--- /dev/null
+==================================\r
+Exercising Service VM as a vRouter\r
+==================================\r
+\r
+There are 3 steps to set up a service VM as a vRouter:\r
+\r
+- Step 1: `Get a service VM running`_\r
+\r
+- Step 2: `Handling Neutron Security Group Feature`_\r
+\r
+- Step 3: `Set up an IPv6 vRouter on the Service VM`_\r
+\r
+***************************\r
+_`Get a Service VM Running`\r
+***************************\r
+\r
+Please click `Set up Service VM`_ page for instructions to get a service VM running.\r
+\r
+.. _`Set up Service VM`: ./setup_service_vm.html\r
+\r
+******************************************\r
+_`Handling Neutron Security Group Feature` \r
+******************************************\r
+\r
+------------------------------\r
+Disable Security Group Feature\r
+------------------------------\r
+\r
+If Open Stack is integrated and running with Open Daylight, we need to completely disable Security Group feature in Open Stack because Open Daylight doesn\92t support it.\r
+\r
+----------------------------------------------------------\r
+Use Neutron ML2 Port Security Extension (Kilo and Liberty)\r
+----------------------------------------------------------\r
+\r
+For Open Stack Kilo or Liberty with ML2 OVS only (without Open Daylight), we need to use Port Security Extension of Neutron and disable Anti-spoofing Rule on the service VM. \r
+\r
+*******************************************\r
+_`Set up an IPv6 vRouter on the Service VM`\r
+*******************************************\r
+\r
+Please click `Set up IPv6 vRouter`_ page for instructions to set up an IPv6 vRouter on a Service VM.\r
+\r
+.. _`Set up IPv6 vRouter`: ./setup_ipv6_vrouter.html\r
+\r
--- /dev/null
+======================================\r
+Set up an IPv6 vRouter on a Service VM\r
+======================================\r
+\r
+| Here you will find the steps involved in creating a ServiceVM that acts as an IPv6 vRouter. In this example, we will be using a CentOS7 image as vRouter (we should be able to use other OS as well) and devstack for OpenStack installation. We need to enable Port Security Extension as the extension_drivers in ML2 configuration file.\r
+\r
+| Following is a sample configuration of devstack local.conf file.\r
+\r
+| **# [[local|localrc]]**\r
+| `DATA_DIR=$DEST/data`\r
+| `SCREEN_LOGDIR=$DATA_DIR/logs`\r
+| `LOGFILE=$SCREEN_LOGDIR/stack.sh.log`\r
+| `ADMIN_PASSWORD=password`\r
+| `MYSQL_PASSWORD=password`\r
+| `RABBIT_PASSWORD=password`\r
+| `SERVICE_PASSWORD=password`\r
+| `SERVICE_TOKEN=token`\r
+| `disable_service n-net tempest h-eng h-api h-api-cfn h-api-cw`\r
+| `enable_service q-svc q-dhcp q-meta q-agt q-l3 n-novnc`\r
+| **# [[post-config|/$Q_PLUGIN_CONF_FILE]]**\r
+| **# [ml2]**\r
+| `extension_drivers=port_security`\r
+\r
+| After successful installation of OpenStack with the above configuration, we shall create the necessary neutron networks/subnets/ports etc.\r
+| `cd devstack`\r
+| `./stack.sh`\r
+\r
+| # Source the tenant credentials.\r
+| `source openrc admin demo`\r
+| # Create a Neutron router which provides external connectivity.\r
+| `neutron router-create router1`\r
+| # Create an external network using the appropriate values based on the data-center physical network setup.\r
+| `neutron net-create --provider:network_type <flat/vlan> --provider:physical_network <physical-network> --provider:segmentation_id <segmentation-id-if-vlan> --router:external ext-net`\r
+| # Configure ipv6_gateway=<LLA-of-upstream-router> in the Neutron L3 agent configuration file.\r
+| # Associate the ext-net to the neutron router.\r
+| `neutron router-gateway-set router1 ext-net`\r
+| # Create an IPv6 internal network.\r
+| `neutron net-create ipv6-internal-network`\r
+| # Create an IPv6 subnet in the internal network.\r
+| `neutron subnet-create --name ipv6-int-subnet --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac ipv6-internal-network 2001:db8:0:1::/64`\r
+| # Associate the internal subnet to a neutron router. \r
+| `neutron router-interface-add router1 ipv6-int-subnet`\r
+ \r
+| Now we shall create an isolated network which is the internal network of vRouter.\r
+| # Create an isolated router for the tenant internal network.\r
+| `neutron router-create router2`\r
+| # Create a Neutron Internal Network.\r
+| `neutron net-create tenant-internal-network`\r
+| # Create an IPv4 subnet in the internal network.\r
+| `neutron subnet-create --name ipv4-int-subnet tenant-internal-network 10.0.0.1/24`\r
+| # Associate the router2 to IPv4 subnet created above.\r
+| `neutron router-interface-add <router2-id> <ipv4-int-subnet-id>`\r
+\r
+| Mapping this configuration to `PoC-1`_.\r
+\r
+.. _`PoC-1`: /ipv6/images/ipv6-poc-1.png\r
+\r
+- `ipv6-internal-network and ext-net is the Red colored network.`\r
+- `tenant-internal-network is the Green colored network.`\r
+\r
+| Lets create two neutron ports one from ext-net and the other from tenant-internal-network for the vRouter VM\r
+| `neutron port-create ipv6-internal-network --port-security-enabled=False --name enp0s3-port`\r
+| `neutron port-create tenant-internal-network --port-security-enabled=False --name enp0s8-port`\r
+\r
+| Download the Centos7 image which is used as vRouter.\r
+| `glance image-create --name 'Centos7' --disk-format qcow2 --container-format bare --is-public true --copy-from http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2`\r
+\r
+| Create a keypair.\r
+| `nova keypair-add vRouterKey > ~/vRouterKey`\r
+\r
+| Spawn the Centos7 image with two nics (i.e., enp0s3-port and enp0s8-port)\r
+| `nova boot --image <Centos7-image-id> \96flavor m1.small --nic port-id=$(neutron port-show -f value -F id enp0s3-port) \96nic --nic port-id=$(neutron port-show -f value -F id enp0s8-port) --key-name vRouterKey CentOSvRouter`\r
+ \r
+| Verify that CentOSvRouter boots up successfully and keypair is injected.\r
+| `nova list`\r
+| `nova console-log CentOSvRouter`\r
+\r
+| After the image boots up successfully, from the router1 namespace, ssh to vRouter using the keypair.\r
+| `sudo ip netns`\r
+| `sudo ip netns exec <router1-namespace> bash`\r
+| `ssh -i ~/vRouterKey centos@<ip-address-of-the-image>`\r
+ \r
+| As a one time job, before we can create the snapshot, execute the steps (i.e., SLAAC setup) mentioned at the following link.\r
+| `https://wiki.opnfv.org/ipv6_opnfv_project/vm_as_router`\r
+\r
+| In order to verify that the setup is working, lets create some cirros VMs on the "tenant-internal-network" (i.e., vRouter internal network).\r
+| `nova boot --image <Cirros-image-id> --flavor m1.tiny --nic net-id=<tenant-internal-network-id> VM1`\r
+| `nova boot --image <Cirros-image-id> --flavor m1.tiny --nic net-id=<tenant-internal-network-id> VM2`\r
+\r
+| Confirm that both the VMs have successfully booted up.\r
+| `nova list`\r
+| `nova console-log VM1`\r
+| `nova console-log VM2`\r
+\r
+| Add the necessary security group ingress rules.\r
+| `source openrc demo demo`\r
+| # SSH access to the VMs\r
+| `neutron security-group-rule-create --direction ingress --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 10.0.0.0/24 default`\r
+| # Permit IPv6 Router Advts from the vRouter internal interface to the VMs.\r
+| `neutron security-group-rule-create --direction ingress --ethertype IPv6 --protocol icmpv6 --port-range-min 134 --remote-ip-prefix fe80::/64 default`\r
+ \r
+| SSH to the cirros VMs to check the IPv6 forwarding use-case.\r
+| `sudo ip netns`\r
+| `sudo ip netns exec <router2-namespace> bash`\r
+| `ssh cirros@<ip-address-of-the-image>`\r
+\r
+| Note: default password of cirros image would be "cubswin:)"\r
+ \r
+| Verify that Cirros image has an IPv6 address assigned via SLAAC with a prefix of "2001:db8:0:2::/64"\r
+| `ip address`\r
+| # verify that default route points to the LLA of enp0s8 interface of vRouter.\r
+| `ip -6 route`\r
+\r
+| Try pinging to the internal router interface of router1 (i.e., 2001:db8:0:1::1/64)\r
+| `ping6 2001:db8:0:1::1/64`\r
+\r
+| If all goes well, ping6 should succeed which shows that vRouter is forwarding the IPv6 traffic of instances on the tenant-internal-network.\r
+\r
+| At this state, we can create a snapshot of the CentOSvRouter and use it in any other similar OpenStack setup.\r
+| `nova image-create <CentOSvRouter-id> <Snapshot-name>`\r
+| `nova image-list #You will find the snapshot you just created above.`\r
+\r
--- /dev/null
+================================================\r
+Set up a Service VM Running as a vRouter (SLAAC)\r
+================================================\r
+\r
+| # Current network setup for IPv6 router VM on local virtualbox setup\r
+| # /etc/sysconfig/network-scripts/ifcfg-enp0s3\r
+| # Network interface enp0s3 is IPv4 for public internet access\r
+| TYPE="Ethernet"\r
+| BOOTPROTO="dhcp"\r
+| DEFROUTE="yes"\r
+| PEERDNS="yes"\r
+| PEERROUTES="yes"\r
+| IPV4_FAILURE_FATAL="no"\r
+| IPV6INIT="yes"\r
+| IPV6_AUTOCONF="yes"\r
+| IPV6_DEFROUTE="yes"\r
+| IPV6_PEERDNS="yes"\r
+| IPV6_PEERROUTES="yes"\r
+| IPV6_FAILURE_FATAL="no"\r
+| NAME="enp0s3"\r
+| UUID="32bad876-680a-4f78-a364-726eae21bfcf"\r
+| DEVICE="enp0s3"\r
+| ONBOOT="yes"\r
+\r
+| # /etc/sysconfig/network-scripts/ifcfg-enp0s8\r
+| # Network interface enp0s8 is IPv6 internal interface to provide IPv6 to internal hosts\r
+| BOOTPROTO=static\r
+| IPV6INIT=yes\r
+| IPV6ADDR="2001:db8:0:2::1/64"\r
+| NAME=enp0s8\r
+| UUID=e931a806-2f76-425d-b035-d37813b81df5\r
+| DEVICE=enp0s8\r
+| ONBOOT=yes\r
+| NM_CONTROLLED=no\r
+\r
+| # Disable NetworkManager\r
+| systemctl disable NetworkManager\r
+\r
+| # Install dhcp.x86_64, dhcp-common.x86_64, radvd.x86_64 if not already installed\r
+| yum install dhcp-common\r
+| yum install dhcp\r
+| yum install radvd\r
+\r
+| # /etc/sysctl.conf Set sysctl to enable IPv6 forwarding\r
+| net.ipv6.conf.all.forwarding=1\r
+| net.ipv6.conf.enp0s3.accept_ra=2\r
+| net.ipv6.conf.enp0s3.accept_ra_defrtr=1\r
+| net.ipv6.conf.enp0s3.router_solicitations=1\r
+\r
+| # /etc/radvd.conf\r
+| interface enp0s8\r
+| {\r
+| # This is the primary "on switch" for RADVD\r
+| AdvSendAdvert on; \r
+| #\r
+| # These settings determine how often advertisements will be sent every X-Y.\r
+| # X and Y are in seconds.\r
+| # With these settings you will be sending a advert every 60 seconds\r
+| #\r
+| MinRtrAdvInterval 60;\r
+| MaxRtrAdvInterval 180;\r
+| #\r
+| # Disable Mobile IPv6 support\r
+| #\r
+| AdvHomeAgentFlag off;\r
+| #\r
+| # Here we set our managed flags\r
+| #\r
+| AdvManagedFlag on;\r
+| AdvOtherConfigFlag on;\r
+| #\r
+| # Enter our IPv6 prefix and CIDR\r
+| #\r
+| prefix 2001:db8:0:2::/64\r
+| {\r
+| AdvOnLink on;\r
+| # On link tells the host that the default router is on the same "link" as it is\r
+| AdvAutonomous on;\r
+| AdvRouterAddr off;\r
+| };\r
+| };\r
+\r
+# Enable radvd service\r
+systemctl enable radvd\r
+\r
+# In /etc/sysconfig/network add\r
+IPV6FORWARDING=yes\r
+\r
+=================================================================\r
+Set up a Service VM Running as a vRouter (DHCPv6 Stateful Server)\r
+=================================================================\r
+\r
+| # Current network setup for IPv6 router VM on local virtualbox setup\r
+| # /etc/sysconfig/network-scripts/ifcfg-enp0s3\r
+| # Network interface enp0s3 is IPv4 for public internet access\r
+| TYPE="Ethernet"\r
+| BOOTPROTO="dhcp"\r
+| DEFROUTE="yes"\r
+| PEERDNS="yes"\r
+| PEERROUTES="yes"\r
+| IPV4_FAILURE_FATAL="no"\r
+| IPV6INIT="yes"\r
+| IPV6_AUTOCONF="yes"\r
+| IPV6_DEFROUTE="yes"\r
+| IPV6_PEERDNS="yes"\r
+| IPV6_PEERROUTES="yes"\r
+| IPV6_FAILURE_FATAL="no"\r
+| NAME="enp0s3"\r
+| UUID="32bad876-680a-4f78-a364-726eae21bfcf"\r
+| DEVICE="enp0s3"\r
+| ONBOOT="yes"\r
+\r
+| # /etc/sysconfig/network-scripts/ifcfg-enp0s8\r
+| # Network interface enp0s8 is IPv6 internal interface to provide IPv6 to internal hosts\r
+| BOOTPROTO=static\r
+| IPV6INIT=yes\r
+| IPV6ADDR="2001:db8:0:2::1/64"\r
+| NAME=enp0s8\r
+| UUID=e931a806-2f76-425d-b035-d37813b81df5\r
+| DEVICE=enp0s8\r
+| ONBOOT=yes\r
+| NM_CONTROLLED=no\r
+\r
+| # Disable NetworkManager\r
+| systemctl disable NetworkManager\r
+\r
+| # Install dhcp.x86_64, dhcp-common.x86_64, radvd.x86_64 if not already installed\r
+| yum install dhcp-common\r
+| yum install dhcp\r
+| yum install radvd\r
+\r
+| # /etc/sysctl.conf Set sysctl to enable IPv6 forwarding\r
+| net.ipv6.conf.all.forwarding=1\r
+| net.ipv6.conf.enp0s3.accept_ra=2\r
+| net.ipv6.conf.enp0s3.accept_ra_defrtr=1\r
+| net.ipv6.conf.enp0s3.router_solicitations=1\r
+\r
+| # /etc/dhcp/dhcpd6.conf\r
+| # DHCP for IPv6 Server Configuration file.\r
+\r
+| # Enable RFC 5007 support (same than for DHCPv4)\r
+ allow leasequery;\r
+\r
+| # IPv6 address valid lifetime\r
+| # (at the end the address is no longer usable by the client)\r
+| # (set to 30 days, the usual IPv6 default)\r
+| default-lease-time 2592000;\r
+\r
+| # IPv6 address preferred lifetime\r
+| # (at the end the address is deprecated, i.e., the client should use\r
+| # other addresses for new connections)\r
+| # (set to 7 days, the usual IPv6 default)\r
+| preferred-lifetime 604800;\r
+\r
+| # T1, the delay before Renew\r
+| # (default is 1/2 preferred lifetime)\r
+| # (set to 1 hour)\r
+| option dhcp-renewal-time 3600;\r
+\r
+| # T2, the delay before Rebind (if Renews failed)\r
+| # (default is 3/4 preferred lifetime)\r
+| # (set to 2 hours)\r
+| option dhcp-rebinding-time 7200;\r
+\r
+| # The path of the lease file\r
+| dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases";\r
+\r
+| # Set preference to 255 (maximum) in order to avoid waiting for\r
+| # additional servers when there is only one\r
+| option dhcp6.preference 255;\r
+\r
+| # Server side command to enable rapid-commit (2 packet exchange)\r
+| option dhcp6.rapid-commit;\r
+\r
+| # The delay before information-request refresh\r
+| # (minimum is 10 minutes, maximum one day, default is to not refresh)\r
+| # (set to 6 hours)\r
+ option dhcp6.info-refresh-time 21600;\r
+\r
+| # Set this to `interim` when doing ddns updates\r
+| ddns-update-style interim;\r
+| \r
+| subnet6 2001:db8:0:2::/64 {\r
+| option dhcp6.name-servers 2001:db8:0:2::1;\r
+| option dhcp6.domain-search "opnfv.local";\r
+| ddns-hostname = concat(binary-to-ascii(10, 8, "-", leased-address), ".wired");\r
+| ddns-domainname = "opnfv.local";\r
+| # Our address range 1000 through 1fff\r
+| range6 2001:db8:0:2::1000 2001:db8:0:2::1fff;\r
+| }\r
+| \r
+| # In /etc/sysconfig/network add\r
+| IPV6FORWARDING=yes\r
+\r
+For reference, refer to `How to set up RADVd DHCPv6 and DNS on CentOS 6`_.\r
+\r
+.. _`How to set up RADVd DHCPv6 and DNS on CentOS 6`: http://www.percula.info/archives/196\r
+\r
Code Review / ipv6.git / commitdiff
