IPv6 support for IaaS

[garloff]

As IaaS user (= DevOps person), I need a standardized way to expose a VM via IPv6 to the outside world.

Definition of Ready:

• [ ] User Story is small enough to be finished within one sprint
• [ ] User Story is clear and understood by the whole team
• [ ] Acceptance criteria are defined
• [ ] Acceptance criteria are clear and understood by the whole team

Definition of Done:

• [x] #151
• [x] All acceptance criteria are met
• [x] Changes have been reviewed
• [x] CI tests have run successfully
• [x] Documentation has been updated
• [x] Release Notes have been updated

[fkr]

Release Notes need to be updated to feature this in R5

[anjastrunk]

Standard is not there, re-open issue.

[kgube]

I looked into IPv6-Networking in Openstack and tried to adapt the work @cah-patrickthiem did on #167 for IPv6. There are requirements that should apply equally to v4 and v6, such as the requirement for routers or the requirement for security groups on publicly accessible Instances. It might even make sense to create a common networking standard that covers both IP-families.

There are a number of differences though, most notably the absence of NAT and Floating IPs in IPv6. Public IPv6 access from behind a neutron router requires the creation of subnets with publicly routable address-prefixes. There seem to be two supported ways for a provider to provision IPv6 prefixes to tenant-subnets:

1. usage of subnet-pools, which support a quota system and allow tenants to create one or multiple subnets of different sizes within their quota.
2. Prefix-delegation, which uses DHCPv6 to automatically assign prefixes of a provider-determined size to IPv6-subnets.

Which of those two methods to allow/require is an open question, but from my perspective option 1. appears to be more flexible and transparent for the tenant and to also have better Openstack integration.