Merge "Update NDP proxy documentation"

This commit is contained in:
Zuul 2022-08-26 20:51:50 +00:00 committed by Gerrit Code Review
commit 7dfe41ab8f
2 changed files with 58 additions and 56 deletions

@ -19,16 +19,17 @@ To configure NDP proxy, take the following steps:
* On the controller nodes: * On the controller nodes:
Add the ``ndp_proxy`` service to the ``service_plugins`` setting in Add the ``ndp_proxy`` service to the ``service_plugins`` setting in
``/etc/neutron/neutron.conf``. For example: the ``[DEFAULT]`` section of ``/etc/neutron/neutron.conf``. For example:
.. code-block:: none .. code-block:: ini
[DEFAULT]
service_plugins = router,ndp_proxy service_plugins = router,ndp_proxy
.. note:: .. note::
The ``router`` service plug-in has to be configured along with the The ``router`` service plug-in has to be configured along with the
``ndp_proxy`` service plug-in ``ndp_proxy`` service plug-in.
* On the network nodes or the compute nodes (for the dvr mode router): * On the network nodes or the compute nodes (for the dvr mode router):
@ -37,7 +38,7 @@ To configure NDP proxy, take the following steps:
done in each network and compute node where the L3 agent is running. For done in each network and compute node where the L3 agent is running. For
example: example:
.. code-block:: none .. code-block:: ini
extensions = ndp_proxy extensions = ndp_proxy
@ -47,10 +48,10 @@ To configure NDP proxy, take the following steps:
and every neutron-l3-agent need to be restarted for the new values to take and every neutron-l3-agent need to be restarted for the new values to take
effect. effect.
After configuring ndp proxy, the ``ndp-proxy`` extension alias will be After configuring NDP proxy, the ``ndp-proxy`` extension alias will be
included in the output of the following command: included in the output of the following command:
For api extension: For API extension:
.. code-block:: console .. code-block:: console
@ -60,34 +61,34 @@ To configure NDP proxy, take the following steps:
.. code-block:: console .. code-block:: console
$ openstack network agent show <l3-agent-id> $ openstack network agent show <l3-agent-id>
.. note:: .. note::
We Introduced a new command ``ndsend`` for NDP proxy feature, the command can We introduced a new command ``ndsend`` for the NDP proxy feature, the command can
send Neighbor Advertisement about IPv6 to upstream router. With this command, send Neighbor Advertisement about IPv6 to upstream router. With this command,
we can make the upstream router rapidly perceive the change of internal IPv6 we can make the upstream router rapidly perceive the change of internal IPv6
address (such as, port migrated to other node). Read the address (such as, port migrated to other node). Read the
`manual page <http://manpages.ubuntu.com/manpages/focal/man8/ndsend.8.html>`_ `manual page <http://manpages.ubuntu.com/manpages/focal/man8/ndsend.8.html>`_
for more details about this command. for more details about this command.
Currently, you need install this command manually in every l3 agent node. For Currently, you need to install this command manually in every L3 agent node. For
ubuntu, the command provided by ``vzctl`` pkg, the install command: Ubuntu, the command is provided by the ``vzctl`` pkg, the install command:
``sudo apt install vzctl``. ``sudo apt install vzctl``.
* On the upstream router (The datacenter's physical router): * On the upstream router (the datacenter's physical router):
Generally, the admin operator should plan one or more IPv6 subnetpools to use Generally, the admin operator should plan one or more IPv6 subnetpools to use
when NDP proxy is enabled, so that all internal subnets can be allocated from when NDP proxy is enabled, so that all internal subnets can be allocated from
a single, integrated subnetpool. In order to make NDP proxy work correctly, a single, integrated subnetpool. In order to make NDP proxy work correctly,
the admin operator needs to set direct routes for these subnetpools. the admin operator needs to set direct routes for these subnetpools.
Such as, we have a IPv6 subnetpool, it's CIDR is 2001::/96. The direct route Such as, we have a IPv6 subnetpool, it's CIDR is 2001:db8::/96. The direct route
like below should be set: like below should be set:
.. code-block:: none .. code-block:: none
2001::/96 dev <ext-gw> 2001:db8::/96 dev <ext-gw>
The ``ext-gw`` is the gateway interface of the cloud's external network. The ``ext-gw`` is the gateway interface of the cloud's external network.
@ -96,21 +97,14 @@ User workflow
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
Assume the admin operator already prepared an IPv6 subnetpool: Assume the admin operator already prepared an IPv6 subnetpool:
``test-subnetpool``, its CIDR is 2001::/96. ``test-subnetpool``, its CIDR is 2001:db8::/96.
At a high level, the basic steps to publish an IPv6 address to external The basic steps to publish an IPv6 address to an external
network (such as: public network) are the following: network (such as: public network) are the following:
1、Create a router and enable its external gateway #. Create a router:
2、Set the router's ``enable_ndp_proxy`` parameter to True
3、Create a internal network and create a IPv6 subnet on it
4、Add the subnet to the router
5、Launch an instance on the network
6、Create a ndp proxy for the instance's port
* Create a router: .. code-block:: console
.. code-block:: console
$ openstack router create test-router $ openstack router create test-router
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
@ -136,36 +130,36 @@ network (such as: public network) are the following:
| updated_at | 2022-01-01T06:50:44Z | | updated_at | 2022-01-01T06:50:44Z |
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
* Set external gateway for the router: #. Set external gateway for the router:
.. code-block:: console .. code-block:: console
$ openstack router set test-router --external-gateway public $ openstack router set test-router --external-gateway public
.. note:: .. note::
If the external network has no IPv6 subnet and the ``ipv6_gateway`` is If the external network has no IPv6 subnet and the ``ipv6_gateway`` is
configured on the ``neutron-l3-agent``, you may want to set configured on the ``neutron-l3-agent``, you may want to set
``use_lla_address`` to True at ``/etc/neutron/neutron.conf``, otherwise ``use_lla_address`` to True at ``/etc/neutron/neutron.conf``, otherwise
The following command will raise a 403 error. the following command will raise a 403 error.
* Enable ndp proxy support on the router: #. Enable NDP proxy support on the router:
.. code-block:: console .. code-block:: console
$ openstack router set test-router --enable-ndp-proxy $ openstack router set test-router --enable-ndp-proxy
.. warning:: .. warning::
If you are using another method (such as: If you are using another method (such as:
:ref:`BGP <config-bgp-dynamic-routing-for-ipv6>`, :ref:`BGP <config-bgp-dynamic-routing-for-ipv6>`,
:ref:`prefix-delegation` etc.) to publish the internal IPv6 address, the :ref:`prefix-delegation` etc.) to publish the internal IPv6 address, the
command will break dataplane traffic. command will break dataplane traffic.
* Create internal network and IPv6 subnet and add the subnet to above router: #. Create an internal network and IPv6 subnet and add the subnet to the above router:
.. code-block:: console .. code-block:: console
$ openstack network create int-net $ openstack network create int-net
+---------------------------+--------------------------------------+ +---------------------------+--------------------------------------+
@ -206,14 +200,14 @@ network (such as: public network) are the following:
+----------------------+--------------------------------------+ +----------------------+--------------------------------------+
| Field | Value | | Field | Value |
+----------------------+--------------------------------------+ +----------------------+--------------------------------------+
| allocation_pools | 2001::2-2001::ffff | | allocation_pools | 2001:db8::2-2001:db8::ffff |
| cidr | 2001::/112 | | cidr | 2001:db8::/112 |
| created_at | 2022-01-02T08:20:26Z | | created_at | 2022-01-02T08:20:26Z |
| description | | | description | |
| dns_nameservers | | | dns_nameservers | |
| dns_publish_fixed_ip | None | | dns_publish_fixed_ip | None |
| enable_dhcp | True | | enable_dhcp | True |
| gateway_ip | 2001::1 | | gateway_ip | 2001:db8::1 |
| host_routes | | | host_routes | |
| id | 9bcf194c-d44f-4e6f-90da-98510ddef283 | | id | 9bcf194c-d44f-4e6f-90da-98510ddef283 |
| ip_version | 6 | | ip_version | 6 |
@ -231,9 +225,9 @@ network (such as: public network) are the following:
+----------------------+--------------------------------------+ +----------------------+--------------------------------------+
$ openstack router add subnet test-router int-sub $ openstack router add subnet test-router int-sub
* Launch an instance: #. Launch an instance:
.. code-block:: console .. code-block:: console
$ openstack server create --flavor m1.tiny --image cirros-0.5.2-x86_64-disk --network int-net test-server $ openstack server create --flavor m1.tiny --image cirros-0.5.2-x86_64-disk --network int-net test-server
+-------------------------------------+-----------------------------------------------------------------+ +-------------------------------------+-----------------------------------------------------------------+
@ -271,22 +265,22 @@ network (such as: public network) are the following:
| volumes_attached | | | volumes_attached | |
+-------------------------------------+-----------------------------------------------------------------+ +-------------------------------------+-----------------------------------------------------------------+
* Create ndp proxy for the instance's port: #. Create NDP proxy for the instance's port:
Query the port of the instance Query the port of the instance
.. code-block:: console .. code-block:: console
$ openstack port list --server test-server $ openstack port list --server test-server
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+ +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status | | ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+ +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| bdd64aa0-437a-4db6-bbca-99869426c908 | | fa:16:3e:ac:15:b8 | ip_address='2001::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE | | bdd64aa0-437a-4db6-bbca-99869426c908 | | fa:16:3e:ac:15:b8 | ip_address='2001:db8::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+ +--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
Create ndp proxy for the port Create NDP proxy for the port
.. code-block:: console .. code-block:: console
$ openstack network ndp proxy create --router test-router --port bdd64aa0-437a-4db6-bbca-99869426c908 test-np $ openstack network ndp proxy create --router test-router --port bdd64aa0-437a-4db6-bbca-99869426c908 test-np
+-----------------+--------------------------------------+ +-----------------+--------------------------------------+
@ -295,7 +289,7 @@ network (such as: public network) are the following:
| created_at | 2022-01-02T08:25:31Z | | created_at | 2022-01-02T08:25:31Z |
| description | | | description | |
| id | 73889fee-e322-443f-941e-142e4fc5f898 | | id | 73889fee-e322-443f-941e-142e4fc5f898 |
| ip_address | 2001::284 | | ip_address | 2001:db8::284 |
| name | test-np | | name | test-np |
| port_id | bdd64aa0-437a-4db6-bbca-99869426c908 | | port_id | bdd64aa0-437a-4db6-bbca-99869426c908 |
| project_id | bcb0c7a5338b4a46959e47971c58f0f1 | | project_id | bcb0c7a5338b4a46959e47971c58f0f1 |
@ -304,17 +298,21 @@ network (such as: public network) are the following:
| updated_at | 2022-01-02T08:25:31Z | | updated_at | 2022-01-02T08:25:31Z |
+-----------------+--------------------------------------+ +-----------------+--------------------------------------+
* Then ping the port's address from upstream router #. Then ping the port's address from the upstream router:
.. code-block:: console .. code-block:: console
$ ping 2001::284 $ ping 2001:db8::284
PING 2001::284(2001::284) 56 data bytes PING 2001:db8::284(2001:db8::284) 56 data bytes
64 bytes from 2001::284: icmp_seq=1 ttl=64 time=0.365 ms 64 bytes from 2001:db8::284: icmp_seq=1 ttl=64 time=0.365 ms
64 bytes from 2001::284: icmp_seq=2 ttl=64 time=0.385 ms 64 bytes from 2001:db8::284: icmp_seq=2 ttl=64 time=0.385 ms
.. note::
You may also need to add a security group rule that allows ICMPv6
traffic towards the instance.
Known limitations Known limitations
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~
* OVN backend is not supported - Using NDP proxies in combination with the OVN backend is not supported.

@ -64,6 +64,10 @@ at [1]_.
[ovn] [ovn]
dns_servers = 203.0.113.8, 198.51.100.53 dns_servers = 203.0.113.8, 198.51.100.53
* IPv6 NDP proxy
The NDP proxy functionality for IPv6 addresses is not supported by OVN.
References References
---------- ----------