Merge "Update NDP proxy documentation"

2022-08-26 20:51:50 +00:00 · 2022-08-26 20:51:50 +00:00 · 7dfe41ab8f
parent 2f47d2bb55 7587d0dede
commit 7dfe41ab8f
2 changed files with 58 additions and 56 deletions
--- a/doc/source/admin/config-ndp-proxy.rst
+++ b/doc/source/admin/config-ndp-proxy.rst
@ -19,16 +19,17 @@ To configure NDP proxy, take the following steps:
 * On the controller nodes:

  Add the ``ndp_proxy`` service to the ``service_plugins`` setting in
-  ``/etc/neutron/neutron.conf``. For example:
+  the ``[DEFAULT]`` section of ``/etc/neutron/neutron.conf``. For example:

-  .. code-block:: none
+  .. code-block:: ini

+      [DEFAULT]
      service_plugins = router,ndp_proxy

  .. note::

    The ``router`` service plug-in has to be configured along with the
-    ``ndp_proxy`` service plug-in
+    ``ndp_proxy`` service plug-in.

 * On the network nodes or the compute nodes (for the dvr mode router):

@ -37,7 +38,7 @@ To configure NDP proxy, take the following steps:
  done in each network and compute node where the L3 agent is running. For
  example:

-  .. code-block:: none
+  .. code-block:: ini

     extensions = ndp_proxy

@ -47,10 +48,10 @@ To configure NDP proxy, take the following steps:
  and every neutron-l3-agent need to be restarted for the new values to take
  effect.

-  After configuring ndp proxy, the ``ndp-proxy`` extension alias will be
+  After configuring NDP proxy, the ``ndp-proxy`` extension alias will be
  included in the output of the following command:

-  For api extension:
+  For API extension:

  .. code-block:: console

@ -60,34 +61,34 @@ To configure NDP proxy, take the following steps:

  .. code-block:: console

-    $ openstack network agent show <l3-agent-id>
+     $ openstack network agent show <l3-agent-id>

 .. note::

-  We Introduced a new command ``ndsend`` for NDP proxy feature, the command can
+  We introduced a new command ``ndsend`` for the NDP proxy feature, the command can
  send Neighbor Advertisement about IPv6 to upstream router. With this command,
  we can make the upstream router rapidly perceive the change of internal IPv6
  address (such as, port migrated to other node). Read the
  `manual page <http://manpages.ubuntu.com/manpages/focal/man8/ndsend.8.html>`_
  for more details about this command.

-  Currently, you need install this command manually in every l3 agent node. For
-  ubuntu, the command provided by ``vzctl`` pkg, the install command:
+  Currently, you need to install this command manually in every L3 agent node. For
+  Ubuntu, the command is provided by the ``vzctl`` pkg, the install command:
  ``sudo apt install vzctl``.

-* On the upstream router (The datacenter's physical router):
+* On the upstream router (the datacenter's physical router):

  Generally, the admin operator should plan one or more IPv6 subnetpools to use
  when NDP proxy is enabled, so that all internal subnets can be allocated from
  a single, integrated subnetpool. In order to make NDP proxy work correctly,
  the admin operator needs to set direct routes for these subnetpools.

-  Such as, we have a IPv6 subnetpool, it's CIDR is 2001::/96. The direct route
+  Such as, we have a IPv6 subnetpool, it's CIDR is 2001:db8::/96. The direct route
  like below should be set:

  .. code-block:: none

-      2001::/96 dev <ext-gw>
+      2001:db8::/96 dev <ext-gw>

  The ``ext-gw`` is the gateway interface of the cloud's external network.

@ -96,21 +97,14 @@ User workflow
 ~~~~~~~~~~~~~

 Assume the admin operator already prepared an IPv6 subnetpool:
-``test-subnetpool``, its CIDR is 2001::/96.
+``test-subnetpool``, its CIDR is 2001:db8::/96.

-At a high level, the basic steps to publish an IPv6 address to external
+The basic steps to publish an IPv6 address to an external
 network (such as: public network) are the following:

-1、Create a router and enable its external gateway
-2、Set the router's ``enable_ndp_proxy`` parameter to True
-3、Create a internal network and create a IPv6 subnet on it
-4、Add the subnet to the router
-5、Launch an instance on the network
-6、Create a ndp proxy for the instance's port
+#. Create a router:

-* Create a router:
-
-  .. code-block:: console
+   .. code-block:: console

      $ openstack router create test-router
      +-------------------------+--------------------------------------+
@ -136,36 +130,36 @@ network (such as: public network) are the following:
      | updated_at              | 2022-01-01T06:50:44Z                 |
      +-------------------------+--------------------------------------+

-* Set external gateway for the router:
+#. Set external gateway for the router:

-  .. code-block:: console
+   .. code-block:: console

      $ openstack router set test-router --external-gateway public


-  .. note::
+   .. note::

      If the external network has no IPv6 subnet and the ``ipv6_gateway`` is
      configured on the ``neutron-l3-agent``, you may want to set
      ``use_lla_address`` to True at ``/etc/neutron/neutron.conf``, otherwise
-      The following command will raise a 403 error.
+      the following command will raise a 403 error.

-* Enable ndp proxy support on the router:
+#. Enable NDP proxy support on the router:

-  .. code-block:: console
+   .. code-block:: console

      $ openstack router set test-router --enable-ndp-proxy

-  .. warning::
+   .. warning::

      If you are using another method (such as:
      :ref:`BGP <config-bgp-dynamic-routing-for-ipv6>`,
      :ref:`prefix-delegation` etc.) to publish the internal IPv6 address, the
      command will break dataplane traffic.

-* Create internal network and IPv6 subnet and add the subnet to above router:
+#. Create an internal network and IPv6 subnet and add the subnet to the above router:

-  .. code-block:: console
+   .. code-block:: console

      $ openstack network create int-net
      +---------------------------+--------------------------------------+
@ -206,14 +200,14 @@ network (such as: public network) are the following:
      +----------------------+--------------------------------------+
      | Field                | Value                                |
      +----------------------+--------------------------------------+
-      | allocation_pools     | 2001::2-2001::ffff                   |
-      | cidr                 | 2001::/112                           |
+      | allocation_pools     | 2001:db8::2-2001:db8::ffff           |
+      | cidr                 | 2001:db8::/112                       |
      | created_at           | 2022-01-02T08:20:26Z                 |
      | description          |                                      |
      | dns_nameservers      |                                      |
      | dns_publish_fixed_ip | None                                 |
      | enable_dhcp          | True                                 |
-      | gateway_ip           | 2001::1                              |
+      | gateway_ip           | 2001:db8::1                          |
      | host_routes          |                                      |
      | id                   | 9bcf194c-d44f-4e6f-90da-98510ddef283 |
      | ip_version           | 6                                    |
@ -231,9 +225,9 @@ network (such as: public network) are the following:
      +----------------------+--------------------------------------+
      $ openstack router add subnet test-router int-sub

-* Launch an instance:
+#. Launch an instance:

-  .. code-block:: console
+   .. code-block:: console

      $ openstack server create --flavor m1.tiny --image cirros-0.5.2-x86_64-disk --network int-net test-server
      +-------------------------------------+-----------------------------------------------------------------+
@ -271,22 +265,22 @@ network (such as: public network) are the following:
      | volumes_attached                    |                                                                 |
      +-------------------------------------+-----------------------------------------------------------------+

-* Create ndp proxy for the instance's port:
+#. Create NDP proxy for the instance's port:

-  Query the port of the instance
+   Query the port of the instance

-  .. code-block:: console
+   .. code-block:: console

      $ openstack port list --server test-server
-      +--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
-      | ID                                   | Name | MAC Address       | Fixed IP Addresses                                                       | Status |
-      +--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
-      | bdd64aa0-437a-4db6-bbca-99869426c908 |      | fa:16:3e:ac:15:b8 | ip_address='2001::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
-      +--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
+      +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
+      | ID                                   | Name | MAC Address       | Fixed IP Addresses                                                           | Status |
+      +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
+      | bdd64aa0-437a-4db6-bbca-99869426c908 |      | fa:16:3e:ac:15:b8 | ip_address='2001:db8::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
+      +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+

-  Create ndp proxy for the port
+   Create NDP proxy for the port

-  .. code-block:: console
+   .. code-block:: console

      $ openstack network ndp proxy create --router test-router --port bdd64aa0-437a-4db6-bbca-99869426c908 test-np
      +-----------------+--------------------------------------+
@ -295,7 +289,7 @@ network (such as: public network) are the following:
      | created_at      | 2022-01-02T08:25:31Z                 |
      | description     |                                      |
      | id              | 73889fee-e322-443f-941e-142e4fc5f898 |
-      | ip_address      | 2001::284                            |
+      | ip_address      | 2001:db8::284                        |
      | name            | test-np                              |
      | port_id         | bdd64aa0-437a-4db6-bbca-99869426c908 |
      | project_id      | bcb0c7a5338b4a46959e47971c58f0f1     |
@ -304,17 +298,21 @@ network (such as: public network) are the following:
      | updated_at      | 2022-01-02T08:25:31Z                 |
      +-----------------+--------------------------------------+

-* Then ping the port's address from upstream router
+#. Then ping the port's address from the upstream router:

-  .. code-block:: console
+   .. code-block:: console

-    $ ping 2001::284
-    PING 2001::284(2001::284) 56 data bytes
-    64 bytes from 2001::284: icmp_seq=1 ttl=64 time=0.365 ms
-    64 bytes from 2001::284: icmp_seq=2 ttl=64 time=0.385 ms
+      $ ping 2001:db8::284
+      PING 2001:db8::284(2001:db8::284) 56 data bytes
+      64 bytes from 2001:db8::284: icmp_seq=1 ttl=64 time=0.365 ms
+      64 bytes from 2001:db8::284: icmp_seq=2 ttl=64 time=0.385 ms

+   .. note::
+
+      You may also need to add a security group rule that allows ICMPv6
+      traffic towards the instance.

 Known limitations
 ~~~~~~~~~~~~~~~~~

-* OVN backend is not supported
+- Using NDP proxies in combination with the OVN backend is not supported.
--- a/doc/source/ovn/gaps.rst
+++ b/doc/source/ovn/gaps.rst
@ -64,6 +64,10 @@ at [1]_.
    [ovn]
    dns_servers = 203.0.113.8, 198.51.100.53

+* IPv6 NDP proxy
+
+  The NDP proxy functionality for IPv6 addresses is not supported by OVN.
+
 References
 ----------