How-To

Deploying IPv6-only tenants with OpenStack

Shannon McFarland from Cisco Systems explains how to deploy IPv6-only Neutron networks.

January 20, 2017
image

In this post, I’ll discuss the deployment of IPv6-only Neutron networks for tenant use. A few things to note about IPv6-only instances:

  • IPv6-only works out-of-the-box for basic IP connectivity with OpenStack but you are hosed on the metadata service
  • Many people deploy dual stack in order to overcome the metadata issue
  • The metadata service only supports IPv4
  • An old wish list bug has long expired: https://bugs.launchpad.net/neutron/+bug/1460177
  • Workarounds:
    • Build all/most of what you want inside the image itself
    • Use config-drive

I’m going to use a very basic “config-drive” example here to show how important stuff (metadata) can be injected into an IPv6-only instance. If you don’t know much about config-drive, Red Hat has a reasonable write-up on it. There is tons of info on it; just search. Also, I’m working from the topology of previous blog posts such as my last one on provider networks. I won’t be going over the topology and OpenStack setup here.

In this example, I have a file called “user_data.yaml” (no dependency on the actual file name). There is not much in it; I have a FQDN defined and a key. The only thing I am testing here is whether or not the defined FQDN (v6onlyinstance.example.com) appears in the instance at boot. Here is the output:

[root@c7-os-1]# cat user_data.yaml
#cloud-config
fqdn: v6onlyinstance.example.com
users:
  - name: cloud-user
    ssh-authorized-keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4W4RPlOBiY14iJwW9kd3Chys5bUBjy2VKJkFa5az8JHcVvOh3LO5BHdhc6WryT+blmx9LKGyVSc0rfzSEAfQ91dXJCHuhl5BNk9pLibs3oe8s/1r/vjtxQopKIIGN3PYuisvpZVLeP1kRhddIdLvuZcQm82L4VPUAOzLqbFdhsu/Y2lU5WyiTiI5VNJwwbzzc67BFHz2ov2bdBgCfFWyUQMikiyIrAv5hVcqADv7XAqY4P5sJaOaHAcNcCfMtY8RbtEMSIyw8fey1erY4ZiknTAn/eU52mc18l9xR4CwI9wYqYdpVyiNULRWH9opK30dqhhthgElzCax+WqmxMXGP [email protected]

Now, I boot an instance, enable “config-drive” and point to the “user_data.yaml” file. The instance is set to use a Neutron network that I previously added that has an IPv6 prefix setup (no IPv4):

nova boot --flavor m1.small --image rh7-stateless --key-name new-aio-key --security-groups default --nic net-name=external-net rhv6-only-drive --config-drive true --user-data user_data.yaml

Notice that in the “nova list” output below, the name of the instance is “rhv6-only-drive” (based on me naming it that in the “nova boot” command):

[root@c7-os-1 ~]# nova list
+--------------------------------------+-----------------+--------+------------+-------------+---------------------------------------------------
| ID                                   | Name            | Status | Task State | Power State | Networks                                          
+--------------------------------------+-----------------+--------+------------+-------------+---------------------------------------------------
| 2244a346-a34b-4ab6-905f-71dc207a92e6 | rhv6-only-drive | ACTIVE | -          | Running     | external-net=2001:db8:cafe:16:f816:3eff:feec:3c59 
+--------------------------------------+-----------------+--------+------------+-------------+---------------------------------------------------

Login to the instance (notice that I don’t have to mess with no stinking floating IPs or “ip netns” nonsense! No NAT FTW! ? ):

ssh cloud-user@2001:db8:cafe:16:f816:3eff:feec:3c59

Notice that the hostname is what I set in the “FQDN line” of the “user_data.yaml” file and that the instance only has an IPv6 address. Also, the instance has the domain name “example.com” from the FQDN in the yaml file and a “nameserver” is set (the instance is using Stateless DHCPv6):

[cloud-user@v6onlyinstance ~]$ ip a
. . .
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:ec:3c:59 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:cafe:16:f816:3eff:feec:3c59/64 scope global dynamic
       valid_lft 2591952sec preferred_lft 604752sec
    inet6 fe80::f816:3eff:feec:3c59/64 scope link
       valid_lft forever preferred_lft forever

[cloud-user@v6onlyinstance ~]$ cat /etc/resolv.conf
# Generated by NetworkManager
search openstacklocal. example.com
nameserver 2001:db8:cafe:a::e

[cloud-user@v6onlyinstance ~]$ cat /etc/hostname
v6onlyinstance.example.com

Go ahead, give it a try. You might like IPv6-only. ?

This post first appeared on the Shannon McFarland’s blog. Superuser is always interested in community content, email: [email protected].

By: Remko van Dokkum
 // CC BY

Tags: ,

Shannon McFarland
Latest posts by Shannon McFarland (see all)