Merge "Update NDP proxy documentation"
This commit is contained in:
commit
7dfe41ab8f
doc/source
@ -19,16 +19,17 @@ To configure NDP proxy, take the following steps:
|
|||||||
* On the controller nodes:
|
* On the controller nodes:
|
||||||
|
|
||||||
Add the ``ndp_proxy`` service to the ``service_plugins`` setting in
|
Add the ``ndp_proxy`` service to the ``service_plugins`` setting in
|
||||||
``/etc/neutron/neutron.conf``. For example:
|
the ``[DEFAULT]`` section of ``/etc/neutron/neutron.conf``. For example:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: ini
|
||||||
|
|
||||||
|
[DEFAULT]
|
||||||
service_plugins = router,ndp_proxy
|
service_plugins = router,ndp_proxy
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
The ``router`` service plug-in has to be configured along with the
|
The ``router`` service plug-in has to be configured along with the
|
||||||
``ndp_proxy`` service plug-in
|
``ndp_proxy`` service plug-in.
|
||||||
|
|
||||||
* On the network nodes or the compute nodes (for the dvr mode router):
|
* On the network nodes or the compute nodes (for the dvr mode router):
|
||||||
|
|
||||||
@ -37,7 +38,7 @@ To configure NDP proxy, take the following steps:
|
|||||||
done in each network and compute node where the L3 agent is running. For
|
done in each network and compute node where the L3 agent is running. For
|
||||||
example:
|
example:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: ini
|
||||||
|
|
||||||
extensions = ndp_proxy
|
extensions = ndp_proxy
|
||||||
|
|
||||||
@ -47,10 +48,10 @@ To configure NDP proxy, take the following steps:
|
|||||||
and every neutron-l3-agent need to be restarted for the new values to take
|
and every neutron-l3-agent need to be restarted for the new values to take
|
||||||
effect.
|
effect.
|
||||||
|
|
||||||
After configuring ndp proxy, the ``ndp-proxy`` extension alias will be
|
After configuring NDP proxy, the ``ndp-proxy`` extension alias will be
|
||||||
included in the output of the following command:
|
included in the output of the following command:
|
||||||
|
|
||||||
For api extension:
|
For API extension:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
@ -60,34 +61,34 @@ To configure NDP proxy, take the following steps:
|
|||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack network agent show <l3-agent-id>
|
$ openstack network agent show <l3-agent-id>
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
We Introduced a new command ``ndsend`` for NDP proxy feature, the command can
|
We introduced a new command ``ndsend`` for the NDP proxy feature, the command can
|
||||||
send Neighbor Advertisement about IPv6 to upstream router. With this command,
|
send Neighbor Advertisement about IPv6 to upstream router. With this command,
|
||||||
we can make the upstream router rapidly perceive the change of internal IPv6
|
we can make the upstream router rapidly perceive the change of internal IPv6
|
||||||
address (such as, port migrated to other node). Read the
|
address (such as, port migrated to other node). Read the
|
||||||
`manual page <http://manpages.ubuntu.com/manpages/focal/man8/ndsend.8.html>`_
|
`manual page <http://manpages.ubuntu.com/manpages/focal/man8/ndsend.8.html>`_
|
||||||
for more details about this command.
|
for more details about this command.
|
||||||
|
|
||||||
Currently, you need install this command manually in every l3 agent node. For
|
Currently, you need to install this command manually in every L3 agent node. For
|
||||||
ubuntu, the command provided by ``vzctl`` pkg, the install command:
|
Ubuntu, the command is provided by the ``vzctl`` pkg, the install command:
|
||||||
``sudo apt install vzctl``.
|
``sudo apt install vzctl``.
|
||||||
|
|
||||||
* On the upstream router (The datacenter's physical router):
|
* On the upstream router (the datacenter's physical router):
|
||||||
|
|
||||||
Generally, the admin operator should plan one or more IPv6 subnetpools to use
|
Generally, the admin operator should plan one or more IPv6 subnetpools to use
|
||||||
when NDP proxy is enabled, so that all internal subnets can be allocated from
|
when NDP proxy is enabled, so that all internal subnets can be allocated from
|
||||||
a single, integrated subnetpool. In order to make NDP proxy work correctly,
|
a single, integrated subnetpool. In order to make NDP proxy work correctly,
|
||||||
the admin operator needs to set direct routes for these subnetpools.
|
the admin operator needs to set direct routes for these subnetpools.
|
||||||
|
|
||||||
Such as, we have a IPv6 subnetpool, it's CIDR is 2001::/96. The direct route
|
Such as, we have a IPv6 subnetpool, it's CIDR is 2001:db8::/96. The direct route
|
||||||
like below should be set:
|
like below should be set:
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
|
||||||
2001::/96 dev <ext-gw>
|
2001:db8::/96 dev <ext-gw>
|
||||||
|
|
||||||
The ``ext-gw`` is the gateway interface of the cloud's external network.
|
The ``ext-gw`` is the gateway interface of the cloud's external network.
|
||||||
|
|
||||||
@ -96,21 +97,14 @@ User workflow
|
|||||||
~~~~~~~~~~~~~
|
~~~~~~~~~~~~~
|
||||||
|
|
||||||
Assume the admin operator already prepared an IPv6 subnetpool:
|
Assume the admin operator already prepared an IPv6 subnetpool:
|
||||||
``test-subnetpool``, its CIDR is 2001::/96.
|
``test-subnetpool``, its CIDR is 2001:db8::/96.
|
||||||
|
|
||||||
At a high level, the basic steps to publish an IPv6 address to external
|
The basic steps to publish an IPv6 address to an external
|
||||||
network (such as: public network) are the following:
|
network (such as: public network) are the following:
|
||||||
|
|
||||||
1、Create a router and enable its external gateway
|
#. Create a router:
|
||||||
2、Set the router's ``enable_ndp_proxy`` parameter to True
|
|
||||||
3、Create a internal network and create a IPv6 subnet on it
|
|
||||||
4、Add the subnet to the router
|
|
||||||
5、Launch an instance on the network
|
|
||||||
6、Create a ndp proxy for the instance's port
|
|
||||||
|
|
||||||
* Create a router:
|
.. code-block:: console
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ openstack router create test-router
|
$ openstack router create test-router
|
||||||
+-------------------------+--------------------------------------+
|
+-------------------------+--------------------------------------+
|
||||||
@ -136,36 +130,36 @@ network (such as: public network) are the following:
|
|||||||
| updated_at | 2022-01-01T06:50:44Z |
|
| updated_at | 2022-01-01T06:50:44Z |
|
||||||
+-------------------------+--------------------------------------+
|
+-------------------------+--------------------------------------+
|
||||||
|
|
||||||
* Set external gateway for the router:
|
#. Set external gateway for the router:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack router set test-router --external-gateway public
|
$ openstack router set test-router --external-gateway public
|
||||||
|
|
||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
If the external network has no IPv6 subnet and the ``ipv6_gateway`` is
|
If the external network has no IPv6 subnet and the ``ipv6_gateway`` is
|
||||||
configured on the ``neutron-l3-agent``, you may want to set
|
configured on the ``neutron-l3-agent``, you may want to set
|
||||||
``use_lla_address`` to True at ``/etc/neutron/neutron.conf``, otherwise
|
``use_lla_address`` to True at ``/etc/neutron/neutron.conf``, otherwise
|
||||||
The following command will raise a 403 error.
|
the following command will raise a 403 error.
|
||||||
|
|
||||||
* Enable ndp proxy support on the router:
|
#. Enable NDP proxy support on the router:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack router set test-router --enable-ndp-proxy
|
$ openstack router set test-router --enable-ndp-proxy
|
||||||
|
|
||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
If you are using another method (such as:
|
If you are using another method (such as:
|
||||||
:ref:`BGP <config-bgp-dynamic-routing-for-ipv6>`,
|
:ref:`BGP <config-bgp-dynamic-routing-for-ipv6>`,
|
||||||
:ref:`prefix-delegation` etc.) to publish the internal IPv6 address, the
|
:ref:`prefix-delegation` etc.) to publish the internal IPv6 address, the
|
||||||
command will break dataplane traffic.
|
command will break dataplane traffic.
|
||||||
|
|
||||||
* Create internal network and IPv6 subnet and add the subnet to above router:
|
#. Create an internal network and IPv6 subnet and add the subnet to the above router:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack network create int-net
|
$ openstack network create int-net
|
||||||
+---------------------------+--------------------------------------+
|
+---------------------------+--------------------------------------+
|
||||||
@ -206,14 +200,14 @@ network (such as: public network) are the following:
|
|||||||
+----------------------+--------------------------------------+
|
+----------------------+--------------------------------------+
|
||||||
| Field | Value |
|
| Field | Value |
|
||||||
+----------------------+--------------------------------------+
|
+----------------------+--------------------------------------+
|
||||||
| allocation_pools | 2001::2-2001::ffff |
|
| allocation_pools | 2001:db8::2-2001:db8::ffff |
|
||||||
| cidr | 2001::/112 |
|
| cidr | 2001:db8::/112 |
|
||||||
| created_at | 2022-01-02T08:20:26Z |
|
| created_at | 2022-01-02T08:20:26Z |
|
||||||
| description | |
|
| description | |
|
||||||
| dns_nameservers | |
|
| dns_nameservers | |
|
||||||
| dns_publish_fixed_ip | None |
|
| dns_publish_fixed_ip | None |
|
||||||
| enable_dhcp | True |
|
| enable_dhcp | True |
|
||||||
| gateway_ip | 2001::1 |
|
| gateway_ip | 2001:db8::1 |
|
||||||
| host_routes | |
|
| host_routes | |
|
||||||
| id | 9bcf194c-d44f-4e6f-90da-98510ddef283 |
|
| id | 9bcf194c-d44f-4e6f-90da-98510ddef283 |
|
||||||
| ip_version | 6 |
|
| ip_version | 6 |
|
||||||
@ -231,9 +225,9 @@ network (such as: public network) are the following:
|
|||||||
+----------------------+--------------------------------------+
|
+----------------------+--------------------------------------+
|
||||||
$ openstack router add subnet test-router int-sub
|
$ openstack router add subnet test-router int-sub
|
||||||
|
|
||||||
* Launch an instance:
|
#. Launch an instance:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack server create --flavor m1.tiny --image cirros-0.5.2-x86_64-disk --network int-net test-server
|
$ openstack server create --flavor m1.tiny --image cirros-0.5.2-x86_64-disk --network int-net test-server
|
||||||
+-------------------------------------+-----------------------------------------------------------------+
|
+-------------------------------------+-----------------------------------------------------------------+
|
||||||
@ -271,22 +265,22 @@ network (such as: public network) are the following:
|
|||||||
| volumes_attached | |
|
| volumes_attached | |
|
||||||
+-------------------------------------+-----------------------------------------------------------------+
|
+-------------------------------------+-----------------------------------------------------------------+
|
||||||
|
|
||||||
* Create ndp proxy for the instance's port:
|
#. Create NDP proxy for the instance's port:
|
||||||
|
|
||||||
Query the port of the instance
|
Query the port of the instance
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack port list --server test-server
|
$ openstack port list --server test-server
|
||||||
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
|
||||||
| ID | Name | MAC Address | Fixed IP Addresses | Status |
|
| ID | Name | MAC Address | Fixed IP Addresses | Status |
|
||||||
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
|
||||||
| bdd64aa0-437a-4db6-bbca-99869426c908 | | fa:16:3e:ac:15:b8 | ip_address='2001::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
|
| bdd64aa0-437a-4db6-bbca-99869426c908 | | fa:16:3e:ac:15:b8 | ip_address='2001:db8::284', subnet_id='9bcf194c-d44f-4e6f-90da-98510ddef283' | ACTIVE |
|
||||||
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
|
||||||
|
|
||||||
Create ndp proxy for the port
|
Create NDP proxy for the port
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ openstack network ndp proxy create --router test-router --port bdd64aa0-437a-4db6-bbca-99869426c908 test-np
|
$ openstack network ndp proxy create --router test-router --port bdd64aa0-437a-4db6-bbca-99869426c908 test-np
|
||||||
+-----------------+--------------------------------------+
|
+-----------------+--------------------------------------+
|
||||||
@ -295,7 +289,7 @@ network (such as: public network) are the following:
|
|||||||
| created_at | 2022-01-02T08:25:31Z |
|
| created_at | 2022-01-02T08:25:31Z |
|
||||||
| description | |
|
| description | |
|
||||||
| id | 73889fee-e322-443f-941e-142e4fc5f898 |
|
| id | 73889fee-e322-443f-941e-142e4fc5f898 |
|
||||||
| ip_address | 2001::284 |
|
| ip_address | 2001:db8::284 |
|
||||||
| name | test-np |
|
| name | test-np |
|
||||||
| port_id | bdd64aa0-437a-4db6-bbca-99869426c908 |
|
| port_id | bdd64aa0-437a-4db6-bbca-99869426c908 |
|
||||||
| project_id | bcb0c7a5338b4a46959e47971c58f0f1 |
|
| project_id | bcb0c7a5338b4a46959e47971c58f0f1 |
|
||||||
@ -304,17 +298,21 @@ network (such as: public network) are the following:
|
|||||||
| updated_at | 2022-01-02T08:25:31Z |
|
| updated_at | 2022-01-02T08:25:31Z |
|
||||||
+-----------------+--------------------------------------+
|
+-----------------+--------------------------------------+
|
||||||
|
|
||||||
* Then ping the port's address from upstream router
|
#. Then ping the port's address from the upstream router:
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
$ ping 2001::284
|
$ ping 2001:db8::284
|
||||||
PING 2001::284(2001::284) 56 data bytes
|
PING 2001:db8::284(2001:db8::284) 56 data bytes
|
||||||
64 bytes from 2001::284: icmp_seq=1 ttl=64 time=0.365 ms
|
64 bytes from 2001:db8::284: icmp_seq=1 ttl=64 time=0.365 ms
|
||||||
64 bytes from 2001::284: icmp_seq=2 ttl=64 time=0.385 ms
|
64 bytes from 2001:db8::284: icmp_seq=2 ttl=64 time=0.385 ms
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
|
You may also need to add a security group rule that allows ICMPv6
|
||||||
|
traffic towards the instance.
|
||||||
|
|
||||||
Known limitations
|
Known limitations
|
||||||
~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
* OVN backend is not supported
|
- Using NDP proxies in combination with the OVN backend is not supported.
|
||||||
|
@ -64,6 +64,10 @@ at [1]_.
|
|||||||
[ovn]
|
[ovn]
|
||||||
dns_servers = 203.0.113.8, 198.51.100.53
|
dns_servers = 203.0.113.8, 198.51.100.53
|
||||||
|
|
||||||
|
* IPv6 NDP proxy
|
||||||
|
|
||||||
|
The NDP proxy functionality for IPv6 addresses is not supported by OVN.
|
||||||
|
|
||||||
References
|
References
|
||||||
----------
|
----------
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user