Update guest IPv6 information in docs
Based on some recent questions on IPv6 address generation in guests, update the relevant section in the docs to make it more up-to-date. Partial-bug: #1827489 Change-Id: Ibbf4d5458293c9c0269f6a80f5519caa175994ec
This commit is contained in:
parent
4c4dc08c52
commit
252acc0694
@ -416,23 +416,38 @@ overlap across the projects.
|
|||||||
Security considerations
|
Security considerations
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
.. todo:: Initially this is probably just stating the security group rules
|
For more information about security considerations, see the ``Security groups``
|
||||||
relative to IPv6 that are applied. Need some help for these
|
section in
|
||||||
|
:doc:`intro-os-networking`.
|
||||||
|
|
||||||
Configuring interfaces of the guest
|
Configuring interfaces of the guest
|
||||||
-----------------------------------
|
-----------------------------------
|
||||||
|
|
||||||
OpenStack currently doesn't support the privacy extensions defined by RFC 4941.
|
OpenStack currently doesn't support the Privacy Extensions defined by RFC 4941,
|
||||||
The interface identifier and DUID used must be directly derived from the MAC
|
or the Opaque Identifier generation methods defined in RFC 7217. The interface
|
||||||
as described in RFC 2373. The compute hosts must not be setup to utilize the
|
identifier and DUID used must be directly derived from the MAC address
|
||||||
privacy extensions when generating their interface identifier.
|
as described in RFC 2373. The compute instances must not be set up to utilize
|
||||||
|
either of these methods when generating their interface identifier, or
|
||||||
|
they might not be able to communicate properly on the network. For example,
|
||||||
|
in Linux guests, these are controlled via these two ``sysctl`` variables:
|
||||||
|
|
||||||
There is no provisions for an IPv6-based metadata service similar to what is
|
- ``net.ipv6.conf.*.use_tempaddr`` (Privacy Extensions)
|
||||||
provided for IPv4. In the case of dual stacked guests though it is always
|
- ``net.ipv6.conf.*.addr_gen_mode`` (link-local and autoconf address generation)
|
||||||
possible to use the IPv4 metadata service instead.
|
|
||||||
|
|
||||||
Unlike IPv4 the MTU of a given network can be conveyed in the RA messages sent
|
Both of these settings should be disabled (zero).
|
||||||
by the router as well as in the DHCP messages.
|
|
||||||
|
Other types of guests might have similar configuration options, please
|
||||||
|
consult your distribution documentation for more information.
|
||||||
|
|
||||||
|
There are no provisions for an IPv6-based metadata service similar to what is
|
||||||
|
provided for IPv4. In the case of dual-stacked guests though it is always
|
||||||
|
possible to use the IPv4 metadata service instead. IPv6-only guests will have
|
||||||
|
to use another method for metadata injection such as using a configuration
|
||||||
|
drive, which is described in the Nova documentation on
|
||||||
|
`config-drive <https://docs.openstack.org/nova/latest/user/config-drive.html>`__.
|
||||||
|
|
||||||
|
Unlike IPv4, the MTU of a given network can be conveyed in both the Router
|
||||||
|
Advertisement messages sent by the router, as well as in DHCP messages.
|
||||||
|
|
||||||
OpenStack control & management network considerations
|
OpenStack control & management network considerations
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
Loading…
Reference in New Issue
Block a user