Merge "Update NDP proxy documentation"
This commit is contained in:
commit
7dfe41ab8f
@ -19,16 +19,17 @@ To configure NDP proxy, take the following steps:
|
||||
* On the controller nodes:
|
||||
|
||||
Add the ``ndp_proxy`` service to the ``service_plugins`` setting in
|
||||
``/etc/neutron/neutron.conf``. For example:
|
||||
the ``[DEFAULT]`` section of ``/etc/neutron/neutron.conf``. For example:
|
||||
|
||||
.. code-block:: none
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
service_plugins = router,ndp_proxy
|
||||
|
||||
.. note::
|
||||
|
||||
The ``router`` service plug-in has to be configured along with the
|
||||
``ndp_proxy`` service plug-in
|
||||
``ndp_proxy`` service plug-in.
|
||||
|
||||
* On the network nodes or the compute nodes (for the dvr mode router):
|
||||
|
||||
@ -37,7 +38,7 @@ To configure NDP proxy, take the following steps:
|
||||
done in each network and compute node where the L3 agent is running. For
|
||||
example:
|
||||
|
||||
.. code-block:: none
|
||||
.. code-block:: ini
|
||||
|
||||
extensions = ndp_proxy
|
||||
|
||||
@ -47,10 +48,10 @@ To configure NDP proxy, take the following steps:
|
||||
and every neutron-l3-agent need to be restarted for the new values to take
|
||||
effect.
|
||||
|
||||
After configuring ndp proxy, the ``ndp-proxy`` extension alias will be
|
||||
After configuring NDP proxy, the ``ndp-proxy`` extension alias will be
|
||||
included in the output of the following command:
|
||||
|
||||
For api extension:
|
||||
For API extension:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
@ -60,34 +61,34 @@ To configure NDP proxy, take the following steps:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack network agent show <l3-agent-id>
|
||||
$ openstack network agent show <l3-agent-id>
|
||||
|
||||
.. note::
|
||||
|
||||
We Introduced a new command ``ndsend`` for NDP proxy feature, the command can
|
||||
We introduced a new command ``ndsend`` for the NDP proxy feature, the command can
|
||||
send Neighbor Advertisement about IPv6 to upstream router. With this command,
|
||||
we can make the upstream router rapidly perceive the change of internal IPv6
|
||||
address (such as, port migrated to other node). Read the
|
||||
`manual page <http://manpages.ubuntu.com/manpages/focal/man8/ndsend.8.html>`_
|
||||
for more details about this command.
|
||||
|
||||
Currently, you need install this command manually in every l3 agent node. For
|
||||
ubuntu, the command provided by ``vzctl`` pkg, the install command:
|
||||
Currently, you need to install this command manually in every L3 agent node. For
|
||||
Ubuntu, the command is provided by the ``vzctl`` pkg, the install command:
|
||||
``sudo apt install vzctl``.
|
||||
|
||||
* On the upstream router (The datacenter's physical router):
|
||||
* On the upstream router (the datacenter's physical router):
|
||||
|
||||
Generally, the admin operator should plan one or more IPv6 subnetpools to use
|
||||
when NDP proxy is enabled, so that all internal subnets can be allocated from
|
||||
a single, integrated subnetpool. In order to make NDP proxy work correctly,
|
||||
the admin operator needs to set direct routes for these subnetpools.
|
||||
|
||||
Such as, we have a IPv6 subnetpool, it's CIDR is 2001::/96. The direct route
|
||||
Such as, we have a IPv6 subnetpool, it's CIDR is 2001:db8::/96. The direct route
|
||||
like below should be set:
|
||||
|
||||
.. code-block:: none
|
||||
|
||||
2001::/96 dev <ext-gw>
|
||||
2001:db8::/96 dev <ext-gw>
|
||||
|
||||
The ``ext-gw`` is the gateway interface of the cloud's external network.
|
||||
|
||||
@ -96,21 +97,14 @@ User workflow
|
||||
~~~~~~~~~~~~~
|
||||
|
||||
Assume the admin operator already prepared an IPv6 subnetpool:
|
||||
``test-subnetpool``, its CIDR is 2001::/96.
|
||||
``test-subnetpool``, its CIDR is 2001:db8::/96.
|
||||
|
||||
At a high level, the basic steps to publish an IPv6 address to external
|
||||
The basic steps to publish an IPv6 address to an external
|
||||
network (such as: public network) are the following:
|
||||
|
||||
1、Create a router and enable its external gateway
|
||||
2、Set the router's ``enable_ndp_proxy`` parameter to True
|
||||
3、Create a internal network and create a IPv6 subnet on it
|
||||
4、Add the subnet to the router
|
||||
5、Launch an instance on the network
|
||||
6、Create a ndp proxy for the instance's port
|
||||
#. Create a router:
|
||||
|
||||
* Create a router:
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack router create test-router
|
||||
+-------------------------+--------------------------------------+
|
||||
@ -136,36 +130,36 @@ network (such as: public network) are the following:
|
||||
| updated_at | 2022-01-01T06:50:44Z |
|
||||
+-------------------------+--------------------------------------+
|
||||
|
||||
* Set external gateway for the router:
|
||||
#. Set external gateway for the router:
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack router set test-router --external-gateway public
|
||||
|
||||
|
||||
.. note::
|
||||
.. note::
|
||||
|
||||
If the external network has no IPv6 subnet and the ``ipv6_gateway`` is
|
||||
configured on the ``neutron-l3-agent``, you may want to set
|
||||
``use_lla_address`` to True at ``/etc/neutron/neutron.conf``, otherwise
|
||||
The following command will raise a 403 error.
|
||||
the following command will raise a 403 error.
|
||||
|
||||
* Enable ndp proxy support on the router:
|
||||
#. Enable NDP proxy support on the router:
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack router set test-router --enable-ndp-proxy
|
||||
|
||||
.. warning::
|
||||
.. warning::
|
||||
|
||||
If you are using another method (such as:
|
||||
:ref:`BGP <config-bgp-dynamic-routing-for-ipv6>`,
|
||||
:ref:`prefix-delegation` etc.) to publish the internal IPv6 address, the
|
||||
command will break dataplane traffic.
|
||||
|
||||
* Create internal network and IPv6 subnet and add the subnet to above router:
|
||||
#. Create an internal network and IPv6 subnet and add the subnet to the above router:
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack network create int-net
|
||||
+---------------------------+--------------------------------------+
|
||||
@ -206,14 +200,14 @@ network (such as: public network) are the following:
|
||||
+----------------------+--------------------------------------+
|
||||
| Field | Value |
|
||||
+----------------------+--------------------------------------+
|
||||
| allocation_pools | 2001::2-2001::ffff |
|
||||
| cidr | 2001::/112 |
|
||||
| allocation_pools | 2001:db8::2-2001:db8::ffff |
|
||||
| cidr | 2001:db8::/112 |
|
||||
| created_at | 2022-01-02T08:20:26Z |
|
||||
| description | |
|
||||
| dns_nameservers | |
|
||||
| dns_publish_fixed_ip | None |
|
||||
| enable_dhcp | True |
|
||||
| gateway_ip | 2001::1 |
|
||||
| gateway_ip | 2001:db8::1 |
|
||||
| host_routes | |
|
||||
| id | 9bcf194c-d44f-4e6f-90da-98510ddef283 |
|
||||
| ip_version | 6 |
|
||||
@ -231,9 +225,9 @@ network (such as: public network) are the following:
|
||||
+----------------------+--------------------------------------+
|
||||
$ openstack router add subnet test-router int-sub
|
||||
|
||||
* Launch an instance:
|
||||
#. Launch an instance:
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack server create --flavor m1.tiny --image cirros-0.5.2-x86_64-disk --network int-net test-server
|
||||
+-------------------------------------+-----------------------------------------------------------------+
|
||||
@ -271,22 +265,22 @@ network (such as: public network) are the following:
|
||||
| volumes_attached | |
|
||||
+-------------------------------------+-----------------------------------------------------------------+
|
||||
|
||||
* Create ndp proxy for the instance's port:
|
||||
#. Create NDP proxy for the instance's port:
|
||||
|
||||
Query the port of the instance
|
||||
Query the port of the instance
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack port list --server test-server
|
||||
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
|
||||
| ID | Name | MAC Address | Fixed IP Addresses | Status |
|
||||
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
|
||||
| bdd64aa0-437a-4db6-bbca-99869426c908 | | fa:16:3e:ac:15:b8 | ip_address='2001::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
|
||||
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
|
||||
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
|
||||
| ID | Name | MAC Address | Fixed IP Addresses | Status |
|
||||
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
|
||||
| bdd64aa0-437a-4db6-bbca-99869426c908 | | fa:16:3e:ac:15:b8 | ip_address='2001:db8::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
|
||||
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
|
||||
|
||||
Create ndp proxy for the port
|
||||
Create NDP proxy for the port
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ openstack network ndp proxy create --router test-router --port bdd64aa0-437a-4db6-bbca-99869426c908 test-np
|
||||
+-----------------+--------------------------------------+
|
||||
@ -295,7 +289,7 @@ network (such as: public network) are the following:
|
||||
| created_at | 2022-01-02T08:25:31Z |
|
||||
| description | |
|
||||
| id | 73889fee-e322-443f-941e-142e4fc5f898 |
|
||||
| ip_address | 2001::284 |
|
||||
| ip_address | 2001:db8::284 |
|
||||
| name | test-np |
|
||||
| port_id | bdd64aa0-437a-4db6-bbca-99869426c908 |
|
||||
| project_id | bcb0c7a5338b4a46959e47971c58f0f1 |
|
||||
@ -304,17 +298,21 @@ network (such as: public network) are the following:
|
||||
| updated_at | 2022-01-02T08:25:31Z |
|
||||
+-----------------+--------------------------------------+
|
||||
|
||||
* Then ping the port's address from upstream router
|
||||
#. Then ping the port's address from the upstream router:
|
||||
|
||||
.. code-block:: console
|
||||
.. code-block:: console
|
||||
|
||||
$ ping 2001::284
|
||||
PING 2001::284(2001::284) 56 data bytes
|
||||
64 bytes from 2001::284: icmp_seq=1 ttl=64 time=0.365 ms
|
||||
64 bytes from 2001::284: icmp_seq=2 ttl=64 time=0.385 ms
|
||||
$ ping 2001:db8::284
|
||||
PING 2001:db8::284(2001:db8::284) 56 data bytes
|
||||
64 bytes from 2001:db8::284: icmp_seq=1 ttl=64 time=0.365 ms
|
||||
64 bytes from 2001:db8::284: icmp_seq=2 ttl=64 time=0.385 ms
|
||||
|
||||
.. note::
|
||||
|
||||
You may also need to add a security group rule that allows ICMPv6
|
||||
traffic towards the instance.
|
||||
|
||||
Known limitations
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
* OVN backend is not supported
|
||||
- Using NDP proxies in combination with the OVN backend is not supported.
|
||||
|
@ -64,6 +64,10 @@ at [1]_.
|
||||
[ovn]
|
||||
dns_servers = 203.0.113.8, 198.51.100.53
|
||||
|
||||
* IPv6 NDP proxy
|
||||
|
||||
The NDP proxy functionality for IPv6 addresses is not supported by OVN.
|
||||
|
||||
References
|
||||
----------
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user