赞
踩
refer, Linux 用作 IPv6 网关 http://bigeagle.me/2011/11/linux_as_ipv6_gateway/
https://etherpad.openstack.org/IPV6-Support
l3-agent don't support ipv6- NTP poisoning
IPv6 evolution History
下面三张图依次显示了实现IPv6的三种模型:
1, NAT66, 即仿造现有的OpenStack IPv4实现中的NAT方式
2, ND proxy方式,本文将要叙述的
3, 路由方式,采用动态路由协议交换路由
br-ex: 2001:2:3:45ff:ff:ff:ff:ff/128
in physical router:
ip-6 route add 2001:2:3:4500::/56 via 2001:2:3:4500::1
in l3-agent
ip -6 route add default 2001:2:3:4500::0/56 dev qg-interface ( for every tenant router)
ip -6 route add 2001:2:3:4501::/64 dev gw-tenant1
ip -6 route add 2001:2:3:4502::/64 dev gw-tenant2
ip -6 neigh add proxy 2001:2:3:4501:221:70ff:fec0:ef3f/64 dev gw-tenant1
ip -6 neigh add proxy 2001:2:3:4501::1 dev qg-interface
ip -6 neigh add proxy 2001:2:3:4502::1 dev qg-interface
--------- physical router 2001:2:3:4500::1/56 -------------
. ----------. 2001:2:3:4500::2/56 .---------------.
sixxs | br-ex (qg-interface)
|
*----------*
1) open ipv6 function and install radvd in the l3-agent node to allocate the ipv6 address for VM.
( dhcp-range=tag:br0,::1,::FFFF,constructor:br0, ra-names, 12h
enable-ra )
cat /etc/radvd.conf
interface gw-tenant1 {};
interface gw-tenant2 {
AdvSendAdvert on;
AdvManagedFlag off;
AdvOtherConfigFlag off; # tell client vm if use DHCPv6 to allocate ip.
Prefix 2001:2:3:4502::/64{ # broadcast ipv6 prefix.
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
if useing DHCPv6 to allocate ip, dhcp6s only provide ip, not provide prefix, so it needs to collaborate with radvd:
cat /etc/dhcp6s.conf
interface br-lan {
address-pool pool1 86400;
};
pool pool1 {
range 2001:2:3:4500:aaaa::1 to 2001:2:3:4500:aaaa::ffff ;
}
注意:dnsmasq也是可以代替radvd的,如使用配置(http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html):
dnsmasqra-stateless, dnsmasq发RA广播,并设置O-bit与A-bit这样客户端生成SLAAC地址并使用DHCP检索其他信息
ND协议包中有三个位(Auto, Managed, Other):
这样:
# is prepared for the hardware router in the front of br-ex
ip -6 neigh add proxy 2001:2:3:4501::1 dev br-ex
ip -6 neigh add proxy 2001:2:3:4502::1 dev br-ex
if no haredware router, we can continue to demo this env user radvd.
ifconfig eth0 promisc
how to test,
1) curl --verbose -6http://localhost
2) tcpdump -ni <interface> ip6
noteson openstack ipv6 support (untested)
1, ipv6 support is not activated in /etc/nova/nova.conf, --use_ipv6=True
2, fixed ip,
nova-manage network create--label=myown \
--vlan=2511 \
--fixed_range_v4=10.145.230.0/24\
--fixed_range_v6=2a01:4f8:161:5304::0/64 \
--gateway_v6=fe80::1 \
--num_networks=1
3, floating ip,
nova-manage floating create --pool=v6pool --ip_range=2a01:4f8:161:5304::10--interface=eth0
上面配置了默认路由后,内部网络就可以访问外部网络了,但外网无法得知内网的路由。由于没向ISP申请单独的IPv6块,这里不可能在外网上添加路由,但是:
1,内网与外网同属同一个子网,不可以配置路由向外网广播路由信息包,这样会造成路由混乱。但可以通过proxy_ndp让外网的ndp请求穿过网关。
2,内网与外网不属于同一个子网的话,可以配置路由向外网广播路由信息包,这样就不需要配置proxy_ndp了
注: 路由器是按最大字符长度匹配算法来匹配路由的, 所以前缀相同, 子网长度不同的子网算不同的网段. 所以对于不同子网, 加了路由之后, 下面的就不需要再加ndp_proxy了.
外面发给虚机(2001:2:3:4501:221:70ff:fec0:ef3f/64)的包, 由于前56位是可以路由的,所以先发给br-ex(2001:2:3:4500::2/56),然后br-ex接口所在路由器上没有2001:2:3:4501:221::0/64的转发表,所以它认为该目的IP为
2001:2:3:4500::0/56网络下的主机,直接向2001:2:3:4500::2/56网络组播NS包,ND proxy发现该包是通向自己内部的主机,于是对该NS进行代理 ,将其转发到内部网络2001:2:3:4501:221::0/64中的主机,这样ND proxy就可以获得目的主机的MAC,本地路由器就可以获得ND proxy的MAC,因此,数据包就可以发送到内网虚拟机。
sysctl -w net.ipv6.conf.all.forwarding=1
ip -6 addr add 2001:2:3:4501:221:70ff:fec0:ef3f/64 dev tap1nova-managefloating create --pool=v6pool --ip_range=2a01:4f8:161:5304::10--interface=eth0
Devstack集成
1, 测试环境准备
因为家中是移动宽带,没有公网IP,所以网上的一些ipv6 6to4 tunnel是用不了的。为此将openwrt中的WAN6口删除,然后点击"Network -> Interfaces"菜单配置IPv6 ULA-Prefix=2001:2:3:4500::/56(它会修改配置/etc/config/radvd),并在WAN口中配置IPv6 Setting(Router Advertisement-Service=server mode, DHCPv6-Service
=server mode, NDP-Proxy=disabled [5], DHCPv6-Mode=stateless+stateful)。
这样家中的电脑会获取到类似2001:2:3:4500:c12c:6b76:fa2e:74ee/64的IPv6地址, 同时openwrt的br-lan口会有网关地址2001:2:3:4500::1/60
vi /etc/network/interfaces
allow-ovs br-phy
iface br-phy inet dhcp
ovs_type OVSBridge
ovs_ports eth0
2, devstack配置
#IPv6 tenant network
IP_VERSION=6
IPV6_RA_MODE=slaac
IPV6_ADDRESS_MODE=slaac
FIXED_RANGE_V6=2001:2:3:4500::/64
IPV6_PRIVATE_NETWORK_GATEWAY=2001:2:3:4500::1
HOST_IPV6=2001:2:3:4500:fa32:e4ff:febe:87cd
#IPv6 management network
SERVICE_IP_VERSION=6
SERVICE_HOST=[$HOST_IPV6]
MYSQL_HOST=$HOST_IPV6
3, 环境变量
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://[2001:2:3:4500:fa32:e4ff:febe:87cd]/v2.0
export OS_AUTH_STRATEGY=keystone
4, 问题, memcached中报错:ValueError: Unable to parse connection string: [2001:2:3:4500:fa32:e4ff:febe:87cd]:11211
diff --git a/lib/keystone b/lib/keystone
index 5695004..55b581f 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -490,7 +490,7 @@ function configure_auth_token_middleware {
iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir
- iniset $conf_file $section memcached_servers $SERVICE_HOST:11211
+ iniset $conf_file $section memcached_servers inet6:${SERVICE_HOST}:11211
}
Reference
http://blog.sina.com.cn/s/blog_4afa958f0101cm5z.html
http://www.docin.com/p-1014142107.html
http://blogs.rdoproject.org/7199/journey-of-ipv6-in-openstack
https://cloudbau.github.io/openstack/neutron/networking/2016/05/17/neutron-ipv6.html
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。