ipv6 address allocation by country

APNIC IPv6 Allocations

Allocations of IPv6 address space are made to regional Internet registries according to their needs, based on allocation rates they publish. Specifically, RIRs are eligible for further allocations if their available space of existing allocations is less than 50% of a /12 address block, or less than their necessary space for the following 9 months.

Current Space and Eligibility

24-month forecast.

The chart below uses APNIC's current average allocation rate to forecast their available IPv6 space over the next 24 months. This can be used to estimate if APNIC will become eligible to apply for additional IPv6 space in the near future.

Allocations by Status

Status of IPv6 addresses IANA has allocated to APNIC.

Allocations by Country

Total number of IPv6 addresses allocated to network operators by APNIC, grouped by country

Allocations for the Last Six Months

Number of IPv6 addresses allocated by APNIC to their network operators in the last six months.

Fragmented Allocations by Prefix Length

IPv6 address blocks smaller than /32 are considered "fragmented". The chart below shows the number of fragmented blocks held by APNIC.

IPv6 Capable Rate by country (%)

30 day average (19/04/2024 - 18/05/2024)

Date:     Window (Days)

Map Options

IP Address by Country 2024

Every computer or other internet-enabled device (smart TV, cell phone, web server, etc.) on a network must have a unique identifier. Most devices and networks communicate using the TCP/IP protocol, in which each device is identified via a numerical label known as an Internet Protocol address, commonly referred to as an IP address. IP addresses can be either static, meaning a device has the same IP address at all times; or dynamic, meaning the IP address may change from time to time, such as when a device is powered down and restarted. IP addresses are also reusable, meaning if a device no longer requires access to the network, its IP address can be reallocated to a different device.

Top 10 Countries with the most IP (IPv4) Addresses:*

Types of ip address: ipv4 and ipv6 defined and differentiated.

Current IP addresses each follow one of two standards: IP Version 4 (IPv4) or IP Version 6 (IPv6). IPv4, the internet's original IP protocol, uses 32 binary bits to create a single unique address that is expressed by four numbers, each ranging from 0 to 255 and separated by decimals. For example: 104.221.95.92.

By comparison, the newer and more complex IPv6 standard uses 128 binary bits to create a single unique address that is expressed by eight groups of hexadecimal numbers (which include not only the numbers 0-9 but the letters A-F), each ranging from 0 to FFFF and separated by colons. For example: 2001:23F5:B415:2F61:02A2:8C4B:A375:8149.

Why are there two types of IP address?

IP addresses are unique and have a fixed length. Because of these constraints, the number of possible IP addresses that can exist is finite. There are 4,294,967,296 (Nearly 4.3 billion) IPv4 addresses, 600 million of which are reserved and cannot be used for public routing. This limitation caused little concern in the early days of the internet, because of the vast number of IPv4 addresses available. However, the growth of the internet and the proliferation of internet-enabled devices over the following decades made clear that eventually even four billion IP addresses would be too few.

Several new technologies were formulated to stave off the looming shortage of IPv4 addresses, including network address translation (NAT) and Classless Inter-Domain Routing (CIDR). The ultimate solution arrived with the launch of IPv6. While IPv4 was a 32-bit protocol limited to just under 4.3 billion addresses (2 to the power of 32), IPv6 is a 128-bit protocol with nearly 340 undecillion possible addresses (2 to the power of 128), a functionally infinite supply.

IPv4 and IPv6 networks are incompatible with one another. This means, for example, that a cell phone with an IPv4 address could not access a website stored on a web server that used only IPv6. However, the vast majority of modern devices and operating systems are capable of connecting to the internet via either protocol. At present, IPv4 is still the dominant protocol, thanks to this ongoing device-level support and the presence of more than 4 billion already-allocated IPv4 addresses. However, IPv6 is expected to overtake it at some point in the future.

Per-country allocations of IP addresses around the world

The Internet Assigned Numbers Authority (IANA) is the organization charged with distributing all non-reserved IP addresses to the world. This process is executed using a nested system in which increasingly smaller satellite agencies allocate the IPs to increasingly smaller territories. The IANA performs the first allocation, distributing IP addresses to Regional Internet Registries (RIRs) in five broad regions (which roughly correspond to the continents.

Regional Internet Registries perform the second round of allocations, doling out the IPs to each individual country's National Internet Registry (NIR). The NIRs then allocate the IPs to smaller Local Internet Registries (LIRs), which allocate them to Internet Service Providers (ISPs), which allocate them to individual users and devices. In-use IPs are classified as utilized . In countries that lack local registries, the national registries allocate directly to the ISPs.

Global ISP Allocation Regions (all data IANA 2022/09):

The number of addresses allocated to a given country does not necessarily correlate with that country's population numbers. Rather, it is more closely tied to each country's need for IP addresses. As a rule, countries that have high incomes , are more developed , or show a high level of innovation and technological advancement have more robust internet infrastructure and a larger number of smart devices, websites, and other internet-based businesses—which translates to greater need for IP addresses—than do low-income and middle-income countries that are still developing .

Countries with the largest (and smallest) allocations of IPv4 addresses

Of the more than 4 billion IPv4 addresses in existence, 1,541,605,760 (about 35.9% of the total number) are allocated to the United States . This is far and away the highest number allocated to any country. Using population metrics from 2012 (the year after the IANA allocated the final IPv4 addresses to various regional registries), this corresponds to roughly 4,911 IP addresses per 1,000 people.

China has the second-highest number of IPv4 addresses at 330,321,408, about 7.7% of the total number in existence. China is followed by Japan with 202,183,168 and the United Kingdom with 123,500,144. Germany has the fifth-highest number of IPv4 addresses with 118,132,104.

Vatican City , which has the smallest population of any sovereign state, has 17,920 IPv4 addresses. This equates to 21,435 IP addresses per 1,000 people (because Vatican City has fewer than 1,000 citizens).

What are bogons?

Factored into the 4.294 million existing IPv4 addresses are millions on bogon (short for "bogus logons") addresses, which are IP addresses that are either inaccurate or which have not yet been assigned by an ISP. Most Internet service providers and firewalls filter out bogons, which are typically created either on accident by misconfigured networks or deliberately by would-be hackers.

Finally, IP addresses are not to be confused with domain names , a similar-but-different identifier that can help pinpoint the country of origin of a website.

• IPv4 allocation totals are final, as all possible IPv4 addresses have been assigned to various national NIRs. Although existing IPv4 addresses may be recycled on a local or national level, they will not be reallocated to other countries.
• The % column indicates the percentage of the total global number of IPv4 addresses each country has been allocated.
• IPv6 addresses are allocated in ""/32"" blocks which can include thousands, millions, or billions of individual addresses depending upon how they are implemented. As such, the totals shown indicate blocks allocated, not individual addresses.
• IPv6 numbers shown are total allocations from all regions combined. For example, Albania has received 606 IPv6 allocations from RIPE NCC, but also 1 from APNIC, for a total of 607 allocations.
• IPv6 address totals shown include only those blocks that had been assigned to individual countries' NIRs as of August 2022. For full IPv6 allocations per region, see the table in the body text.

Download Table Data

Enter your email below, and you'll receive this table's data in your inbox momentarily.

How can I tell what country an IP address is from?

Frequently asked questions.

• Internet IP Address 2024 Report - IP2Locations
• RIPE NCC IPv6 Allocations - IANA
• LACNIC IPv6 Allocations - IANA
• ARIN IPv6 Allocations - IANA
• APNIC IPv6 Allocations - IANA
• AFRINIC IPv6 Allocations - IANA
• Number Resources - Internet Assigned Numbers Authority
• IPv6 and IPv6 Addresses - IPCisco
• List of countries by IPv4 Address Allocation - Wiki
• Global Policy for Post Exhaustion IPv4 Allocation Mechanisms by the IANA | (Ratified 6 May 2012) - ICANN
• IPv4 Address Exhaustion - Wiki
• IPv6 deployment - Wiki
• What Is an IP Address? - Avast
• IPv4 and IPv6 address formats - IBM
• Bogon - CyberHoot
• Bogon Filtering - Wiki

IP Address Ranges by Country

This page displays the complete IPv4 address ranges organized by country. There are 249 countries listed below, and each link will bring you to a new page containing the respective IP address ranges.

If you are interested to learn more about the ranking of IP addresses allocated for each country, please visit IP Address Reports for details.

Afghanistan

Aland Islands

American Samoa

Antigua and Barbuda

Bolivia (Plurinational State of)

Bonaire, Sint Eustatius and Saba

Bosnia and Herzegovina

Bouvet Island

British Indian Ocean Territory

Brunei Darussalam

Burkina Faso

Cayman Islands

Central African Republic

Congo (Democratic Republic of the)

Cook Islands

Cote d'Ivoire

Dominican Republic

El Salvador

Equatorial Guinea

Falkland Islands (Malvinas)

Faroe Islands

French Guiana

French Polynesia

Guinea-Bissau

Iran (Islamic Republic of)

Isle of Man

Korea (Democratic People's Republic of)

Korea (Republic of)

Lao People's Democratic Republic

Liechtenstein

North Macedonia

Marshall Islands

Micronesia (Federated States of)

Moldova (Republic of)

Netherlands

New Caledonia

New Zealand

Norfolk Island

Northern Mariana Islands

Palestine, State of

Papua New Guinea

Philippines

Puerto Rico

Russian Federation

Saint Barthelemy

Saint Helena, Ascension and Tristan da Cunha

Saint Kitts and Nevis

Saint Lucia

Saint Martin (French Part)

Saint Pierre and Miquelon

Saint Vincent and the Grenadines

Sao Tome and Principe

Saudi Arabia

Sierra Leone

Sint Maarten (Dutch Part)

Solomon Islands

South Africa

South Georgia and the South Sandwich Islands

South Sudan

Svalbard and Jan Mayen

Switzerland

Syrian Arab Republic

Taiwan (Province of China)

Tanzania, United Republic of

Timor-Leste

Trinidad and Tobago

Turkmenistan

Turks and Caicos Islands

United Arab Emirates

United Kingdom of Great Britain and Northern Ireland

United States of America

United States Minor Outlying Islands

Venezuela (Bolivarian Republic of)

Virgin Islands (British)

Virgin Islands (U.S.)

Wallis and Futuna

Ready to Get Started?

Sign up now and you will be able to access ALL IP databases for FREE!

No hidden costs. No credit card required.

Geolocate Your Visitors Location

Enhance your applications with essential geolocation data by using our FREE databases.

IP Address Allocation by Country

This document was generated automatically on Sun May 19 03:30:46 UTC 2024.

For information on the sources behind the data, please see the project repository on github .

Network block overlap: ARIN allocated 192.175.48.0/24 and IANA reserved 192.175.48.0/24. Resolved. Removed reserved block from ARIN.

Network block overlap: APNIC reserved 198.51.100.0/24 and IANA reserved 198.51.100.0/24. Resolved. Removed reserved block from APNIC.

Network block overlap: APNIC reserved 203.0.113.0/24 and IANA reserved 203.0.113.0/24. Resolved. Removed reserved block from APNIC.

Timestamps of resources:

• Skip to primary navigation
• Skip to main content
• Skip to primary sidebar
• Skip to custom navigation
• Infoblox Threat Intel
• BloxOne® Applications

Infoblox Community

• Partner Portal

Why Infoblox

Market Leadership

Networking Products Core network services including DNS, DHCP and IPAM (DDI)

Security Products Foundational security for anywhere protection

Automation Products Tools to streamline modern networking and security

BloxOne ® DDI Simplify networking with automated, cloud-managed DNS, DHCP and IPAM

Data Center | Cloud

NIOS DDI Unify DNS, DHCP and IPAM for complex, on-premise networking

BloxOne ® Threat Defense Quickly deploy hybrid DNS-layer security everywhere

Threat Intelligence Leverage better DNS and multi-sourced threat intel to improve your total security stack

Advanced DNS Protection Protect enterprise DNS infrastructure to ensure maximum uptime

Cybersecurity Ecosystem Automate SecOps response and efficiency with advanced integrations

Cloud Network Automation Centrally manage core network services and security

Unified Network View Enhance security and efficiency with Network Insight

Global Load Balancing Optimize application performance

Reporting and Analytics Easily analyze your network and automate compliance

IP Address Management for Microsoft Plug the gaps and extend your investment in Microsoft IPAM

Network Automation and Compliance Simplify and streamline multi-vendor network management with NetMRI

Initiative Solutions for key challenges

Technology Key tools and integrations

Industry Vertical market solutions

Job Function Solutions overview by role

Multi-Cloud Networking Transform hybrid, multi-cloud management of critical network services such as DNS and IPAM

SaaS-Enabled Enterprise Secure cloud-managed, cloud-native network services for distributed enterprises

On-Premises + Cloud-Managed Networking Uniting enterprise grade and cloud native core networking services for the hybrid enterprise

Hybrid Workplace Speed your transition to a secure, multi-cloud organization to support your hybrid workforce

Cybersecurity Frameworks Satisfy requirements for leading security best practices

Secure Edge Services Deliver new cloud-managed networking and security services anywhere

IT Compliance Simplify management of regulatory compliance requirements

Technology Optimization

Accelerate Office 365 performance Ensure fast, reliable user experiences

Secure IoT Protect devices across IoT environments

Deploy IPv6 Set your network foundation up for success

Optimize SD-WAN Use cloud-managed DNS, DHCP and IPAM for better ROI

Support Encrypted DNS Offer DoT/DoH services while maintaining security and performance

Key Integrations

Networking Easily integrate, orchestrate and automate with top networking providers and tools

Security Make your entire security stack more effective with rich APIs and integrations

Healthcare Simplify, control and secure vital healthcare services

Higher Education Improve network performance while reducing costs

Public Sector Scale and secure distributed networking for all

• Public Health & Human Services
• State & Local

Service Providers Deliver modern core network services and security

• Mobile Providers
• Cable and Broadband
• Managed Service Providers
• Subscriber Services

NetOps Unify DNS, DHCP and IPAM and simplify complex networking

DevOps Use automation and advanced integrations to streamline operations

SecOps Leverage automation and multi-source intelligence to stop threats faster

CIO/CISO Optimize your workforce productivity with a SaaS-enabled enterprise

Support Overview

Customer Support Portal

Technical Account Manager

COVID-19 Support Update

Customer Success

Customer Success Management

Professional Services

Education Services

Cloud Services

Cloud Services Portal (CSP)

Cloud Services Status

Developer Portal

Analyst Reports

Customer Case Studies

Deployment Guides

Evaluations

Live Events & Webinars

Infographics

Solution Notes

On-demand Webinars

Whitepapers

About Infoblox

Diversity & Inclusion

Environmental, Social, and Governance Policy

About Infoblox Partners

Technology Alliance Partners

• Infoblox for Microsoft
• Infoblox for AWS

Managed Services Partners

News and Events

Company Blog

In the News

Press Releases

Home / IPv6 CoE / IPv6 Prefix Allocation Methods – Part One (of Two)

IPv6 Prefix Allocation Methods – Part One (of Two)

December 6, 2019

 Introduction

So, let’s suppose that you’ve been allocated a block of IPv6 addresses. If it’s your primary allocation, I’m hopeful that you’ve both encountered and taken to heart one critical address planning principle. This principle recommends that your primary allocation be sufficiently large enough to meet your addressing needs for the next several decades – say, 20-50 years. And chances are, that timeframe exceeds the likely lifespan of the Internet Protocol. (If you haven’t yet obtained an IPv6 allocation you can learn more about how to do so from ARIN’s website .)

This blog deals with the most familiar methods available for assigning subsets of address space from that primary allocation. And of course the same methods will continue to work when assigning space from within those subsets of assigned space as well (wheels within wheels!). These methods will work for any IPv6 allocation size (though as we will see as we explore the different allocation methods, some of them make more sense to use with larger allocations and some with smaller).

You’re likely already familiar with this process of assigning address blocks from your work with IPv4. But chances are due to the natural constraints on the availability of IPv4 address space, you may not be as familiar with a couple of the more commonly used address assignment methods the abundance of IPv6 address space allows for.

Four Common IPv6 Assignment Methods

Let’s begin with defining four common IPv6 prefix assignment methods. They are:

• Next available

To demonstrate how each of these methods works, I’m going to pick different allocation sizes. These sizes range from a /64 up to and including our primary allocation (the one we would get from a Regional Internet Registry or ISP to meet all of the IPv6 addressing needs for our entire network). If we’ve been paying attention to proper IPv6 address planning principles, we might hope that our overall primary allocation has a couple of beneficial characteristics. I’ve already mentioned that our primary allocation needs to be sufficiently large to accommodate the growth of our network more or less indefinitely.

Another beneficial characteristic would be that our primary allocation falls on a nibble boundary . It should probably also go without saying that such an allocation won’t be smaller than the smallest legally assignable prefix in IPv6 of a /64 nor larger than the largest allocation we’re likely to receive from a Regional Internet Registry. This largest size might vary but from personal experience wouldn’t likely be greater than an IPv6 /24.

Somewhere in between these largest and smallest allocations lies the /48, which we should recognize as significant for being both the recommended baseline size for a particular site within our network as well as for being the smallest Internet-routable prefix size . In my book, IPv6 Address Planning , I make a distinction between something I rather blandly referred to as inter-site vs. intra-site planning and this, in the briefest of nutshells, is the distinction between handing out address blocks from our primary allocation (something larger than a /48 if our network has more than one site – and nearly all networks requiring the architecture, engineering, and administration that keep us employed typically do) and handing out address blocks from within a single /48.

While any of our address allocation methods would theoretically work for either intra-site or inter-site planning, we’ll soon see which particular methods are more commonly used for each type of planning.

With all that in mind, let’s return to defining the first of our most common IPv6 address assignment methods.

Next Available

This method is alternatively referred to as sequential or  monotonic.  It’s best demonstrated by beginning with an allocation that is subsequently divided into smaller prefixes of identical size. For the purposes of making our example practical, we’ll start with the smallest nibble-boundary-aligned prefix that doesn’t directly go on an interface – which would be (and here we pause for an exercise briefly left to the reader)…

….that’s right, a /60! Hopefully, you’ve gotten familiar enough with your nibble math at this point that you recognize that a /60 provides you with…

…again correct, 16 /64s for interface assignment!

You may have noticed from the example above; this method doesn’t presume any particular order or organization of the elements needing a prefix assignment. It simply dictates that whatever element needs a prefix of a particular size (in this case, a /64) from a particular larger allocation (in this case, a /60) gets the next available prefix from the list of available prefixes.

Note that if I were actually numbering VLANs, I might wish to use a scheme that aligns the VLAN number to the prefix being assigned. If my network configuration uses extended VLANs at least 4094 unique /64 prefixes I would be need to map them all to specific VLANs. This would require at least a /52, which in turn would provide 4096 /64s.

Obviously, with this method it helps if you can easily convert hexadecimal to decimal, something which may pose challenges to your operations teams. Alternatively, by using a /48, no hexadecimal to decimal conversion would be necessary. For example:

A caveat with this approach is that one is consuming only 6% of the /48 for that particular application. Of course, we could use the remaining prefixes in an ad-hoc fashion (especially where IPAM can help keep track of them). Even if we don’t assign any prefixes beyond the 6% for extended VLANs, there is no requirement to avoid this method to conserve IPv6 address space.

For this example, I picked on one of the smallest prefixes allowing for subsequent, more granular subnet assignments (i.e., /60 -> /64), but of course this method works just as well with larger prefix allocations. For example, a RIR might assign a /44 to a small enterprise with 12 or fewer sites.

Another way to visualize this and other allocation methods is by using a pie chart:

Reserving Zero Prefixes

Incidentally, you probably noticed that in the above allocation examples, I didn’t use the first available prefix for an actual assignment but instead marked it as reserved . There are two beneficial reasons for this. The first is that it avoids potential confusion between two prefixes that share the exact same label but differ in size. For example, in standard zero compressed format:

Without referencing the CIDR notation, I can’t immediately determine whether I’m looking at the entire block (i.e., 2001:db8:2110::/44) or merely the second available prefix from it (i.e., 2001:db8:2110::/48). We network engineering types naturally pride ourselves on our precision and accuracy. But we’ve also likely got the operational battle scars from middle-of-the-night outages. Those outages where, in spite of our best precision-and-accuracy intentions, we misread one prefix for another. By not using the first subnet from each larger block, we can entirely avoid any such confusion.

The second beneficial reason to reserve the first available prefix is a bit more direct. When labeling things, it’s convention to start enumerating them from “1”. By not using the first available prefix from the larger allocation (which will always end in “0”), we’ll always start assigning prefixes beginning with “1”.

That’s it for part one! Next time we’ll cover the remaining IPv6 prefix allocation methods sparse , best fit , and random .

Thanks for reading!

Tom Coffeen (@ipv6tom) is a co-founder of  HexaBuild , an IPv6 consulting and IPv6 training company. Tom is the author of  IPv6 Address Planning  on O’Reilly Media. You can follow HexaBuild on  Twitter  and  LinkedIn .

• IPv6 address planning

Tom Coffeen

Co-founder of hexabuild.io.

Tom Coffeen is a network engineer, architect, and author with over twenty years of internetwork design, deployment, administration, and management experience. Tom co-founded HexaBuild, an IT consultancy specializing in the advancement of cloud, IoT, and security deployment best practices through IPv6 adoption. Prior to co-founding HexaBuild, Tom was an IPv6 Evangelist and a Distinguished Architect at Infoblox. Before that Tom was the VP of network architecture at the global CDN Limelight Networks where he led their deployment of IPv6. He is also the author of O’Reilly Media’s IPv6 Address Planning.

You might also be interested in

The IPv6 Prefix Information Option or Fun with the L Flag

By Ed Horley

The Odd History of Provisioning an IPv6 Address on a Host

Back to Basics – The IPv6 Address Types – part 3

Back to Basics – The IPv6 Address Types – part 2

Back to Basics – The IPv6 Address Types

IPv6 Prefix Allocation Methods - Part Two

By Tom Coffeen

IPv6 Projects and “The Human Element”

By Steve Rogers

Call us today

1.800.856.5960, exploring ip address blocks by country: a comprehensive guide.

• No Comments

• Your Address

Database Dump

You can download individual csv files or the entire database. These downloads are huge, please be patient. The smallest file is the JSON download because it only contains the bare minimum.

IP Version 4

Ip version 6.

We do provide full lists in different formats

This is a structured list in JSON format for easy processing in most programming languages.

This list is formatted in a way that most peer to peer applications want.

Red Hat OpenShift 101 for OpenStack admins: Configuration

In the previous post , we oversaw the required  Red Hat OpenShift Container Platform   operators , their roles, and the format used to create the  Red Hat OpenStack Services on OpenShift (RHOSO) control plane. In this article, let’s review the deployment process.

We’ll base our observations on the Development Preview 3 code from  https://github.com/rh-osp-demo/dp-demo/ .

Let’s begin with the OpenStack Operator.

The OpenStack Operator

The OpenStack Operator consists of three parts (a CatalogSource , an OperatorGroup , and a Subscription ), each defining a different resource for managing Operators within an OpenShift/ Kubernetes cluster using the Operator Lifecycle Manager (OLM). The resources aim to set up an Operator for OpenStack, likely for managing OpenStack services within the cluster, are as follows:

These resources collectively set up an environment where the OpenStack Operator is available to be installed in the  openstack-operators namespace. The CatalogSource provides the metadata about available operators, including the OpenStack Operator, sourced from a specified image. The OperatorGroup defines the scope within which the Operator can operate, and the Subscription triggers the installation and management of the OpenStack Operator according to the specified channel and source catalog.

Let’s focus on the CatalogSource part:

• name: openstack-operator-index  - The name of the CatalogSource .
• namespace: openstack-operators - The namespace where the CatalogSource is created.
• sourceType: grpc   - Indicates that the catalog source uses gRPC to serve the index of available operators.
• secrets: A list of secrets, in this case, osp-operators-secret , that might be used by the catalog source, potentially for accessing private repositories.
• gprcPodConfig : Contains configuration specific to the pod serving the gRPC requests.
• securityContextConfig: legacy - Specifies a security context configuration for the pod. The exact meaning of "legacy" can depend on the cluster configuration.
• image : The container image URL for the operator index image, which should be adjusted to match the environment. This image hosts metadata about the operators available for installation, including the OpenStack operator.

Network isolation

Now that the operator is installed, let’s prepare the networking for the control plane, then the data plane.

First, we’ll work with the NNCP file used to configure the data plane network, which will configure the topology for each data plane network. It looks like the following ( source file ):

This YAML file defines a  NodeNetworkConfigurationPolicy for use with the NMState Operator in an OpenShift or Kubernetes environment. The policy specifies desired network configurations for nodes that match the defined nodeSelector. Here's a breakdown of the key components:

• apiVersion : Specifies the version of the NMState API used.
• kind : Identifies the resource type as NodeNetworkConfigurationPolicy , indicating that it's a policy for configuring network interfaces on nodes.
• name : The name of the policy, osp-enp1s0-worker-ocp4-worker1 , uniquely identifies it within the namespace.
• The first three are VLAN interfaces (type:  vlan ) with the names  enp1s0.20 , enp1s0.21 , and enp1s0.22 . Each interface is configured with a static IPv4 address ( 172.17.0.10/24 ,  172.18.0.10/24 , 172.19.0.10/24 , respectively) and specifies that IPv6 is disabled. DHCP is also disabled for IPv4, and each interface is brought to the up state. They are all based on the parent interface  enp1s0 and have VLAN IDs 20, 21, and 22, respectively.
• The fourth interface configuration applies to  enp1s0 itself, setting it as an Ethernet interface (type: ethernet ) with a static IPv4 address 172.22.0.10/24 , DHCP disabled, and IPv6 disabled. The interface is also set to the up state with an MTU of 1500.
• nodeSelector : Specifies a node's criteria for the policy to be applied. In this case, it selects a node with the hostname ocp4-worker1.aio.example.com with a worker role.

This policy aims to configure multiple VLANs on a specific worker node's enp1s0 interface in an OpenShift or Kubernetes cluster, assigning static IPv4 addresses to each VLAN and the parent interface. It effectively segregates network traffic into different VLANs for purposes such as separating internal API traffic, storage traffic, and tenant traffic, while also configuring the parent interface for another network segment. The policy targets a specific node identified by its hostname and role, ensuring that these configurations are only applied to the intended node.

NetworkAttachDefinition (NAD) file

This YAML snippet defines a  NetworkAttachmentDefinition object, part of the Kubernetes Network Custom Resource Definition (CRD) framework enabled by the Multus CNI plugin. This CRD is used to create multiple network interfaces in a Kubernetes pod. We will configure a NAD resource for each isolated network to attach a service pod to the network:

Let’s look at it: 

• apiVersion: k8s.cni.cncf.io/v1 : Specifies the API version for the CRD. The  k8s.cni.cncf.io/v1 indicates it's related to the CNI (Container Network Interface) plug-ins managed under the CNCF (Cloud Native Computing Foundation).
• kind: NetworkAttachmentDefinition : This tells Kubernetes that the defined resource is a  NetworkAttachmentDefinition , which Multus uses to understand how to attach secondary networks to pods.
• name: ctlplane : The name of the NetworkAttachmentDefinition , which will be referenced by pods that want to use this network configuration.
• namespace: openstack : Specifies the namespace where this NetworkAttachmentDefinition is created, indicating it's intended for use by pods running in the openstack namespace.
• cniVersion : The version of the CNI specification to use.
• name : A name for this specific network configuration.
• type : Specifies the CNI plug-in to use, in this case, macvlan, which allows a Kubernetes pod to have a unique MAC address via a parent host interface.
• master : The master interface on the host that the macvlan interface will be created on top of. Here, it's  ens224.4 , indicating a VLAN interface.
• type : The type of IPAM plugin to use, here whereabouts, which supports assigning IP addresses across multiple host nodes, avoiding IP address conflicts.
• range : The CIDR range from which IP addresses will be allocated.
• range_start ,  range_end: Define the start and end of the IP allocation pool within the specified range.

NMState resources

As described earlier, we must define IP address pools and L2 advertisements for the NMstate Operator. We must create an IPAddressPool resource to specify the range of IP addresses MetalLB can assign to services. Let’s have a look at our  osp-ng-metal-lb-ip-address-pool . It contains several entries, one per IP address pool we define. Let’s just pick one to detail, the ctlplane one:

What do we have:

• apiVersion: metallb.io/v1beta1 : Specifies the API version of MetalLB being used.
• kind: IPAddressPool : Denotes the kind of Kubernetes resource. Here, IPAddressPool is a resource type provided by MetalLB for defining a pool of IP addresses.
• namespace: metallb-system : Specifies the namespace where the resource is located. MetalLB's resources typically reside in a dedicated namespace, metallb-system , isolated from other workloads.
• name: ctlplane : The name of the IPAddressPool resource. This name is used to identify the pool within the MetalLB configuration.
• addresses : Lists the IP address ranges that MetalLB can allocate to LoadBalancer services.
• - 172.22.0.80-172.22.0.90 : Defines a specific range of IP addresses (from 172.22.0.80 to 172.22.0.90 ) that MetalLB is allowed to assign. This range should be within the network subnet accessible by the cluster and not used by other devices or services to avoid IP conflicts.

As we are using MetalLB in Layer 2 mode, define an L2Advertisement resource. This tells MetalLB to advertise the IP addresses from your network's specified pool(s). 

Let’s have a look at our  osp-ng-metal-lb-l2-advertisement YAML file. It contains several entries, let’s just pick the one relevant to ctlplane :

Here's a succinct explanation of its contents:

• apiVersion: metallb.io/v1beta1 : Specifies the version of the MetalLB API being used.
• kind: L2Advertisement : Indicates the resource type, an L2Advertisement . This type controls how MetalLB advertises IP addresses to the local network.
• name: ctlplane : The name of the L2Advertisement resource.
• namespace: metallb-system : The namespace where the resource is deployed, typically MetalLB's dedicated namespace.
• ipAddressPools : Lists the names of the IP address pools that MetalLB should advertise. In this case, it references the IPAddressPool ctlplane , which we defined earlier.
• interfaces : Specifies which network interfaces MetalLB should use to advertise IP addresses. Here, it's configured to use the interface named  enp1s0 .

This file tells MetalLB to advertise IP addresses from the  ctlplane IP address pool over the  enp1s0 network interface, making these IP addresses reachable on the local network through standard L2 networking mechanisms (ARP for IPv4, NDP for IPv6).

Let’s regroup what we have seen so far before we keep deploying our OpenStack Control Plane. When deploying MetalLB, you first apply the MetalLB resource to install MetalLB itself. Then, you define one or more  IPAddressPool resources to specify the range of IPs MetalLB can manage. Finally, you use  L2Advertisement resources to control the advertisement of these IPs on your network in Layer 2 mode.

MetalLB and NAD ( NetworkAttachmentDefinition ) serve different purposes. MetalLB is used to expose Kubernetes services of type LoadBalancer externally, allowing them to be accessible from outside the Kubernetes cluster. It's particularly useful in bare-metal environments where you don't have a cloud provider to provision external load balancers automatically. 

NAD with Multus allows for attaching additional network interfaces to pods. This is useful in scenarios where pods need to communicate over different networks or require specific network configurations that the default Kubernetes network doesn't provide.

In essence, MetalLB simplifies external access to services, while Multus and NAD enhance pod networking capabilities within the cluster.

Data plane network configuration

The data plane network configuration file will configure the topology for each data plane network. Its YAML file contains a  NetConfig header and then various network sub-sections, each defining a network to expose to the data plane network. 

Here is an extract of this sample configuration file:

The YAML snippet defines a custom resource named  NetConfig under the API group network.openstack.org/v1beta1 . This is not a standard Kubernetes API group, which implies it's part of a specific operator that extends OpenShift functionality related to integrating OpenStack networking capabilities with Kubernetes.

Here's a breakdown of what this YAML does:

• apiVersion: network.openstack.org/v1beta1 : Specifies the version of the API that the resource definition is compatible with. This is a custom resource definition (CRD) related to OpenStack networking under the v1beta1 version.
• kind: NetConfig : This indicates the type of the resource. The resource is used to configure how networking should be set up within for OpenStack-managed resources within Kubernetes.
• name: openstacknetconfig : The name of the NetConfig resource.
• namespace: openstack : This resource is in the openstack namespace.
• name: ctlPlane : Specifies the name of the network. It refers to a control plane network used for management and orchestration traffic in OpenStack.
• dnsDomain: ctlplane.aio.example.com : Defines the DNS domain used for the network.
• name: subnet1 : The name of the subnet.
• From 172.22.0.100 to 172.22.0.120
• From 172.22.0.150 to 172.22.0.200
• cidr: 172.22.0.0/24 : Typically, the CIDR should match the network of the allocation ranges and the gateway.
• gateway: 172.22.0.1 : Specifies the gateway for the subnet, which is the IP address used as the default route for traffic leaving the subnet.

From the  internalaip section, we also see we can define VLAN IDs and exclusion ranges:

• excludeAddresses:  IP range that the data plane should not use (these are the IP addresses used by the OCP cluster compute nodes (check the NNCP section above). 
• vlan:  VLAN ID used by the  internalapi network. The lack of this entry in the  ctlplane section denotes using a flat network.

OpenStack Control Plane deployment

Now that we have all of our networking defined, and provided we have our storage configured (the sample file we use relies on NFS, but we did not discuss it here), we can deploy the control plane.

The control plane deployment YAML defines the different OpenStack services that should be instantiated, and for each service its configuration. The file is quite long, so copying it here is difficult, but you can check a  sample file here .

Here is, from the above sample, the list of defined Services and Key Configurations (note that some services are disabled):

• Utilizes MetalLB for LoadBalancer with an IP of 172.22.0.89.
• Configured to use an external DNS server at 192.168.123.100.
• Database instance named openstack , using a secret osp-secret .
• Cinder API exposed via MetalLB with an IP of 172.17.0.80.
• NFS backend for Cinder Volumes with specific NFS configurations.
• Storage backend set to use Cinder with specific Glance and Cinder configurations.
• Glance API exposed via MetalLB with an IP of 172.17.0.80.
• Uses NFS for storage with a request of 10G.
• Exposed via MetalLB with an IP of 172.17.0.80.
• Uses a database instance named openstack and a secret osp-secret .
• Enabled with storage requests set for the database and cell instances.
• Uses a secret osp-secret .
• Deployed with a single replica.
• Deployed with a single replica, using a secret osp-secret .
• API and Metadata services exposed via MetalLB with an IP of 172.17.0.80.
• API exposed via MetalLB with an IP of 172.17.0.80.
• Configuration for northbound and southbound DBs, as well as the OVN Controller.
• Exposed via MetalLB with specific IPs for RabbitMQ services.
• API and Engine exposed via MetalLB with an IP of 172.17.0.80.
• Disabled in this configuration.
• Ceilometer enabled, with configurations for autoscaling and metric storage.

In summary, MetalLB is extensively used to expose various OpenStack services externally via LoadBalancer type services, with annotations specifying address pools and IPs. Storage utilizes both Cinder (block storage) and NFS, with specific service configurations detailed for different services. 

Each service utilizes a specific database instance and secrets for configuration and credentials management. Replicas and scaling define the number of replicas for certain services, indicating considerations for availability and scaling. And, finally, several services specify network attachments, indicating integration with specific network configurations for service communication.

We’ll complete the deployment process in the final part of this series: Red Hat OpenShift 101 for OpenStack admins: Data plane deployment 

• Red Hat Enterprise Linux
• Red Hat OpenShift
• Red Hat Ansible Automation Platform
• See all products
• See all technologies
• Developer Sandbox
• Developer Tools
• Interactive Tutorials
• API Catalog
• Operators Marketplace
• Learning Resources
• Cheat Sheets

Communicate

• Contact sales
• Find a partner

Report a website issue

• Site Status Dashboard
• Report a security problem

RED HAT DEVELOPER

Build here. Go anywhere.

We serve the builders. The problem solvers who create careers with code.

Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

Red Hat legal and privacy links

• About Red Hat
• Contact Red Hat
• Red Hat Blog
• Diversity, equity, and inclusion
• Cool Stuff Store
• Red Hat Summit
• Privacy statement
• Terms of use
• All policies and guidelines
• Digital accessibility