --min-prefix-length 64 --max-prefix-length 64 subnet-pool-ipv6 ïŹSpecify the global address range as a pool prefix ïŹ/64 is suggested as prefix length as most IPv6 routers assume 64 in RA ▌Mark it as “shared” so that tenants can consume it ïŹopenstack subnet pool set --share subnet-pool-ipv6 ▌(optional) Mark it as a default subnet pool ïŹ openstack subnet pool set --default subnet-pool-ipv6 ïŹTenants do not need to specify the subnet pool name when creating a subnet
8 © NEC Corporation 2017 IPv6 address allocation - tenant ▌Check per-defined subnet pools ïŹopenstack subnet pool list ▌Create a subnet using the subnet pool ïŹopenstack subnet create --use-default-subnet-pool --ip-version 6 --ipv6-ra-mode XXX –ipv6-address-mode XXX --network net1 subnet1 ïŹYou can specify a subnet pool explicitly but using a default pool would be easier ▌Quota on subnet pool ïŹSubnet pool supports quota ïŹIn IPv6 case, it is calculated as the number of /64 subnets. ïŹIf the subnet pool quota is 3, a tenant can allocate 3 /64 subnets. ▌Tenants still can specify their own address range ïŹLimited to local use and no internet connection
IPv6 address configuration
10 © NEC Corporation 2017 IPv6 address configuration modes ▌Three configuration modes: ïŹ SLLAC, DHCPv6 stateless, DHCPv6 stateful ▌SLACC ïŹIPv6 address of a client is configured based on RA (Router advertisement) ïŹGateway is also configured. ïŹOptionally, DNS information(if RFC6106), MTU and so on can be configured. ïŹOnly /64 prefix is used ▌DHCPv6 stateless ïŹIPv6 address is configured based on RA. ïŹOther information is retrieved via DHCPv6. ïŹLooks used most commonly ïŹOnly way to distribute DNS info before RFC6106 ▌DHCPv6 stateful ïŹAll information is configured based on DHCPv6 ïŹThere is information that GW is not configured properly.
11 © NEC Corporation 2017 IPv6 address configuration modes ▌The configuration mode is determined based on RA flag ïŹM (Managed) => 0 (RA/DHCPv6 stateless), 1 (DHCPv6 stateful) ïŹO (Other) => 0 (SLAAC), 1 (use DHCPv6) ▌Need to selection address mode, depending on router implementation used ïŹNeutron exposes all modes, but it is not necessarily all modes are available...
12 © NEC Corporation 2017 Understanding Neutron IPv6 two modes ▌Two attributes related to IPv6 address configuration: ïŹipv6_address_mode ïŹipv6_ra_mode ▌There are constraints between two modes ïŹOpenStack networking guide ïŹhttps://docs.openstack.org/ocata/networking-guide/config-ipv6.html
13 © NEC Corporation 2017 Understanding Neutron IPv6 two modes
14 © NEC Corporation 2017 Understanding Neutron IPv6 two modes A lot of combinations. What does each mode mean?
15 © NEC Corporation 2017 Understanding IPv6 two mode ▌IPv6 address mode ïŹSpecifies how IPv6 address is generated and assigned ïŹIPAM is mainly involved in it. ïŹAlso controls if the reference DHCP implementation serves ïŹâ€œslaac” ‱ Neutron generates a port address based on MAC address (EUI-64) ïŹâ€œdhcpv6-stateless” ‱ Neutron generates a port address based on MAC address (EUI-64) ‱ Neutron provides DHCP options for port ïŹâ€œdhcpv6-stateful” ‱ Any address can be configured. ‱ Perhaps non-/64 prefix can be used ïŹNot Specified (N/S) ‱ (Backward compatibility) ‱ Any static address can be configured.
16 © NEC Corporation 2017 Understanding IPv6 two mode ▌IPv6 RA mode ïŹSpecifies how neutron router sends RA ▌“slaac” ▌“dhcpv6-stateless” ▌“dhcpv6-stateful” ïŹNeutron setup radvd on a router and provides RA ïŹRA flags are set accordingly ▌Not Specified (N/S) ïŹNeutron does nothing. ïŹradvd on a router is not setup
17 © NEC Corporation 2017 Deployment patterns ▌(1a) Tenant Router (OpenStack) ïŹNeutron router; VNF integrated with neutron ▌(1b) Tenant Router (VNF) ïŹVirtual appliance; not integrated with neutron ▌(2) Provider Router VM Upstream Router External network (1a) Tenant Router (OpenStack) (1b) Tenant Router (VNF) VM Neutron network Neutron router Upstream Router External network NW infra VM Neutron network VNF (vRouter, vFW) Upstream Router External network Managed by OpenStack VNF manager NW infra NW infra (2) Provider router Managed by OpenStack Managed by OpenStack
18 © NEC Corporation 2017 IPv6 two modes: tenant neutron router ▌Simplest case! ▌Tenant router is implemented as neutron router ïŹL3 agent (reference implementation) ïŹOther 3rd party L3 plugin (if you use) ▌Neutron provides both RA and DHCPv6 ïŹRef implementation: RA = radvd, DCHPv6 = dnsmasq ▌If 3rd party L3 plugin is provided, the behavior needs to be checked ipv6_address _mode ipv6_ra_ mode Description (L3 agent) SLAAC SLAAC Radvd runs on netns and provides RA DHCPv6 stateless DHCPv6 stateless Radvd on router netns and dnsmasq on dhcp netns DHCPv6 stateful DHCPv6 stateful Same as above VM Neutron network Neutron router Upstream Router External network NW infra Managed by OpenStack
19 © NEC Corporation 2017 IPv6 two modes: tenant VNF router ▌Tenant router is implemented as virtual appliance ▌BUT it is not well integrated with neutron (= no L3 plugin) ▌SLLAC works well ▌DHCPv6-stateless / stateful : neutron DHCP (dnsmasq) serves too ïŹIf VNF provides DHCPv6, two DHCP servers works as a result and they may conflicts... ipv6_address _mode ipv6_ra_ mode Description SLAAC Off (N/S) VNF router sends RA DHCPv6 stateless DHCPv6 stateless VNF router sends RA neutron dnsmasq is configured If VNF provides DHCPv6, the feature potentially conflicts
Off DHCPv6 stateful DHCPv6 stateful VNF router sends RA neutron dnsmasq is configured If VNF provides DHCPv6, the feature potentially conflict
Off VM Neutron network VNF (vRouter, vFW) Upstream Router External network Managed by OpenStack VNF manager NW infra
20 © NEC Corporation 2017 IPv6 two modes: provider router ▌Router on a provider network sends RA. ▌From the perspective of neutron, same as “tenant VNF router” case ▌SLLAC works well ▌DHCPv6 stateless : DHCPv6 by neutron and upstream router may potentially conflict ▌DHCPv6 stateful : neutron DHCPv6 is the only option? ïŹ There is no way to share address information between provider router and neutron VM Upstream Router External network NW infra (2) Provider router Managed by OpenStack ipv6_address _mode ipv6_ra_ mode Description SLAAC Off (N/S) provider router sends RA DHCPv6 stateless DHCPv6 stateless provider router sends RA neutron dnsmasq is configured If provider router provides DHCPv6, the feature potentially conflicts
Off DHCPv6 stateful DHCPv6 stateful provider router sends RA neutron dnsmasq is configured If VNF provides DHCPv6, address from both will conflicts XXXOff
21 © NEC Corporation 2017 In our case.. ▌(SLAAC) ïŹNot many VNF supports DNS option in RA message ▌(DHCPv6-stateless) ïŹNeutron DHCPv6-stateless does not provide DNS.. Needs investigation ïŹSome VNFs support SLAAC only. Cannot configure RA flags. VNF SLAAC DHCPv6-stateless Neutron router OK OK Cisco CSR1000V OK (+DNS) OK (+DNS) NEC Intersec VM/SG OK - Paloalto VM-100 OK -
Routing Considerations [1] How to reach tenants’ network from the Internet?
23 © NEC Corporation 2017 Dynamic routing to tenant IPv6 subnets ▌How to reach tenants’ network? ▌To deliver packets from the Internet to tenants’ networks, the upstream router must know routes to tenants’ networks ▌In IPv6, tenant networks get GUA (global unique address) dynamically ▌Route tables on the upstream router needs to be updated ▌We need some mechanism to update routes automatically Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Self Service Network 3 2001:0DB8:3:/64 Router1 Router2 Router3 Upstream Router Provider Network (router: external) Internet
24 © NEC Corporation 2017 Dynamic routing to tenant IPv6 subnets ▌Dynamic Routing ïŹBGP ïŹOSPF ▌IPv6 Prefix Delegation ▌Static Route (with some automation mechanism) ïŹNeed some mechanism to monitor neutron-side changes
25 © NEC Corporation 2017 Dynamic routing : BGP (neutron integration) ▌Neutron provides BGP dynamic route advertisement ▌Create a BGP peering between BGP agent (dr-agent) and upstream Router ▌BGP agent advertises routes to tenant networks dynamically ▌Only networks whose address scope is same as that of the external network are advertised. Networks on different address scope are not advertised. Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Self Service Network 3 2001:0DB8:3:/64 Router1 Router2 Router3 Upstream Router Provider Network (router: external) Internet Address ScopeL3 agent BGP agent BGP peering AS 4321 AS 1234 http://docs.openstack.org/newton/networking-guide/config-bgp-dynamic-routing.html
26 © NEC Corporation 2017 Dynamic routing : OSPF ▌OSPF can be used for dynamic routing ▌Create router relationships between tenant and upstream routers when a tenant router is created ▌Once a relationship is established, a route to a tenant network is configured to the upstream router ▌Useful for small network where BGP is not preferred ▌Most VNF router supports OSPF ▌No neutron integration Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Router1 (VNF) Router2 (VNF) Upstream Router Provider Network (router: external) Internet Router relationship AS 4321 http://docs.openstack.org/newton/networking-guide/config-bgp-dynamic-routing.html
27 © NEC Corporation 2017 IPv6 Prefix Delegation (PD) ▌Upstream router is a PD (prefix delegation) server and this manages IPv6 address ranges to be assigned to OpenStack tenant networks ▌PD server assigns CIDR (normally /64 prefix) to PD client ▌Neutron router acts as a PD client ▌Upstream router sets up a route to PD client when assigning a prefix ïŹ The upstream router knows an external IP address of Neutron router (PD client) ïŹ LLA (Link local address) can be used as IP address of PD client ▌Neutron integration Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Self Service Network 3 2001:0DB8:3:/64 Router1 Router2 Router3 Upstream Router Provider Network (router: external) Internet PD Server http://docs.openstack.org/newton/networking-guide/config-ipv6.html#prefix-delegation PD Client Assign CIDR
28 © NEC Corporation 2017 Comparison Choices depend on network policy and router types to be used ▌Dynamic routing (BGP) ïŹNeutron integration ïŹDepending on network policy of upstream network ïŹSome operators does not use BGP inside their network ïŹOne AS is required for OpenStack deployment ▌Dynamic routing (OSPF) ïŹNo neutron integration ïŹOSPF is used for smaller deployment ïŹMost VNF router supports OSPF ▌Prefix delegation ïŹNeutron integration ïŹOnly simple topology is supported. ïŹCannot handle nested tenant router ïŹNot a small number of VNF does not support prefix delegation
Routing Considerations [2] How to prevent unauthorized global addresses?
30 © NEC Corporation 2017 How to prevent unauthorized global addresses? ▌Neutron allows tenants to assign arbitrary IP addresses. ▌In IPv6, global unique addresses are assigned to tenants from the predefined ranges. ▌If some tenant assigns overlapping address ranges with other tenant, what happens? ▌There needs a way to block unauthorized global unique address assigned by tenants in their own way.
31 © NEC Corporation 2017 Neutron address scope ▌Address Scope ïŹConcept to define which IP addresses can directly communicate each other ïŹSubnet pool is associated to some address Scope ïŹRouter allows traffic among a same address scope ‱ Router identifies an address scope of each router interface Net1 R Net2 Net3 Networks on a same address scope can communicate Networks in different address scope cannot communicate Subnet pool 1 Address Scope 1 Subnet pool 2 Address Scope 2 or CIDR (If CIDR is specified, “Implicit Address Scope” is used)
32 © NEC Corporation 2017 How to prevent unauthorized global addresses? ▌By using address scope, administrators can only allow traffic from IP address ranges they authorize. ▌Administrator ïŹ Create a address scope ïŹ Create a subnet pool for external communication ïŹ Associate the subnet pool with the above address scope ïŹ Create a subnet of external network from the above subnet pool ▌Tenant user ïŹ Create a subnet from the shared subnet pool (when communicating externally) ïŹ Subnet whose CIDR is specified explicitly cannot communicate with the Internet even if it has the same CIDR. Ext-Net R Net2 Net3 Networks on a same address scope can communicate Networks in different address scope cannot communicate Subnet pool 1 Address Scope 1 Subnet pool 2 Address Scope 2 (or CIDR) External Network
33 © NEC Corporation 2017 How to prevent unauthorized global addresses? ▌Create a address scope ïŹopenstack address scope create --share --ip-version 6 address-scope-ip6 ▌Creaet a subnet pool for external communication ▌Associate the subnet pool with the above address scope ïŹopenstack subnet pool create --address-scope address-scope-ip6 --share --pool-prefix 2001:db8:a583::/48 --default-prefix-length 64 subnet-pool-ip6 ▌Create a subnet of external network from the above subnet pool ïŹopenstack subnet create --subnet-pool subnet-pool-ip6 --ip-version 6 --disable-dhcp --network external-network external-subnet-ip6 ▌Create a subnet from the shared subnet pool ïŹopenstack subnet create --subnet-pool subnet-pool-ip6 --ip-version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac --network my-network my-subnet-ip6
Additional topics
35 © NEC Corporation 2017 Additional topics ▌For SLAAC/DHCPv6 stateless, /64 is actually the only unit assigned to tenant  The required number of /64 prefix will be the number of tenants ▌All IPv6 modes cannot be used necessarily, but neutron exposes all  Some mechanism to expose available IPv6 mode to users ▌Windows supports address randomization for EUI-64 address ïŹIt randomizes the lower 64 bits of addresses ïŹEphemeral address is also supported ïŹIt works .. ïŹbut a generated IPv6 address will be different from Neutron port information ▌Most VNF does not provide Neutron L3 plugin  Need a way to retrieve information from neutron ‱ IPv6 RA flag (Managed, Other) ‱ Address scope Prefix (64) EUI-64 (64) randomize
36 © NEC Corporation 2017 Summary ▌This presentation share our experiences on IPv6 ▌Hope it helps introductions of IPv6 deployment ▌Most things work well. ▌There are several things remaining to be improved ▌Let’s upstream it! ïŹ Feel free to file a bug to neutron! ▌Let’s share our knowledge! ïŹ OpenStack Networking Guide is a good place ïŹLatest release : https://docs.openstack.org/ocata/networking-guide/ ïŹDevelopment version : https://docs.openstack.org/draft/networking-guide/
OpenStack Neutron IPv6 Lessons

Empfohlen

Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
Shannon McFarland
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
Vietnam Open Infrastructure User Group
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!
OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!
OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!
ksk_ha
 
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsNeutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Thomas Morin
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
Romana Project
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, gre
Sim Janghoon
 

Empfohlen

Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack Environments
Shannon McFarland
 
Deploying IPv6 on OpenStack
Deploying IPv6 on OpenStackDeploying IPv6 on OpenStack
Deploying IPv6 on OpenStack
Vietnam Open Infrastructure User Group
 
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/NeutronOverview of Distributed Virtual Router (DVR) in Openstack/Neutron
Overview of Distributed Virtual Router (DVR) in Openstack/Neutron
vivekkonnect
 
OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!
OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!
OpenStackă§ă‚‚é‡èŠăȘćœčć‰Čă‚’æžœăŸă™Pacemakeră‚’çŸ„ă‚ă†!
ksk_ha
 
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deploymentsNeutron-to-Neutron: interconnecting multiple OpenStack deployments
Neutron-to-Neutron: interconnecting multiple OpenStack deployments
Thomas Morin
 
Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack Routed Provider Networks on OpenStack
Routed Provider Networks on OpenStack
Romana Project
 
Openstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNsOpenstack Neutron, interconnections with BGP/MPLS VPNs
Openstack Neutron, interconnections with BGP/MPLS VPNs
Thomas Morin
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, gre
Sim Janghoon
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Thomas Morin
 
OpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–č
OpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–čOpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–č
OpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–č
Toru Makabe
 
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
VirtualTech Japan Inc.
 
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
Aliasgar Ginwala
 
Neutron qos overview
Neutron qos overviewNeutron qos overview
Neutron qos overview
SƂawomir KapƂoƄski
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
Netronome
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Kentaro Ebisawa
 
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°šRed Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°š
Nalee Jang
 
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
Etsuji Nakai
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
Trinath Somanchi
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6
Ahmed AbdelSalam
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
Kazunori Takeuchi
 
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·šHot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
irix_jp
 
였픈슀택 멀티녞드 ì„€ìč˜ í›„êž°
였픈슀택 멀티녞드 ì„€ìč˜ í›„êž°ì˜€í”ˆìŠ€íƒ 멀티녞드 ì„€ìč˜ í›„êž°
였픈슀택 멀티녞드 ì„€ìč˜ í›„êž°
영우 êč€
 
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°šRed Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°š
Nalee Jang
 
OVN operationalization at scale at eBay
OVN operationalization at scale at eBayOVN operationalization at scale at eBay
OVN operationalization at scale at eBay
Aliasgar Ginwala
 
SRv6 study
SRv6 studySRv6 study
SRv6 study
Hiro Mura
 
[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°
[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°
[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°
Ian Choi
 
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°šRed Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°š
Nalee Jang
 
MySQL Fabric with OpenStack Nova
MySQL Fabric with OpenStack NovaMySQL Fabric with OpenStack Nova
MySQL Fabric with OpenStack Nova
Shinya Sugiyama
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
Etsuji Nakai
 

Weitere Àhnliche Inhalte

Was ist angesagt?

NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
VirtualTech Japan Inc.
 
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
Etsuji Nakai
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6
Ahmed AbdelSalam
 
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·šHot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
irix_jp
 

Was ist angesagt? (20)

Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
 
OpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–č
OpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–čOpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–č
OpenStackè¶…ć…„é–€ă‚·ăƒȘăƒŒă‚ș ă„ăŸă•ă‚‰èžă‘ăȘいNeutronăźäœżă„æ–č
 
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
NFVケプăƒȘă‚±ăƒŒă‚·ăƒ§ăƒłă‚’OpenStack侊ど゙拕かすç‚șに - OpenStackæœ€æ–°æƒ…ć ±ă‚»ăƒŸăƒŠăƒŒ 2017ćčŽ7月
 
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
 
Neutron qos overview
Neutron qos overviewNeutron qos overview
Neutron qos overview
 
OVS Hardware Offload with TC Flower
OVS Hardware Offload with TC FlowerOVS Hardware Offload with TC Flower
OVS Hardware Offload with TC Flower
 
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
Zebra SRv6 CLI on Linux Dataplane (ENOG#49)
 
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°šRed Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_5ìŁŒì°š
 
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
ă‚Żăƒ©ă‚Šăƒ‰ă‚ȘăƒŒă‚±ă‚čăƒˆăƒŹăƒŒă‚·ăƒ§ăƒłă€ŒOpenStack Heată€ă«èż«ă‚‹!
 
OVN - Basics and deep dive
OVN - Basics and deep diveOVN - Basics and deep dive
OVN - Basics and deep dive
 
Service Function Chaining with SRv6
Service Function Chaining with SRv6Service Function Chaining with SRv6
Service Function Chaining with SRv6
 
DevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking WalkthroughDevConf 2014 Kernel Networking Walkthrough
DevConf 2014 Kernel Networking Walkthrough
 
VPNaaS in Neutron
VPNaaS in NeutronVPNaaS in Neutron
VPNaaS in Neutron
 
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·šHot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
Hot ăźæ›žăæ–č(Template Version 2015-04-30) ć‰ç·š
 
였픈슀택 멀티녞드 ì„€ìč˜ í›„êž°
였픈슀택 멀티녞드 ì„€ìč˜ í›„êž°ì˜€í”ˆìŠ€íƒ 멀티녞드 ì„€ìč˜ í›„êž°
였픈슀택 멀티녞드 ì„€ìč˜ í›„êž°
 
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°šRed Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_1ìŁŒì°š
 
OVN operationalization at scale at eBay
OVN operationalization at scale at eBayOVN operationalization at scale at eBay
OVN operationalization at scale at eBay
 
SRv6 study
SRv6 studySRv6 study
SRv6 study
 
[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°
[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°
[OpenStack] êł”ê°œ 소프튞웚얎 였픈슀택 ìž…ëŹž & 파헀ìč˜êž°
 
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°šRed Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°š
Red Hat OpenStack 17 저자직강+슀터디귞ëŁč_2ìŁŒì°š
 

Andere mochten auch

Andere mochten auch (7)

MySQL Fabric with OpenStack Nova
MySQL Fabric with OpenStack NovaMySQL Fabric with OpenStack Nova
MySQL Fabric with OpenStack Nova
 
Introducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlowIntroducton to Convolutional Nerural Network with TensorFlow
Introducton to Convolutional Nerural Network with TensorFlow
 
Googleă«ăŠă‘ă‚‹æ©Ÿæą°ć­Šçż’ăźæŽ»ç”šăšă‚Żăƒ©ă‚Šăƒ‰ă‚”ăƒŒăƒ“ă‚č
Googleă«ăŠă‘ă‚‹æ©Ÿæą°ć­Šçż’ăźæŽ»ç”šăšă‚Żăƒ©ă‚Šăƒ‰ă‚”ăƒŒăƒ“ă‚čGoogleă«ăŠă‘ă‚‹æ©Ÿæą°ć­Šçż’ăźæŽ»ç”šăšă‚Żăƒ©ă‚Šăƒ‰ă‚”ăƒŒăƒ“ă‚č
Googleă«ăŠă‘ă‚‹æ©Ÿæą°ć­Šçż’ăźæŽ»ç”šăšă‚Żăƒ©ă‚Šăƒ‰ă‚”ăƒŒăƒ“ă‚č
 
Neutron: br-ex is now deprecated! what is modern way?
Neutron: br-ex is now deprecated! what is modern way?Neutron: br-ex is now deprecated! what is modern way?
Neutron: br-ex is now deprecated! what is modern way?
 
「ITスンゾニケăƒȘăƒłă‚°ăźæœŹèłȘă€ă‚’è€ƒăˆă‚‹
「ITスンゾニケăƒȘăƒłă‚°ăźæœŹèłȘă€ă‚’è€ƒăˆă‚‹ă€ŒITスンゾニケăƒȘăƒłă‚°ăźæœŹèłȘă€ă‚’è€ƒăˆă‚‹
「ITスンゾニケăƒȘăƒłă‚°ăźæœŹèłȘă€ă‚’è€ƒăˆă‚‹
 
Googleăźă‚€ăƒłăƒ•ăƒ©æŠ€èĄ“ă«èŠ‹ă‚‹ćŸș盀暙æș–ćŒ–ăšDevOpsぼ真漟
Googleăźă‚€ăƒłăƒ•ăƒ©æŠ€èĄ“ă«èŠ‹ă‚‹ćŸș盀暙æș–ćŒ–ăšDevOpsぼ真漟Googleăźă‚€ăƒłăƒ•ăƒ©æŠ€èĄ“ă«èŠ‹ă‚‹ćŸș盀暙æș–ćŒ–ăšDevOpsぼ真漟
Googleăźă‚€ăƒłăƒ•ăƒ©æŠ€èĄ“ă«èŠ‹ă‚‹ćŸș盀暙æș–ćŒ–ăšDevOpsぼ真漟
 
PRML11.2-11.3
PRML11.2-11.3PRML11.2-11.3
PRML11.2-11.3
 

Ähnlich wie OpenStack Neutron IPv6 Lessons

OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6
Shixiong Shang
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
Shixiong Shang
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
Swiss IPv6 Council
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
yacc2000
 
Configuringadualstackthatusesndra 131018075723-phpapp02
Configuringadualstackthatusesndra 131018075723-phpapp02Configuringadualstackthatusesndra 131018075723-phpapp02
Configuringadualstackthatusesndra 131018075723-phpapp02
Christine Joy Lanzar
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
gogo6
 
Swiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsSwiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router Flags
Digicomp Academy AG
 

Ähnlich wie OpenStack Neutron IPv6 Lessons (20)

Neutron IPv6
Neutron IPv6Neutron IPv6
Neutron IPv6
 
OpenStack Havana over IPv6
OpenStack Havana over IPv6OpenStack Havana over IPv6
OpenStack Havana over IPv6
 
OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6OpenStack Icehouse Over IPv6
OpenStack Icehouse Over IPv6
 
Successes and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNICSuccesses and Challenges of IPv6 Transition at APNIC
Successes and Challenges of IPv6 Transition at APNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IPv6 at CSCS
IPv6 at CSCSIPv6 at CSCS
IPv6 at CSCS
 
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat642009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
2009 11 06 3gpp Ietf Ipv6 Shanghai Nat64
 
OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07OpenStack Paris Meetup on Nfv 2014/10/07
OpenStack Paris Meetup on Nfv 2014/10/07
 
7 slaac-rick graziani
7 slaac-rick graziani7 slaac-rick graziani
7 slaac-rick graziani
 
Network Configuration Example: Configuring a Dual Stack That Uses NDRA and DH...
Network Configuration Example: Configuring a Dual Stack That Uses NDRA and DH...Network Configuration Example: Configuring a Dual Stack That Uses NDRA and DH...
Network Configuration Example: Configuring a Dual Stack That Uses NDRA and DH...
 
Configuringadualstackthatusesndra 131018075723-phpapp02
Configuringadualstackthatusesndra 131018075723-phpapp02Configuringadualstackthatusesndra 131018075723-phpapp02
Configuringadualstackthatusesndra 131018075723-phpapp02
 
What's new in Neutron Juno
What's new in Neutron JunoWhat's new in Neutron Juno
What's new in Neutron Juno
 
Demystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the HostDemystifying Networking Webinar Series- Routing on the Host
Demystifying Networking Webinar Series- Routing on the Host
 
IPv6
IPv6IPv6
IPv6
 
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
Deploying IPv6 in Cisco's Labs by Robert Beckett at gogoNET LIVE! 3 IPv6 Conf...
 
Swiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router FlagsSwiss IPv6 Council: Konfusion um die Router Flags
Swiss IPv6 Council: Konfusion um die Router Flags
 
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
DPDK Summit - 08 Sept 2014 - 6WIND - High Perf Networking Leveraging the DPDK...
 
6WINDGateℱ - Enabling Cloud RAN Virtualization
6WINDGateℱ - Enabling Cloud RAN Virtualization6WINDGateℱ - Enabling Cloud RAN Virtualization
6WINDGateℱ - Enabling Cloud RAN Virtualization
 
IPv6 translation methods
IPv6 translation methodsIPv6 translation methods
IPv6 translation methods
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 

Mehr von Akihiro Motoki

20131211 Neutron Havana
20131211 Neutron Havana20131211 Neutron Havana
20131211 Neutron Havana
Akihiro Motoki
 
20131212 Okinawa OpenDays OpenStack
20131212 Okinawa OpenDays OpenStack20131212 Okinawa OpenDays OpenStack
20131212 Okinawa OpenDays OpenStack
Akihiro Motoki
 
20131011_openstack-neutron-vyattameeting
20131011_openstack-neutron-vyattameeting20131011_openstack-neutron-vyattameeting
20131011_openstack-neutron-vyattameeting
Akihiro Motoki
 
20121216 OSC Cloud OpenStack Quantum
20121216 OSC Cloud OpenStack Quantum20121216 OSC Cloud OpenStack Quantum
20121216 OSC Cloud OpenStack Quantum
Akihiro Motoki
 
Horizon Quantum Integration grizzly
Horizon Quantum Integration grizzlyHorizon Quantum Integration grizzly
Horizon Quantum Integration grizzly
Akihiro Motoki
 
Horizon quantum-integration-grizzly
Horizon quantum-integration-grizzlyHorizon quantum-integration-grizzly
Horizon quantum-integration-grizzly
Akihiro Motoki
 
Quantum-grizzly-packet-filtering
Quantum-grizzly-packet-filteringQuantum-grizzly-packet-filtering
Quantum-grizzly-packet-filtering
Akihiro Motoki
 

Mehr von Akihiro Motoki (18)

20190722 OpenStack community past present future
20190722 OpenStack community past present future20190722 OpenStack community past present future
20190722 OpenStack community past present future
 
20190722 Building handy CI with zuul and OpenStack
20190722 Building handy CI with zuul and OpenStack20190722 Building handy CI with zuul and OpenStack
20190722 Building handy CI with zuul and OpenStack
 
20190118-josug-open stack-community-goals
20190118-josug-open stack-community-goals20190118-josug-open stack-community-goals
20190118-josug-open stack-community-goals
 
20161129 neutron recent topic
20161129 neutron recent topic20161129 neutron recent topic
20161129 neutron recent topic
 
20150713-OpenStack-5thbirthday-kilo-liberty-and-towards
20150713-OpenStack-5thbirthday-kilo-liberty-and-towards20150713-OpenStack-5thbirthday-kilo-liberty-and-towards
20150713-OpenStack-5thbirthday-kilo-liberty-and-towards
 
20150713 OpenStack Translation in Japan
20150713 OpenStack Translation in Japan20150713 OpenStack Translation in Japan
20150713 OpenStack Translation in Japan
 
neutron_icehouse_update
neutron_icehouse_updateneutron_icehouse_update
neutron_icehouse_update
 
Neutron Icehouse Update (Japanese)
Neutron Icehouse Update (Japanese)Neutron Icehouse Update (Japanese)
Neutron Icehouse Update (Japanese)
 
OpenStack Atlanta Summit Report: Neutron, Nova and design summit sessions
OpenStack Atlanta Summit Report: Neutron, Nova and design summit sessionsOpenStack Atlanta Summit Report: Neutron, Nova and design summit sessions
OpenStack Atlanta Summit Report: Neutron, Nova and design summit sessions
 
20131211 Neutron Havana
20131211 Neutron Havana20131211 Neutron Havana
20131211 Neutron Havana
 
20131212 Okinawa OpenDays OpenStack
20131212 Okinawa OpenDays OpenStack20131212 Okinawa OpenDays OpenStack
20131212 Okinawa OpenDays OpenStack
 
20131011_openstack-neutron-vyattameeting
20131011_openstack-neutron-vyattameeting20131011_openstack-neutron-vyattameeting
20131011_openstack-neutron-vyattameeting
 
20130724 openstack-3rd-anniversary-amotoki
20130724 openstack-3rd-anniversary-amotoki20130724 openstack-3rd-anniversary-amotoki
20130724 openstack-3rd-anniversary-amotoki
 
OpenStack Contribution Howto
OpenStack Contribution HowtoOpenStack Contribution Howto
OpenStack Contribution Howto
 
20121216 OSC Cloud OpenStack Quantum
20121216 OSC Cloud OpenStack Quantum20121216 OSC Cloud OpenStack Quantum
20121216 OSC Cloud OpenStack Quantum
 
Horizon Quantum Integration grizzly
Horizon Quantum Integration grizzlyHorizon Quantum Integration grizzly
Horizon Quantum Integration grizzly
 
Horizon quantum-integration-grizzly
Horizon quantum-integration-grizzlyHorizon quantum-integration-grizzly
Horizon quantum-integration-grizzly
 
Quantum-grizzly-packet-filtering
Quantum-grizzly-packet-filteringQuantum-grizzly-packet-filtering
Quantum-grizzly-packet-filtering
 

KĂŒrzlich hochgeladen

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
ellan12
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
sexy call girls service in goa
 
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
ruhi
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
soniya singh
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 

KĂŒrzlich hochgeladen (20)

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 đŸ«Š Vanshika Verma More Our Se...
 
đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
đ“€€Call On 7877925207 đ“€€ Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
â‚č5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭ 6378878445
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Rani Bagh Escort Service Delhi N.C.R.
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 

OpenStack Neutron IPv6 Lessons

  • 1. Lessons in IPv6 deployment in OpenStack environments May 8, 2017 Akihiro Motoki OSS Promotion Center, NEC
  • 2. 2 © NEC Corporation 2017 Why IPv6? IPv4 Address has run out! Smart City and IoT needs lots of addresses All the Industry and Telecom has to prepare IPv6 Era
  • 3. 3 © NEC Corporation 2017 Agenda ▌Many consideration points on IPv6 deployments with OpenStack ▌[0] Understanding IPv6 words ▌[1] IPv6 address allocation ïŹHow to manage IPv6 address pools ïŹGlobal unique addresses for tenants ▌[2] IPv6 address configuration ïŹHow to distribute IPv6 address to clients ▌[3] Routing considerations ïŹHow to reach tenants’ network? ïŹHow to prevent unauthorized global addresses? ▌[4] VNF choices ïŹNeutron router? ïŹ3-rd party VNF router? Firewall? ▌This presentation is based on OpenStack Mitaka release
  • 4. IPv6 address allocation How to manage IPv6 address pools?
  • 5. 5 © NEC Corporation 2017 IPv6 address allocation ▌What we need? ▌GUA (Global unique address) are assigned to tenants ▌GUA should be assigned to a specified address range ▌Tenants still need to use their own addresses ïŹUnless they are not connected to external ïŹULA (Unique local address) Neutron Subnet Pool Legacy way to specify CIDR (or tenant subnet pool)
  • 6. 6 © NEC Corporation 2017 Neutron “subnet pool” ▌“Subnet pool” defines CIDR pool and allocates CIDR for a subnet from the pool ▌What we can? ïŹNo need to care which CIDR is used or not. Subnet pool manages assigned CIDR. ïŹOpenStack operators pre-defines a desired IP address range ïŹIt allows us to assign non-overlapping address ranges across tenants Subnet Pool Pool Prefixes 203.0.113.0/24 Prefix Length default: 26 Max: 25, Min: 28 Subnet 1 203.0.113.0/26 Subnet 2 203.0.113.128/25 Subnet 3 203.0.113.64/27 neutron subnetpool-create --pool-prefix 203.0.113.0/24 --default-prefixlen 26 --shared --is-default demo-subnetpool neutron subnet-create --subnetpool demo-subnetpool --ip-version 4 demo-net neutron subnet-create --use-default-subnetpool --ip-version 4 demo-net neutron subnetpool-update --pool-prefix 203.0.113.0/24 --pool-prefix 198.51.100.0/24 demo-subnetpool
  • 7. 7 © NEC Corporation 2017 IPv6 address allocation – admin ▌We use “subnet pool” to manage IPv6 address ranges ▌Create a subnet pool for GUA ïŹopenstack subnet pool create --pool-prefix 2001:DB8:1234::/48 --default-prefix-length 64 --min-prefix-length 64 --max-prefix-length 64 subnet-pool-ipv6 ïŹSpecify the global address range as a pool prefix ïŹ/64 is suggested as prefix length as most IPv6 routers assume 64 in RA ▌Mark it as “shared” so that tenants can consume it ïŹopenstack subnet pool set --share subnet-pool-ipv6 ▌(optional) Mark it as a default subnet pool ïŹ openstack subnet pool set --default subnet-pool-ipv6 ïŹTenants do not need to specify the subnet pool name when creating a subnet
  • 8. 8 © NEC Corporation 2017 IPv6 address allocation - tenant ▌Check per-defined subnet pools ïŹopenstack subnet pool list ▌Create a subnet using the subnet pool ïŹopenstack subnet create --use-default-subnet-pool --ip-version 6 --ipv6-ra-mode XXX –ipv6-address-mode XXX --network net1 subnet1 ïŹYou can specify a subnet pool explicitly but using a default pool would be easier ▌Quota on subnet pool ïŹSubnet pool supports quota ïŹIn IPv6 case, it is calculated as the number of /64 subnets. ïŹIf the subnet pool quota is 3, a tenant can allocate 3 /64 subnets. ▌Tenants still can specify their own address range ïŹLimited to local use and no internet connection
  • 10. 10 © NEC Corporation 2017 IPv6 address configuration modes ▌Three configuration modes: ïŹ SLLAC, DHCPv6 stateless, DHCPv6 stateful ▌SLACC ïŹIPv6 address of a client is configured based on RA (Router advertisement) ïŹGateway is also configured. ïŹOptionally, DNS information(if RFC6106), MTU and so on can be configured. ïŹOnly /64 prefix is used ▌DHCPv6 stateless ïŹIPv6 address is configured based on RA. ïŹOther information is retrieved via DHCPv6. ïŹLooks used most commonly ïŹOnly way to distribute DNS info before RFC6106 ▌DHCPv6 stateful ïŹAll information is configured based on DHCPv6 ïŹThere is information that GW is not configured properly.
  • 11. 11 © NEC Corporation 2017 IPv6 address configuration modes ▌The configuration mode is determined based on RA flag ïŹM (Managed) => 0 (RA/DHCPv6 stateless), 1 (DHCPv6 stateful) ïŹO (Other) => 0 (SLAAC), 1 (use DHCPv6) ▌Need to selection address mode, depending on router implementation used ïŹNeutron exposes all modes, but it is not necessarily all modes are available...
  • 12. 12 © NEC Corporation 2017 Understanding Neutron IPv6 two modes ▌Two attributes related to IPv6 address configuration: ïŹipv6_address_mode ïŹipv6_ra_mode ▌There are constraints between two modes ïŹOpenStack networking guide ïŹhttps://docs.openstack.org/ocata/networking-guide/config-ipv6.html
  • 13. 13 © NEC Corporation 2017 Understanding Neutron IPv6 two modes
  • 14. 14 © NEC Corporation 2017 Understanding Neutron IPv6 two modes A lot of combinations. What does each mode mean?
  • 15. 15 © NEC Corporation 2017 Understanding IPv6 two mode ▌IPv6 address mode ïŹSpecifies how IPv6 address is generated and assigned ïŹIPAM is mainly involved in it. ïŹAlso controls if the reference DHCP implementation serves ïŹâ€œslaac” ‱ Neutron generates a port address based on MAC address (EUI-64) ïŹâ€œdhcpv6-stateless” ‱ Neutron generates a port address based on MAC address (EUI-64) ‱ Neutron provides DHCP options for port ïŹâ€œdhcpv6-stateful” ‱ Any address can be configured. ‱ Perhaps non-/64 prefix can be used ïŹNot Specified (N/S) ‱ (Backward compatibility) ‱ Any static address can be configured.
  • 16. 16 © NEC Corporation 2017 Understanding IPv6 two mode ▌IPv6 RA mode ïŹSpecifies how neutron router sends RA ▌“slaac” ▌“dhcpv6-stateless” ▌“dhcpv6-stateful” ïŹNeutron setup radvd on a router and provides RA ïŹRA flags are set accordingly ▌Not Specified (N/S) ïŹNeutron does nothing. ïŹradvd on a router is not setup
  • 17. 17 © NEC Corporation 2017 Deployment patterns ▌(1a) Tenant Router (OpenStack) ïŹNeutron router; VNF integrated with neutron ▌(1b) Tenant Router (VNF) ïŹVirtual appliance; not integrated with neutron ▌(2) Provider Router VM Upstream Router External network (1a) Tenant Router (OpenStack) (1b) Tenant Router (VNF) VM Neutron network Neutron router Upstream Router External network NW infra VM Neutron network VNF (vRouter, vFW) Upstream Router External network Managed by OpenStack VNF manager NW infra NW infra (2) Provider router Managed by OpenStack Managed by OpenStack
  • 18. 18 © NEC Corporation 2017 IPv6 two modes: tenant neutron router ▌Simplest case! ▌Tenant router is implemented as neutron router ïŹL3 agent (reference implementation) ïŹOther 3rd party L3 plugin (if you use) ▌Neutron provides both RA and DHCPv6 ïŹRef implementation: RA = radvd, DCHPv6 = dnsmasq ▌If 3rd party L3 plugin is provided, the behavior needs to be checked ipv6_address _mode ipv6_ra_ mode Description (L3 agent) SLAAC SLAAC Radvd runs on netns and provides RA DHCPv6 stateless DHCPv6 stateless Radvd on router netns and dnsmasq on dhcp netns DHCPv6 stateful DHCPv6 stateful Same as above VM Neutron network Neutron router Upstream Router External network NW infra Managed by OpenStack
  • 19. 19 © NEC Corporation 2017 IPv6 two modes: tenant VNF router ▌Tenant router is implemented as virtual appliance ▌BUT it is not well integrated with neutron (= no L3 plugin) ▌SLLAC works well ▌DHCPv6-stateless / stateful : neutron DHCP (dnsmasq) serves too ïŹIf VNF provides DHCPv6, two DHCP servers works as a result and they may conflicts... ipv6_address _mode ipv6_ra_ mode Description SLAAC Off (N/S) VNF router sends RA DHCPv6 stateless DHCPv6 stateless VNF router sends RA neutron dnsmasq is configured If VNF provides DHCPv6, the feature potentially conflicts
Off DHCPv6 stateful DHCPv6 stateful VNF router sends RA neutron dnsmasq is configured If VNF provides DHCPv6, the feature potentially conflict
Off VM Neutron network VNF (vRouter, vFW) Upstream Router External network Managed by OpenStack VNF manager NW infra
  • 20. 20 © NEC Corporation 2017 IPv6 two modes: provider router ▌Router on a provider network sends RA. ▌From the perspective of neutron, same as “tenant VNF router” case ▌SLLAC works well ▌DHCPv6 stateless : DHCPv6 by neutron and upstream router may potentially conflict ▌DHCPv6 stateful : neutron DHCPv6 is the only option? ïŹ There is no way to share address information between provider router and neutron VM Upstream Router External network NW infra (2) Provider router Managed by OpenStack ipv6_address _mode ipv6_ra_ mode Description SLAAC Off (N/S) provider router sends RA DHCPv6 stateless DHCPv6 stateless provider router sends RA neutron dnsmasq is configured If provider router provides DHCPv6, the feature potentially conflicts
Off DHCPv6 stateful DHCPv6 stateful provider router sends RA neutron dnsmasq is configured If VNF provides DHCPv6, address from both will conflicts XXXOff
  • 21. 21 © NEC Corporation 2017 In our case.. ▌(SLAAC) ïŹNot many VNF supports DNS option in RA message ▌(DHCPv6-stateless) ïŹNeutron DHCPv6-stateless does not provide DNS.. Needs investigation ïŹSome VNFs support SLAAC only. Cannot configure RA flags. VNF SLAAC DHCPv6-stateless Neutron router OK OK Cisco CSR1000V OK (+DNS) OK (+DNS) NEC Intersec VM/SG OK - Paloalto VM-100 OK -
  • 22. Routing Considerations [1] How to reach tenants’ network from the Internet?
  • 23. 23 © NEC Corporation 2017 Dynamic routing to tenant IPv6 subnets ▌How to reach tenants’ network? ▌To deliver packets from the Internet to tenants’ networks, the upstream router must know routes to tenants’ networks ▌In IPv6, tenant networks get GUA (global unique address) dynamically ▌Route tables on the upstream router needs to be updated ▌We need some mechanism to update routes automatically Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Self Service Network 3 2001:0DB8:3:/64 Router1 Router2 Router3 Upstream Router Provider Network (router: external) Internet
  • 24. 24 © NEC Corporation 2017 Dynamic routing to tenant IPv6 subnets ▌Dynamic Routing ïŹBGP ïŹOSPF ▌IPv6 Prefix Delegation ▌Static Route (with some automation mechanism) ïŹNeed some mechanism to monitor neutron-side changes
  • 25. 25 © NEC Corporation 2017 Dynamic routing : BGP (neutron integration) ▌Neutron provides BGP dynamic route advertisement ▌Create a BGP peering between BGP agent (dr-agent) and upstream Router ▌BGP agent advertises routes to tenant networks dynamically ▌Only networks whose address scope is same as that of the external network are advertised. Networks on different address scope are not advertised. Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Self Service Network 3 2001:0DB8:3:/64 Router1 Router2 Router3 Upstream Router Provider Network (router: external) Internet Address ScopeL3 agent BGP agent BGP peering AS 4321 AS 1234 http://docs.openstack.org/newton/networking-guide/config-bgp-dynamic-routing.html
  • 26. 26 © NEC Corporation 2017 Dynamic routing : OSPF ▌OSPF can be used for dynamic routing ▌Create router relationships between tenant and upstream routers when a tenant router is created ▌Once a relationship is established, a route to a tenant network is configured to the upstream router ▌Useful for small network where BGP is not preferred ▌Most VNF router supports OSPF ▌No neutron integration Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Router1 (VNF) Router2 (VNF) Upstream Router Provider Network (router: external) Internet Router relationship AS 4321 http://docs.openstack.org/newton/networking-guide/config-bgp-dynamic-routing.html
  • 27. 27 © NEC Corporation 2017 IPv6 Prefix Delegation (PD) ▌Upstream router is a PD (prefix delegation) server and this manages IPv6 address ranges to be assigned to OpenStack tenant networks ▌PD server assigns CIDR (normally /64 prefix) to PD client ▌Neutron router acts as a PD client ▌Upstream router sets up a route to PD client when assigning a prefix ïŹ The upstream router knows an external IP address of Neutron router (PD client) ïŹ LLA (Link local address) can be used as IP address of PD client ▌Neutron integration Self Service Network 1 2001:0DB8:1:/64 Self Service Network 2 2001:0DB8:2:/64 Self Service Network 3 2001:0DB8:3:/64 Router1 Router2 Router3 Upstream Router Provider Network (router: external) Internet PD Server http://docs.openstack.org/newton/networking-guide/config-ipv6.html#prefix-delegation PD Client Assign CIDR
  • 28. 28 © NEC Corporation 2017 Comparison Choices depend on network policy and router types to be used ▌Dynamic routing (BGP) ïŹNeutron integration ïŹDepending on network policy of upstream network ïŹSome operators does not use BGP inside their network ïŹOne AS is required for OpenStack deployment ▌Dynamic routing (OSPF) ïŹNo neutron integration ïŹOSPF is used for smaller deployment ïŹMost VNF router supports OSPF ▌Prefix delegation ïŹNeutron integration ïŹOnly simple topology is supported. ïŹCannot handle nested tenant router ïŹNot a small number of VNF does not support prefix delegation
  • 29. Routing Considerations [2] How to prevent unauthorized global addresses?
  • 30. 30 © NEC Corporation 2017 How to prevent unauthorized global addresses? ▌Neutron allows tenants to assign arbitrary IP addresses. ▌In IPv6, global unique addresses are assigned to tenants from the predefined ranges. ▌If some tenant assigns overlapping address ranges with other tenant, what happens? ▌There needs a way to block unauthorized global unique address assigned by tenants in their own way.
  • 31. 31 © NEC Corporation 2017 Neutron address scope ▌Address Scope ïŹConcept to define which IP addresses can directly communicate each other ïŹSubnet pool is associated to some address Scope ïŹRouter allows traffic among a same address scope ‱ Router identifies an address scope of each router interface Net1 R Net2 Net3 Networks on a same address scope can communicate Networks in different address scope cannot communicate Subnet pool 1 Address Scope 1 Subnet pool 2 Address Scope 2 or CIDR (If CIDR is specified, “Implicit Address Scope” is used)
  • 32. 32 © NEC Corporation 2017 How to prevent unauthorized global addresses? ▌By using address scope, administrators can only allow traffic from IP address ranges they authorize. ▌Administrator ïŹ Create a address scope ïŹ Create a subnet pool for external communication ïŹ Associate the subnet pool with the above address scope ïŹ Create a subnet of external network from the above subnet pool ▌Tenant user ïŹ Create a subnet from the shared subnet pool (when communicating externally) ïŹ Subnet whose CIDR is specified explicitly cannot communicate with the Internet even if it has the same CIDR. Ext-Net R Net2 Net3 Networks on a same address scope can communicate Networks in different address scope cannot communicate Subnet pool 1 Address Scope 1 Subnet pool 2 Address Scope 2 (or CIDR) External Network
  • 33. 33 © NEC Corporation 2017 How to prevent unauthorized global addresses? ▌Create a address scope ïŹopenstack address scope create --share --ip-version 6 address-scope-ip6 ▌Creaet a subnet pool for external communication ▌Associate the subnet pool with the above address scope ïŹopenstack subnet pool create --address-scope address-scope-ip6 --share --pool-prefix 2001:db8:a583::/48 --default-prefix-length 64 subnet-pool-ip6 ▌Create a subnet of external network from the above subnet pool ïŹopenstack subnet create --subnet-pool subnet-pool-ip6 --ip-version 6 --disable-dhcp --network external-network external-subnet-ip6 ▌Create a subnet from the shared subnet pool ïŹopenstack subnet create --subnet-pool subnet-pool-ip6 --ip-version 6 --ipv6-address-mode slaac --ipv6-ra-mode slaac --network my-network my-subnet-ip6
  • 35. 35 © NEC Corporation 2017 Additional topics ▌For SLAAC/DHCPv6 stateless, /64 is actually the only unit assigned to tenant  The required number of /64 prefix will be the number of tenants ▌All IPv6 modes cannot be used necessarily, but neutron exposes all  Some mechanism to expose available IPv6 mode to users ▌Windows supports address randomization for EUI-64 address ïŹIt randomizes the lower 64 bits of addresses ïŹEphemeral address is also supported ïŹIt works .. ïŹbut a generated IPv6 address will be different from Neutron port information ▌Most VNF does not provide Neutron L3 plugin  Need a way to retrieve information from neutron ‱ IPv6 RA flag (Managed, Other) ‱ Address scope Prefix (64) EUI-64 (64) randomize
  • 36. 36 © NEC Corporation 2017 Summary ▌This presentation share our experiences on IPv6 ▌Hope it helps introductions of IPv6 deployment ▌Most things work well. ▌There are several things remaining to be improved ▌Let’s upstream it! ïŹ Feel free to file a bug to neutron! ▌Let’s share our knowledge! ïŹ OpenStack Networking Guide is a good place ïŹLatest release : https://docs.openstack.org/ocata/networking-guide/ ïŹDevelopment version : https://docs.openstack.org/draft/networking-guide/