Case Study - IPv6 Challenges for Cloud Service Providers
-
Upload
manuel-schweizer -
Category
Engineering
-
view
261 -
download
3
Transcript of Case Study - IPv6 Challenges for Cloud Service Providers
Welcome
CaseStudy–IPv6ChallengesforCloudServiceProviders
ManuelSchweizerCEO
Agenda
1. Ini;alSitua;on
2. Ge?ngStarted
3. StatusQuo
4. Lookout
5. Ques;ons
Agenda
1. Ini;alSitua;on
2. Ge?ngStarted
3. StatusQuo
4. Lookout
5. Ques;ons
BackgroundInforma;on
• Founded2014• SwissIaaSProvider• LinuxCloudServers(VMs)• FocusonSimplicity
„ForDevelopersWhoCare“
SaaS
PaaS
IaaS
Lineup
• Ubuntu14.04LTS• OpenStackKilo• BrocadeVDX• NoIPv6
Agenda
1. Ini;alSitua;on
2. GeEngStarted
3. StatusQuo
4. Lookout
5. Ques;ons
Goals
• „Doitright“• EaseofOpera;on• ScalableDesign&Implementa;on• SupportDifferentOpera;ngSystems• ReleasebyMidJune
Brainstorming
• AddressAlloca;on– 1IPv6addressperVM– /64percustomer– /64pervirtualserver
• AddressModes– Sta;c– SLAAC– DHCPv6
Brainstorming
• AddressAlloca;on– 1IPv6addressperVM– /64percustomer– /64pervirtualserver
• AddressModes– Sta;c– SLAAC– DHCPv6
FirstAbempt
• /64perVM• DHCPv6
Let‘sseewherethatgotus...
PrefixAlloca;on
ProblemOpenStackallocatesrandomIPv6addressSolu;onAssigna/64perVMinOpenStack
Scalability
ProblemNo.ofunicastrouteson(our)L3ToRswitchesSolu;onCreatea/48thatcontainsallthose/64s
Source:brocade.com
DefaultGateway
ProblemNorou;nginforma;oninDHCPv6(yet)DHCPv6Drah:hbps://tools.iei.org/html/drah-droms-dhc-dhcpv6-default-router-00BestPrac;ce:hbps://tools.iei.org/html/rfc4861(NDforIPv6)
Solu;onRouteradver;sements(RA)onL3ToRswitches
RouterAdver;sement(RA)
Problem/48prefixinforma;onwith„A“flagsetSolu;onAdver;sewithno-autoconfig=>„A“flagnotset
Source:insinuator.net
TACCase
ipv6 nd prefix 2a06:c01:abcd::/48 infinite infinite no-autoconfig
Process2016-04-05:Caseopened2016-04-06:Escala;on2016-04-07:Confirma;on2016-04-12:Workaround(donotshut/noshut!)2016-04-18:CCEpatchrequired2016-06-07:CCEpatchavailable
SLAAC
ProblemVMiss;lldoingSLAACSolu;onSendRAwith„M“flagset1-bit "Managed address configuration" flag. When set, it indicates that addresses are available via Dynamic Host Configuration Protocol [DHCPv6]. If the M flag is set, the O flag is redundant and can be ignored because DHCPv6 will return all available configuration information.
Source:RFC4861
DNSResolvers
ProblemVMignoresDNSresolversreceivedbyDHCPv6Solu;onSendRAwith„O“flagset1-bit "Other configuration" flag. When set, it indicates that other configuration information is available via DHCPv6. Examples of such information are DNS-related information or information on other servers within the network.
Source:RFC4861
High-Availability
ProblemVMreceivesRAwithrouterlink-localaddressSolu;onSetupHSRP/CARP/VRRP(whynotfe80::1?)anddisablerouterlink-localadver;sement
TACCase(2)
ipv6 vrrp-suppress-interface-ra
Process2016-06-08:Reported2016-06-09:Caseopened2016-06-12:Escala;on2016-06-13:Confirma;on2016-06-13:Workaround(ra-interval/ra-life;me)2016-06-15:CCEpatchrequired
Scalability
Problem~250IPv6addressesperDHCPagentperportSolu;onBacktotheroots:One/64perL2domain+Prefixrou;ngupto/48perVM
Security/Stability
ProblemIssueswithOpenStackandIPv6Solu;onUpgradeOpenStackfromKilotoLiberty
Opera;ngSystems
ProblemLackofpropersupportforDHCPdual-stackSolu;onUbuntu16.04LTS&Debian8auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp # A timing issue prevents the DHCP client from binding to the interface # before DAD has completed. # See: https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1447715 # Workaround: Wait 2 seconds for DAD to complete. pre-up sleep 2
Opera;ngSystems(2)
Solu;onUbuntu14.04auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp # The DHCP agent automatically takes down the link after releasing the # IPv4 address. To avoid hanging for a long time, take the link back up # again to allow the IPv6 address to be released immediately. # See: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1013597 pre-down ip link set dev eth0 up # We need to explicitly accept router advertisements because this gets # disabled by ifupdown. accept_ra 1
Source:bugs.launchpad.net
Opera;ngSystems(3)
Solu;onGoodNewsManymodernOSworkoutofthebox!
CentOS7&Fedora23(base)DEVICE="eth0" BOOTPROTO="dhcp" ONBOOT="yes" TYPE="Ethernet" USERCTL="yes" PEERDNS="yes" IPV6INIT="yes" DHCPV6C="yes" PERSISTENT_DHCLIENT="1"
Agenda
1. Ini;alSitua;on
2. Ge?ngStarted
3. StatusQuo
4. Lookout
5. Ques;ons
StatusQuo
• GAofIPv6atcloudscale.ch– Released2016-06-15– OneIPv6addressperVM– Upto/48routedtothisIPv6address
Demo
LaunchofaVMwithIPv6atcloudscale.ch
Demo
GoalsReached?
• „Doitright“– /64onlink– Routedupto/48
• EaseofOpera;on• ScalableDesign&Implementa;on• SupportDifferentOpera;ngSystems• ReleasebyMidJune
✔
✔✔✔
✔
Agenda
1. Ini;alSitua;on
2. Ge?ngStarted
3. StatusQuo
4. Lookout
5. Ques;ons
Lookout
• ReverseDNS• Automateroutedprefixes• Inves;gateDHCPv6-PD– DHCPv6RelayAgentPrefixDelega;onNo;fica;on
• OurInfrastructure• Security
Agenda
1. Ini;alSitua;on
2. Ge?ngStarted
3. StatusQuo
4. Lookout
5. Ques;ons
Ques;ons
Thankyou!
Iamlookingforwardtoyourfeedback:[email protected]
ThankstoallourSponsors