ipv6_opnfv_project:minutes_20151002
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
ipv6_opnfv_project:minutes_20151002 [2015/10/02 18:18] Bin Hu created |
ipv6_opnfv_project:minutes_20151002 [2015/10/08 15:46] (current) Bin Hu |
||
|---|---|---|---|
| Line 13: | Line 13: | ||
| * Vikram Dham (Dell) | * Vikram Dham (Dell) | ||
| + | We focused on Sprint-1 ODL Gap Analysis and related issues. In summary: | ||
| + | |||
| + | * Sridhar described current ODL issues: | ||
| + | * ODL Lithium SR1 only supports Floating IP addresses for VMs. It currently does not support L3 IPv6 Router. | ||
| + | * We cannot create IPv6 subnet using Neutron REST API in ODL. Although subnet creation appears successful but the necessary OVS flows are not applied on the br-int bridge because there is a Java exception. This is because in ODL, OVSDB NET-VIRT doesn't support IPv6 yet. There is a bug report and workaround of ignoring subnet of IPv6 in external arp resolver (https://git.opendaylight.org/gerrit/#/c/25635/1) to avoid Java exception. But the problem is not solved. | ||
| + | * No support for shared tenant networks. So, each tenant needs to have their own vRouter. | ||
| + | * Mutli-node setup in Spirent Lab is configured with ODL for L2 support and Neutron L3 agent for Routing. | ||
| + | |||
| + | * Sridhar gave an update of Neutron: | ||
| + | * In Neutron + OVS setup, each L3 agent runs and manages the router in a separate namespace | ||
| + | * IPv4/IPv6 Routing uses iptables and not ovsflows. With connection tracking support in OVS, in future this can be enhanced to use the OVS flows instead of IPtables. | ||
| + | * Neutron Rest API only supports /64 IPv6 subnets. | ||
| + | |||
| + | * Hannes talked about Connection Tracking feature added in Kernel, and it needs new BP for Neutron. | ||
| + | * The idea is to get rid of the qrouter, as those currently slow down performance a lot (the current setup traverses two ovs dataplanes and one namespace performing the NAT, masquerading, enforcing security policies and such). The new code can do this directly in openvswitch, thus giving huge performance improvements. | ||
| + | * We need to check what we need to do inside ovs for ipv6, then. | ||
| + | |||
| + | * Hannes also talked about Link local address with MAC address, and enhancement in kernel for us to verify. | ||
| + | * Basically Fedora Kernel does have this feature already. The RFC7217 is available here <https://tools.ietf.org/html/rfc7217> | ||
| + | * It is implemented in the kernel via the sysctls in /proc/sys/net/ipv6/conf/*/stable_secret | ||
| + | |||
| + | # stable_secret - IPv6 address | ||
| + | This IPv6 address will be used as a secret to generate IPv6 | ||
| + | addresses for link-local addresses and autoconfigured | ||
| + | ones. All addresses generated after setting this secret will | ||
| + | be stable privacy ones by default. This can be changed via the | ||
| + | addrgenmode ip-link. conf/default/stable_secret is used as the | ||
| + | secret for the namespace, the interface specific ones can | ||
| + | overwrite that. Writes to conf/all/stable_secret are refused. | ||
| + | |||
| + | It is recommended to generate this secret during installation | ||
| + | of a system and keep it stable after that. | ||
| + | |||
| + | By default the stable secret is unset. | ||
| + | |||
| + | * Currently it is not integrated into NetworkManager etc. in current distributions, but as soon as a new version will be released, it should include stable privacy support: | ||
| + | * https://fedoraproject.org/wiki/Tools/NetworkManager/IPv6#IPv6_Privacy_Extensions | ||
| + | * http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=lr/stable-privacy-rfc7217 | ||
| + | * A specific build with new NetworkManager can be generated for the test lab to test this before a new release. | ||
| + | |||
| + | * We discussed PoC design. It is good for long term, because it should work in this way | ||
| + | * Any feature that is required for OPNFV IPv6 use-cases if found missing in Neutron/ODL, the idea is to propose it upstream in the respective component and track/implement it so that it becomes part of the upstream feature. | ||
| + | |||
| + | * Iben and Jonne work offline on allocating /48 address block and configuring physical IPv6 router | ||
| + | |||
| + | * Iben and Sridhar work offline to address several access issue, such as MTU size, OVS setting, ESXi security setting etc. | ||
| + | |||
| + | <Standing agenda and project plan is as follows> | ||
| * Roll call | * Roll call | ||
| * Admin Update | * Admin Update | ||
ipv6_opnfv_project/minutes_20151002.1443809893.txt.gz ยท Last modified: 2015/10/02 18:18 by Bin Hu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
