===== Top Down Use Case and Gap Analysis with OpenStack Juno ===== Here are some top down use cases of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF (VM) layer, and its gap analysis with Juno Neutron: ^ Use Case / Requirement ^ Supported in Juno Neutron? ^ Notes | **To-Do** | | All topologies work in a multi-tenant environment | Yes | The tenant's subnets are based on Neutron, with ML2 plugin and Single Flat Network topology, dual-stacked. [[https://review.openstack.org/#/c/102411|DHCPv6 BP]][[http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-radvd-ra.html|IPv6 SLAAC BP]] | | | IPv6 VM to VM only | Yes | Configuration and IPv6 address assignment | | | IPv6 external L2 VLAN directly attached to a VM | Yes | Via Neutron and external router / border gateway. [[http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-provider-nets-slaac.html|UPStream Provider Network BP]] | Verify | | **IPv6 subnet routed via L3 agent to an external IPv6 network** - __(1)__ Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached to VMs; __(2)__ Must be able to support multiple L3 agents for a given external network to support scaling (neutron scheduler to assign vRouters to the L3 agents) | **(1) Roadmap** (2) Yes | The IPv6 support in Neutron L3 router isn't ready yet. Watch Kilo BPs. [[https://review.openstack.org/#/c/142224/|IPv6 Router BP]][[https://review.openstack.org/#/c/98217|Multiple IPv6 Prefixes]]. (2) is supported for scalability. Patches for HA are under review. | | | Ability for a VM to support a mix of multiple IPv4 and IPv6 networks, i.e. across the mix of all the above topologies including multiples of the same type | Yes and **Roadmap** | Dual-stack is supported via Single Flat Network topology. Refer to Kilo Blueprints [[https://blueprints.launchpad.net/neutron/+spec/multiple-ipv6-prefixes| Multiple IPv6 Prefixes]] for support of multiple IPv4 and IPv6 networks | Verify | | **Support DHCPv6 stateful** - __(1)__ including the ability for a user to create a port on an IPv6 subnet and assign a specific IPv6 address to the port and have it taken out of the DHCP address pool; __(2)__ Support the ability to assign multiple IPv6 address to an interface | (1) Yes **(2) Work-in-Progress** | Work-in-progress and expected in **Juno** release. All the IPv6 configuration modes such as SLAAC, DHCPv6 Stateless and DHCPv6 Stateful are expected in Juno release. For (1), see [[https://bugs.launchpad.net/neutron/+bug/1367500|Patch 1]] and [[https://bugs.launchpad.net/neutron/juno/+bug/1377843|Patch 2]]. This is verified by Sridhar. For (2), see [[https://review.openstack.org/#/c/98217/14|BP in Kilo]]. | | | **Should not prevent the ability to support non-DHCP statically assigned IPv6 addresses in the same fashion as is supported for IPv4** | ** No ** | The following patch disables this operation: https://review.openstack.org/#/c/129144/ | | | **Support for private IPv6 to external IPv6 Floating IP** | **Rejected** | See https://review.openstack.org/#/c/139731/ for discussion | | | **Provide IPv6/IPv4 feature parity in support for pass-through capabilities (e.g. SR-IOV support in OpenStack)** as these features are provided in OpenStack | **Roadmap** | Blueprint “[[https://blueprints.launchpad.net/neutron/+spec/manage-sriov-ib-net-config| Managing InfiniBand SR-IOV]]” is pending approval, “[[https://blueprints.launchpad.net/neutron/+spec/ml2-sriov-rate-limit-extension| Traffic Rate Support for SR-IOV NIC]]” is being drafted, and “[[https://blueprints.launchpad.net/neutron/+spec/high-availability-sriov-ports| HA SR-IOV Ports]]” has not started yet. | | | **Additional IPv6 extensions, for example: IPSEC, IPv6 Anycast, Multicast** | **No** | It doesn’t appear to be considered yet | | | **Access to the meta-data server to obtain user data and ssh keys etc.** (may need more of a discussion) | **No** | Metadata (and GRE / VXLAN subnet) still requires IPv4. **An alternate mechanism is to use config-drive**. [[http://openstack.10931.n7.nabble.com/Neutron-cloud-init-IPv6-support-td45386.html|email-thread]] | | | Full support for IPv6 tcp/udp/icmp IPv6 security groups (same as we see for IPv4) | Yes | __(1)__ **Blueprint** “[[https://blueprints.launchpad.net/neutron/+spec/security-group-icmp-type-filter|Support ICMP type filter by security group]]” has not started yet. __(2)__ **Blueprint** “[[https://blueprints.launchpad.net/neutron/+spec/security-group-ipv6-ra-guard|Security group rule for IPv6 RA guard and IPv6 Snooping]]” has not started. Whiteboard responses to BP (1) indicates that it is already supported. | For BP(2), the author was looking at the following feature - IPv6 First-Hop Security| | **During network/subnet/router create, there should be an option to allow user to specify the type of address management they would like**. __(1)__ this includes all options including those low priority if implemented (e.g. toggle on/off router and address prefix advertisements); __(2)__ It must be supported via Neutron API (restful and CLI) as well as via Horizon | Yes and **Roadmap** | The ability to create various types of IPv6 subnets (i.e., SLAAC / DHCPv6 Stateless / Stateful) is supported both using Neutron router and external router. Refer to [[http://specs.openstack.org/openstack/neutron-specs/specs/juno/ipv6-radvd-ra.html#rest-api-impact| various combinations and how to configure Neutron subnets]]. Refer to Blueprints [[https://blueprints.launchpad.net/neutron/+spec/ipv6-prefix-delegation|IPv6 Prefix Delegation ]] and [[https://blueprints.launchpad.net/neutron/+spec/multiple-ipv6-prefixes|Multiple IPv6 Prefixes]] for support of multiple IPv4 and IPv6 networks | | | **Ability to specify Floating IPs via Neutron API (restful and CLI) as well as via Horizon**, including combination of IPv6/IPv4 and IPv4/IPv6 Floating IPs if implemented | **No** | IPv6 Floating IPs will not be supported in Kilo. [[https://review.openstack.org/#/c/139731/|Ref BP]]. Refer to previous item of floating IPv6 functionality being rejected. | | | Ability to control and manage all IPv6 security group capabilities via Neutron/Nova API (restful and CLI) as well as via Horizon | Yes | Refer to previous item of IPv6 security group | |