User Tools

Site Tools


Set up an IPv6 vRouter on a Service VM in OpenStack + ML2 OVS Environment

Here you will find the steps involved in creating a ServiceVM that acts as an IPv6 vRouter.
In this example, we will be using a CentOS7 image as vRouter (we should be able to use other OS as well) and devstack for OpenStack installation.

Enable port_security extension as the extension_drivers in ml2 configuration file.
Following is a sample configuration of devstack local.conf file.

  disable_service n-net tempest h-eng h-api h-api-cfn h-api-cw
  enable_service q-svc q-dhcp q-meta q-agt q-l3 n-novnc

After successful installation of OpenStack with the above configuration, we shall create the necessary neutron networks/subnets/ports etc.

  cd devstack

Source the tenant credentials.

  source openrc admin demo
  # Create a Neutron router which provides external connectivity.
  neutron router-create router1
  # Create an external network using the appropriate values based on the data-center physical network setup.
  neutron net-create --provider:network_type <flat/vlan> --provider:physical_network <physical-network> --provider:segmentation_id <segmentation-id-if-vlan> --router:external ext-net
  # Configure ipv6_gateway=<LLA-of-upstream-router> in the Neutron L3 agent configuration file.
  # Associate the ext-net to the neutron router.
  neutron router-gateway-set router1 ext-net
  # Create an IPv6 internal network.
  neutron net-create ipv6-internal-network
  # Create an IPv6 subnet in the internal network.
  neutron subnet-create --name ipv6-int-subnet --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac ipv6-internal-network 2001:db8:0:1::/64
  # Associate the internal subnet to a neutron router. 
  neutron router-interface-add router1 ipv6-int-subnet

Now we shall create an isolated network which is the internal network of vRouter.

  # Create an isolated router for the tenant internal network.
  neutron router-create router2
  # Create a Neutron Internal Network.
  neutron net-create tenant-internal-network 
  # Create an IPv4 subnet in the internal network.
  neutron subnet-create --name ipv4-int-subnet tenant-internal-network
  # Associate the router2 to IPv4 subnet created above.
  neutron router-interface-add <router2-id> <ipv4-int-subnet-id>

Mapping this configuration to POC-1.

  ipv6-internal-network and ext-net is the Red colored network.
  tenant-internal-network is the Green colored network.

Lets create two neutron ports one from ext-net and the other from tenant-internal-network for the vRouter VM

  neutron port-create ipv6-internal-network --port-security-enabled=False --name enp0s3-port
  neutron port-create tenant-internal-network --port-security-enabled=False --name enp0s8-port

Download the Centos7 image which is used as vRouter.

  glance image-create --name 'Centos7' --disk-format qcow2 --container-format bare --is-public true --copy-from

Create a keypair.

  nova keypair-add vRouterKey > ~/vRouterKey

Spawn the Centos7 image with two nics (i.e., enp0s3-port and enp0s8-port)

  nova boot --image <Centos7-image-id> –flavor m1.small --nic port-id=$(neutron port-show -f value -F id enp0s3-port) –nic --nic port-id=$(neutron port-show -f value -F id enp0s8-port) --key-name vRouterKey CentOSvRouter

Verify that CentOSvRouter boots up successfully and keypair is injected.

  nova list
  nova console-log CentOSvRouter

After the image boots up successfully, from the router1 namespace, ssh to vRouter using the keypair.

  sudo ip netns
  sudo ip netns exec <router1-namespace> bash
  ssh -i ~/vRouterKey centos@<ip-address-of-the-image>

As a one time job, before we can create the snapshot, execute the steps (i.e., SLAAC setup) mentioned at the following link.

In order to verify that the setup is working, lets create some cirros VMs on the "tenant-internal-network" (i.e., vRouter internal network).

  nova boot --image <Cirros-image-id> --flavor m1.tiny --nic net-id=<tenant-internal-network-id> VM1
  nova boot --image <Cirros-image-id> --flavor m1.tiny --nic net-id=<tenant-internal-network-id> VM2

Confirm that both the VMs have successfully booted up.

  nova list
  nova console-log VM1
  nova console-log VM2

Add the necessary security group ingress rules.

  source openrc demo demo
  # SSH access to the VMs
  neutron security-group-rule-create --direction ingress --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix default
  # Permit IPv6 Router Advts from the vRouter internal interface to the VMs.
  neutron security-group-rule-create --direction ingress --ethertype IPv6 --protocol icmpv6 --port-range-min 134 --remote-ip-prefix fe80::/64 default

SSH to the cirros VMs to check the IPv6 forwarding use-case.

  sudo ip netns
  sudo ip netns exec <router2-namespace> bash
  ssh cirros@<ip-address-of-the-image>
  Note: default password of cirros image would be "cubswin:)"

Verify that Cirros image has an IPv6 address assigned via SLAAC with a prefix of "2001:db8:0:2::/64"

  ip address 
  # verify that default route points to the LLA of enp0s8 interface of vRouter.
  ip -6 route 

Try pinging to the internal router interface of router1 (i.e., 2001:db8:0:1::1/64)

  ping6 2001:db8:0:1::1/64

If all goes well, ping6 should succeed which shows that vRouter is forwarding the IPv6 traffic of instances on the tenant-internal-network.

At this state, we can create a snapshot of the CentOSvRouter and use it in any other similar OpenStack setup.

  nova image-create <CentOSvRouter-id> <Snapshot-name>
  nova image-list #You will find the snapshot you just created above.
ipv6_opnfv_project/ipv6_vrouter.txt · Last modified: 2015/10/16 07:02 by Bin Hu