openstack/openstack-manuals
Code Issues Proposed changes

Merge "[network] Clean up address scopes section"

Browse Source
This commit is contained in:
Jenkins 2016-06-07 09:28:31 +00:00 committed by Gerrit Code Review
commit d58a0705e1
1 changed files with 267 additions and 290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

557
doc/networking-guide/source/adv-config-address-scopes.rst
View File

@ -2,210 +2,186 @@
Address scopes Address scopes
============== ==============
Address scopes have been made available since the Mitaka release. They build This page serves as an introduction to the address scopes feature of the
from subnet pools added in Kilo. While subnet pools provide a mechanism for Networking service.
controlling the allocation of addresses to subnets, address scopes provide a
way to know where addresses are viable. Like subnet pools, they also prevent
using overlapping addresses in any two subnets.
Why you need them The basics
~~~~~~~~~~~~~~~~~ ~~~~~~~~~~
With address scopes, OpenStack Networking knows where addresses can be routed Address scopes build from subnet pools. While subnet pools provide a mechanism
essentially because all of the allocated addresses within the scope are for controlling the allocation of addresses to subnets, address scopes show
non-overlapping and they are under the control of the address scope owner. where addresses can be routed between networks, preventing the use of
overlapping addresses in any two subnets. Because all addresses allocated in
the address scope do not overlap, neutron routers do not NAT between your
tenants' network and your external network. As long as the addresses within
an address scope match, the Networking service performs simple routing
between networks.
You can set up the address scopes for tenants to pull addresses from. Then, Accessing address scopes
since neutron routers understand address scopes, they will not NAT between ~~~~~~~~~~~~~~~~~~~~~~~~
these networks and your external network as long as the scopes match. They will
just do simple routing.
How it works Anyone with access to the Networking service can create their own address
~~~~~~~~~~~~ scopes. However, network administrators can create shared address scopes,
allowing other projects to create networks within that address scope.
Anyone can create an address scope. Admins can create shared address Access to addresses in a scope are managed through subnet pools.
scopes seen by all tenants. Subnet pools can either be created in an address scope, or updated to belong
to an address scope.
Access to addresses in a scope is managed through subnet pools. You can With subnet pools, all addresses in use within the address
create a subnet pool in an address scope or you can update existing scope are unique from the point of view of the address scope owner. Therefore,
subnet pools to belong to a scope. add more than one subnet pool to an address scope if the
pools have different owners, allowing for delegation of parts of the
address scope. Delegation prevents address overlap across the
whole scope. Otherwise, you receive an error if two pools have the same
address ranges.
It may be useful to add more than one subnet pool to an address scope if Each router interface is associated with an address scope by looking at
the pools have different owners. This allows delegation of parts of the subnets connected to the network. When a router connects
address scope. Address overlap is prevented across the whole scope so to an external network with matching address scopes, network traffic routes
you will get an error if two pools have some of the same address ranges between without Network address translation (NAT).
in them. The router marks all traffic connections originating from each interface
with its corresponding address scope. If traffic leaves an interface in the
wrong scope, the router blocks the traffic.
A Neutron router connects at least a couple of networks. Each router Backwards compatibility
interface is associated with an address scope by looking at the subnets ~~~~~~~~~~~~~~~~~~~~~~~
on the network its connected to. The router internally marks all
traffic connections originating from each interface with the
corresponding address scope to track it. If traffic tries to leave an
interface in the wrong scope, it is blocked.
When a router connects to two networks with the same address scope, it Networks created before the Mitaka release do not
knows that these networks can be routed without any kind of address contain explicitly named address scopes, unless the network contains
translation. Also, since subnet pools are part of the foundation of subnets from a subnet pool that belongs to a created or updated
address scopes, Neutron knows that all of the addresses in use within an address scope. The Networking service preserves backwards compatibility with
address scope are unique and legitimate from the address scope owner's pre-Mitaka networks through special address scope properties so that
point of view. these networks can perform advanced routing:
No scope
~~~~~~~~
OpenStack Networking preserves backwards compatibility with pre-Mitaka
Networking. You will not notice any difference until you decide to begin using
hem so you will not be forced to change your behavior.
When subnets are not explicitly part of an explicit address scope. They can be
considered part of a catch all implicit scope which is different in a few ways
to preserve backwards compatibility.
#. Unlimited address overlap is allowed. #. Unlimited address overlap is allowed.
#. Neutron routers, by default, will NAT traffic from internal networks #. Neutron routers, by default, will NAT traffic from internal networks
to external networks even if they are all in this scope (unless snat to external networks.
is disabled for the router.) #. Pre-Mitaka address scopes are not visible through the API. You cannot
#. This scope is not visible through the API. It will not show up when you list address scopes or show details. Scopes exist
list address scopes and you cannot show details. It exists only implicitly as a catch-all for addresses that are not explicitly scoped.
implicitly to catch all addresses which are not explicitly scoped.
Demo Create shared address scopes as an administrative user
---- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Give it a try. Starting with devstack is recommended. This section shows how to set up shared address scopes to
allow simple routing for project networks with the same subnet pools.
.. note:: Some irrelevant fields have been trimmed from the output of .. note:: Irrelevant fields have been trimmed from the output of
these commands just for brevity and to avoid distracting with too these commands for brevity.
many details.
Admin commands #. Create IPv6 and IPv4 address scopes:
______________
First, as admin, create a couple of shared address scopes, subnet pools to .. code-block:: console
manage the addresses inside them, and an external network with subnets from
these pools so that tenant networks from the same pools will be routed straight
through. The following examples show how to accomplish this.
.. code-block:: console $ neutron address-scope-create --shared address-scope-ip6 6
Created a new address_scope:
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| id | 13b83fb2-beb4-4533-9e12-4bf9a5721ef5 |
| ip_version | 6 |
| name | address-scope-ip6 |
| shared | True |
+------------+--------------------------------------+
admin> neutron address-scope-create --shared address-scope-ip6 6 .. code-block:: console
Created a new address_scope:
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| id | 13b83fb2-beb4-4533-9e12-4bf9a5721ef5 |
| ip_version | 6 |
| name | address-scope-ip6 |
| shared | True |
+------------+--------------------------------------+
.. code-block:: console $ neutron address-scope-create --shared address-scope-ip4 4
Created a new address_scope:
+------------+--------------------------------------+
| Field | Value |
+------------+--------------------------------------+
| id | 97702525-e145-40c8-8c8f-d415930d12ce |
| ip_version | 4 |
| name | address-scope-ip4 |
| shared | True |
+------------+--------------------------------------+
admin> neutron address-scope-create --shared address-scope-ip4 4 #. Create subnet pools specifying the name (or UUID) of the address
Created a new address_scope: scope that the subnet pool belongs to. If you have existing
+------------+--------------------------------------+ subnet pools, use the ``subnet-pool-update`` command to put them in
| Field | Value | a new address scope:
+------------+--------------------------------------+
| id | 97702525-e145-40c8-8c8f-d415930d12ce |
| ip_version | 4 |
| name | address-scope-ip4 |
| shared | True |
+------------+--------------------------------------+
Next, create subnet pools specifying the name (or UUID) of the address .. code-block:: console
scope that the subnet pool should belong to. If you have existing
subnet pools, you can use the subnet-pool-update command to put them in
to a new address scope.
.. code-block:: console $ neutron subnetpool-create --address-scope address-scope-ip6 \
--shared --pool-prefix 2001:db8:a583::/48 --default-prefixlen 64 \
subnet-pool-ip6
Created a new subnetpool:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| address_scope_id | 13b83fb2-beb4-4533-9e12-4bf9a5721ef5 |
| default_prefixlen | 64 |
| id | 14813344-d11a-4896-906c-e4c378291058 |
| ip_version | 6 |
| name | subnet-pool-ip6 |
| prefixes | 2001:db8:a583::/48 |
| shared | True |
+-------------------+--------------------------------------+
admin> neutron subnetpool-create --address-scope address-scope-ip6 \ .. code-block:: console
--shared --pool-prefix 2001:db8:a583::/48 --default-prefixlen 64 \
subnet-pool-ip6
Created a new subnetpool:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| address_scope_id | 13b83fb2-beb4-4533-9e12-4bf9a5721ef5 |
| default_prefixlen | 64 |
| id | 14813344-d11a-4896-906c-e4c378291058 |
| ip_version | 6 |
| name | subnet-pool-ip6 |
| prefixes | 2001:db8:a583::/48 |
| shared | True |
+-------------------+--------------------------------------+
.. code-block:: console $ neutron subnetpool-create --address-scope address-scope-ip4 \
--shared --pool-prefix 203.0.113.0/21 --default-prefixlen 26 \
subnet-pool-ip4
Created a new subnetpool:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| address_scope_id | 97702525-e145-40c8-8c8f-d415930d12ce |
| default_prefixlen | 26 |
| id | e2c4f12d-307f-4616-a4df-203a45e6cb7f |
| ip_version | 4 |
| name | subnet-pool-ip4 |
| prefixes | 203.0.112.0/21 |
| shared | True |
+-------------------+--------------------------------------+
admin> neutron subnetpool-create --address-scope address-scope-ip4 \ #. Make sure that the subnets use an external network:
--shared --pool-prefix 203.0.113.0/21 --default-prefixlen 26 \
subnet-pool-ip4
Created a new subnetpool:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| address_scope_id | 97702525-e145-40c8-8c8f-d415930d12ce |
| default_prefixlen | 26 |
| id | e2c4f12d-307f-4616-a4df-203a45e6cb7f |
| ip_version | 4 |
| name | subnet-pool-ip4 |
| prefixes | 203.0.112.0/21 |
| shared | True |
+-------------------+--------------------------------------+
Now that these are created, create subnets on an external network. .. code-block:: console
.. code-block:: console $ neutron subnet-show ipv6-public-subnet
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| cidr | 2001:db8::/64 |
| enable_dhcp | False |
| gateway_ip | 2001:db8::2 |
| id | 8e9299bf-5c48-4143-b081-010ba26636a2 |
| ip_version | 6 |
| name | ipv6-public-subnet |
| network_id | d2ac8578-7e86-4646-849a-afdf5a05fff0 |
| subnetpool_id | 14813344-d11a-4896-906c-e4c378291058 |
+-------------------+--------------------------------------+
$ neutron subnet-show ipv6-public-subnet .. code-block:: console
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| cidr | 2001:db8::/64 |
| enable_dhcp | False |
| gateway_ip | 2001:db8::2 |
| id | 8e9299bf-5c48-4143-b081-010ba26636a2 |
| ip_version | 6 |
| name | ipv6-public-subnet |
| network_id | d2ac8578-7e86-4646-849a-afdf5a05fff0 |
| subnetpool_id | 14813344-d11a-4896-906c-e4c378291058 |
+-------------------+--------------------------------------+
.. note:: In the interest of full disclosure, I didn't explain here how to go $ neutron subnet-show public-subnet
about creating an external subnets with this subnet pool. How should we +-------------------+--------------------------------------+
handle this in the final docs? It is pretty much covered in the subnet | Field | Value |
pools doc but it isn't all shown here which could make this little tutorial +-------------------+--------------------------------------+
a tiny bit frustrating. | cidr | 172.24.4.0/24 |
| enable_dhcp | False |
| gateway_ip | 172.24.4.1 |
| id | 3c3029d2-8081-4e56-9842-6007ce742860 |
| ip_version | 4 |
| name | public-subnet |
| network_id | d2ac8578-7e86-4646-849a-afdf5a05fff0 |
| subnetpool_id | e2c4f12d-307f-4616-a4df-203a45e6cb7f |
+-------------------+--------------------------------------+
.. code-block:: console Routing with address scopes for non-privileged users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ neutron subnet-show public-subnet This section shows how non-privileged users can use address scopes to
+-------------------+--------------------------------------+ route straight to an external network without NAT.
| Field | Value |
+-------------------+--------------------------------------+
| cidr | 172.24.4.0/24 |
| enable_dhcp | False |
| gateway_ip | 172.24.4.1 |
| id | 3c3029d2-8081-4e56-9842-6007ce742860 |
| ip_version | 4 |
| name | public-subnet |
| network_id | d2ac8578-7e86-4646-849a-afdf5a05fff0 |
| subnetpool_id | e2c4f12d-307f-4616-a4df-203a45e6cb7f |
+-------------------+--------------------------------------+
This completes the portion of the demo that requires admin privileges. The #. Create a couple of networks to host subnets:
address scope has been created with subnet pools to manage addresses. Finally,
the external network has been created with subnets from the address scope.
Non-admin tenant commands .. code-block:: console
_________________________
As a tenant, create networks that will be routed straight to the external
network without NAT. Also, create a network the old way to demonstrate how
routing between address scopes is not allowed between tenant networks. Start
by creating a couple of networks to host the subnets.
.. code-block:: console
$ neutron net-create network1 $ neutron net-create network1
Created a new network: Created a new network:
@ -217,135 +193,140 @@ by creating a couple of networks to host the subnets.
| subnets | | | subnets | |
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
.. code-block:: console .. code-block:: console
$ neutron net-create network2 $ neutron net-create network2
Created a new network: Created a new network:
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
| Field | Value | | Field | Value |
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
| id | 438e4f26-0e45-4b26-9797-57d0bd817953 | | id | 438e4f26-0e45-4b26-9797-57d0bd817953 |
| name | network2 | | name | network2 |
| subnets | | | subnets | |
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
First, create a subnet the old way, it will not be associated with a #. Create a subnet not associated with a subnet pool or
subnetpool nor an address scope. an address scope:
.. code-block:: console .. code-block:: console
$ neutron subnet-create --name subnet-ip4-1 network1 198.51.100.0/26 $ neutron subnet-create --name subnet-ip4-1 network1 198.51.100.0/26
Created a new subnet: Created a new subnet:
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| Field | Value | | Field | Value |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| cidr | 198.51.100.0/26 | | cidr | 198.51.100.0/26 |
| id | 48ed5c71-2a1d-4f73-b29e-371deec04d44 | | id | 48ed5c71-2a1d-4f73-b29e-371deec04d44 |
| name | subnet-ip4-1 | | name | subnet-ip4-1 |
| network_id | f5a980d9-5521-438e-b831-0ebacba2b372 | | network_id | f5a980d9-5521-438e-b831-0ebacba2b372 |
| subnetpool_id | | | subnetpool_id | |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
.. code-block:: console .. code-block:: console
$ neutron subnet-create --name subnet-ip6-1 network1 \ $ neutron subnet-create --name subnet-ip6-1 network1 \
--ipv6-ra-mode slaac --ipv6-address-mode slaac \ --ipv6-ra-mode slaac --ipv6-address-mode slaac \
--ip_version 6 2001:db8:80d2:c4d3::/64 --ip_version 6 2001:db8:80d2:c4d3::/64
Created a new subnet: Created a new subnet:
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| Field | Value | | Field | Value |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| cidr | 2001:db8:80d2:c4d3::/64 | | cidr | 2001:db8:80d2:c4d3::/64 |
| id | c9f0bb79-1d7b-435f-b362-05a9a7259aa6 | | id | c9f0bb79-1d7b-435f-b362-05a9a7259aa6 |
| name | subnet-ip6-1 | | name | subnet-ip6-1 |
| network_id | f5a980d9-5521-438e-b831-0ebacba2b372 | | network_id | f5a980d9-5521-438e-b831-0ebacba2b372 |
| subnetpool_id | | | subnetpool_id | |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
Next, create a subnet using an subnet pool. These subnets come from the #. Create a subnet using a subnet pool associated with a address scope
address scope as the external network. from an external network:
.. code-block:: console .. code-block:: console
$ neutron subnet-create --name subnet-ip4-2 \ $ neutron subnet-create --name subnet-ip4-2 \
--subnetpool subnet-pool-ip4 network2 --subnetpool subnet-pool-ip4 network2
Created a new subnet: Created a new subnet:
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| Field | Value | | Field | Value |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| cidr | 203.0.112.0/26 | | cidr | 203.0.112.0/26 |
| id | deb36645-8d46-4c13-a489-1135174d8a8c | | id | deb36645-8d46-4c13-a489-1135174d8a8c |
| name | subnet-ip4-2 | | name | subnet-ip4-2 |
| network_id | 438e4f26-0e45-4b26-9797-57d0bd817953 | | network_id | 438e4f26-0e45-4b26-9797-57d0bd817953 |
| subnetpool_id | e2c4f12d-307f-4616-a4df-203a45e6cb7f | | subnetpool_id | e2c4f12d-307f-4616-a4df-203a45e6cb7f |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
.. code-block:: console .. code-block:: console
$ neutron subnet-create --name subnet-ip6-2 --ip_version 6 \ $ neutron subnet-create --name subnet-ip6-2 --ip_version 6 \
--ipv6-ra-mode slaac --ipv6-address-mode slaac \ --ipv6-ra-mode slaac --ipv6-address-mode slaac \
--subnetpool subnet-pool-ip6 network2 --subnetpool subnet-pool-ip6 network2
Created a new subnet: Created a new subnet:
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| Field | Value | | Field | Value |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
| cidr | 2001:db8:a583::/64 | | cidr | 2001:db8:a583::/64 |
| id | b157e288-748e-4c4b-9b2e-8b8e65241036 | | id | b157e288-748e-4c4b-9b2e-8b8e65241036 |
| name | subnet-ip6-2 | | name | subnet-ip6-2 |
| network_id | 438e4f26-0e45-4b26-9797-57d0bd817953 | | network_id | 438e4f26-0e45-4b26-9797-57d0bd817953 |
| subnetpool_id | 14813344-d11a-4896-906c-e4c378291058 | | subnetpool_id | 14813344-d11a-4896-906c-e4c378291058 |
+-------------------+--------------------------------------+ +-------------------+--------------------------------------+
Note that by creating subnets from scoped subnet pools, the network is By creating subnets from scoped subnet pools, the network is
now associated with the address scope. associated with the address scope.
.. code-block:: console .. code-block:: console
$ neutron net-show network2 $ neutron net-show network2
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
| Field | Value | | Field | Value |
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
| id | 4f677ab6-32a1-452c-8feb-b0b6b7ed1a0f | | id | 4f677ab6-32a1-452c-8feb-b0b6b7ed1a0f |
| ipv4_address_scope | 97702525-e145-40c8-8c8f-d415930d12ce | | ipv4_address_scope | 97702525-e145-40c8-8c8f-d415930d12ce |
| ipv6_address_scope | 13b83fb2-beb4-4533-9e12-4bf9a5721ef5 | | ipv6_address_scope | 13b83fb2-beb4-4533-9e12-4bf9a5721ef5 |
| name | network2 | | name | network2 |
| subnets | d5d68ac3-3eaa-439e-b75b-0e0b2c1d221a | | subnets | d5d68ac3-3eaa-439e-b75b-0e0b2c1d221a |
| | 917f9360-a840-45c1-83a1-2a093bd7b376 | | | 917f9360-a840-45c1-83a1-2a093bd7b376 |
+-------------------------+--------------------------------------+ +-------------------------+--------------------------------------+
Connect a router to each of the tenant subnets that have been created. This #. Connect a router to each of the tenant subnets that have been created, for
example uses a pre-existing router called router1. example, using a router called ``router1``:
.. code-block:: console .. code-block:: console
$ neutron router-interface-add router1 subnet-ip4-1 $ neutron router-interface-add router1 subnet-ip4-1
Added interface 73d832e1-e4a7-4029-9a66-f4e0f4ba0e76 to router router1. Added interface 73d832e1-e4a7-4029-9a66-f4e0f4ba0e76 to router router1.
$ neutron router-interface-add router1 subnet-ip4-2 $ neutron router-interface-add router1 subnet-ip4-2
Added interface 94b4cdb2-875d-4ab3-9a6e-803c3626c4d9 to router router1. Added interface 94b4cdb2-875d-4ab3-9a6e-803c3626c4d9 to router router1.
$ neutron router-interface-add router1 subnet-ip6-1 $ neutron router-interface-add router1 subnet-ip6-1
Added interface f35c4541-d529-4bd8-af4e-1b069269c263 to router router1. Added interface f35c4541-d529-4bd8-af4e-1b069269c263 to router router1.
$ neutron router-interface-add router1 subnet-ip6-2 $ neutron router-interface-add router1 subnet-ip6-2
Added interface f5904a4b-9547-4c08-bc7e-bc5fc71a8db9 to router router1. Added interface f5904a4b-9547-4c08-bc7e-bc5fc71a8db9 to router router1.
Checking connectivity Checking connectivity
_____________________ ---------------------
Boot two vms, instance1 on network1 and instance2 on network2 and give This example shows how to check the connectivity between networks
them floating ip addresses. Adjust security groups to allow pings and with address scopes.
ssh (both IPv4 and IPv6).
.. code-block:: console #. Launch two instances, ``instance1`` on ``network1`` and
``instance2`` on ``network2``. Associate a floating IP address to both
instances.
$ nova list #. Adjust security groups to allow pings and SSH (both IPv4 and IPv6):
+--------------+-----------+---------------------------------------------------------------------------+
| ID | Name | Networks |
+--------------+-----------+---------------------------------------------------------------------------+
| 97e49c8e-... | instance1 | network1=2001:db8:80d2:c4d3:f816:3eff:fe52:b69f, 198.51.100.3, 172.24.4.3 |
| ceba9638-... | instance2 | network2=203.0.112.3, 2001:db8:a583:0:f816:3eff:fe42:1eeb, 172.24.4.4 |
+--------------+-----------+---------------------------------------------------------------------------+
Regardless of address scopes, the floating IPs are pingable from the .. code-block:: console
external network.
$ nova list
+--------------+-----------+---------------------------------------------------------------------------+
| ID | Name | Networks |
+--------------+-----------+---------------------------------------------------------------------------+
| 97e49c8e-... | instance1 | network1=2001:db8:80d2:c4d3:f816:3eff:fe52:b69f, 198.51.100.3, 172.24.4.3 |
| ceba9638-... | instance2 | network2=203.0.112.3, 2001:db8:a583:0:f816:3eff:fe42:1eeb, 172.24.4.4 |
+--------------+-----------+---------------------------------------------------------------------------+
Regardless of address scopes, the floating IPs can be pinged from the
external network:
.. code-block:: console .. code-block:: console
@ -354,15 +335,11 @@ external network.
$ ping -c 1 172.24.4.4 $ ping -c 1 172.24.4.4
1 packets transmitted, 1 received, 0% packet loss, time 0ms 1 packets transmitted, 1 received, 0% packet loss, time 0ms
With just a little bit of routing help, the internal network2 is You can now ping ``instance2`` directly because ``instance2`` shares the
pingable directly because it is in the the same address scope as the same address scope as the external network:
external network.
.. note:: When I wrote this, I didn't have .. note:: BGP routing can be used to automatically set up a static
the BGP routing work available in Neutron. So, I added a static route route for your instances.
manually. However, now BGP is available which could fill the gap but at the
cost of going through all of that setup. How should we handle this in the
docs?
.. code-block:: console .. code-block:: console
@ -376,8 +353,8 @@ external network.
$ ping6 -c 1 2001:db8:a583:0:f816:3eff:fe42:1eeb $ ping6 -c 1 2001:db8:a583:0:f816:3eff:fe42:1eeb
1 packets transmitted, 1 received, 0% packet loss, time 0ms 1 packets transmitted, 1 received, 0% packet loss, time 0ms
The other network is not pingable directly because the scopes do not You cannot ping ``instance1`` directly because the address scopes do not
match. match:
.. code-block:: console .. code-block:: console
@ -391,7 +368,7 @@ match.
$ ping6 -c 1 2001:db8:80d2:c4d3:f816:3eff:fe52:b69f $ ping6 -c 1 2001:db8:80d2:c4d3:f816:3eff:fe52:b69f
1 packets transmitted, 0 received, 100% packet loss, time 0ms 1 packets transmitted, 0 received, 100% packet loss, time 0ms
In general, if address scopes are used and the scope matches between If the address scopes match between
networks then pings (and other traffic) route directly through. If the networks then pings and other traffic route directly through. If the
scopes do not match between networks then the router either drops the scopes do not match between networks, the router either drops the
traffic or it applies NAT to cross scope boundaries. traffic or applies NAT to cross scope boundaries.