Create OpenStack DualStack or IPv6 only VM 

# Create router
openstack router create test-router1 \
  --centralized \
  --ha \
  --external-gateway public
 
# Show available tenant IPv6 subnet
openstack subnet pool list --share | grep tenant-subnet-pool-v6
 
# Create network
openstack network create test-network1
 
# DUAL-STACK: Create IPv4 subnet (skip for IPv6 only)
openstack subnet create test-subnet1-ipv4 \
  --network test-network1 \
  --subnet-range 10.11.12.0/24
 
# DUAL-STACK: Attach IPv4 subnet to router (skip for IPv6 only)
openstack router add subnet test-router1 test-subnet1-ipv4
 
# Create IPv6 subnet
openstack subnet create test-subnet1-ipv6 \
  --network test-network1 \
  --ip-version 6 \
  --subnet-pool tenant-subnet-pool-v6 \
  --prefix-length 64 \
  --ipv6-ra-mode dhcpv6-stateless \
  --ipv6-address-mode dhcpv6-stateless
 
# Attach IPv6 subnet to router
openstack router add subnet test-router1 test-subnet1-ipv6
 
# OPTINAL: allow access from outside
SECURITY_GROUP=test-secgroup
openstack security group create ${SECURITY_GROUP}
 
# DUAL-STACK: allow access to Floating FIP from outside (skip for IPv6 only)
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol icmp --ingress --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol icmp --egress --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol tcp --dst-port 22 --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol tcp --dst-port 80 --remote-ip 0.0.0.0/0
 
# OPTINAL: allow access to IPv6 from outside
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv6 --protocol ipv6-icmp --ingress --remote-ip "::/0"
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv6 --protocol ipv6-icmp --egress --remote-ip "::/0"
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv6 --protocol tcp --dst-port 22 --remote-ip "::/0"
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv6 --protocol tcp --dst-port 80 --remote-ip "::/0"
 
# Crate test VM
SERVER_ID=test-vm1-test
openstack server create ${SERVER_ID} \
  --flavor m1.small \
  --image "Ubuntu 24.04" \
  --network test-network1 \
  --key-name test-key \
  --security-group ${SECURITY_GROUP}
 
# DUAL-STACK: Assign IPv4 floating IP to the VM (skip for IPv6 only)
FLOATING_IP=$(openstack floating ip create public -c floating_ip_address -f value)
openstack server add floating ip ${SERVER_ID} ${FLOATING_IP}
 
# Show IP adresses
openstack server show ${SERVER_ID} -c addresses

DEBUG: show netplan configuration

# sudo cat /etc/netplan/50-cloud-init.yaml 
network:
  version: 2
  ethernets:
    ens3:
      match:
        macaddress: "fa:16:3e:81:f5:85"
      dhcp4: true # disable for IPv6 only
      dhcp6: true
      set-name: "ens3"

Allow unprivileged user to create a centralized router

# /etc/neutron/policy.json 
{
    "context_is_admin": "role:admin",
    "admin_or_owner": "rule:context_is_admin or tenant_id:%(tenant_id)s",
    "create_router:external_gateway_info": "rule:admin_or_owner",
    "create_router:external_gateway_info:network_id": "rule:admin_or_owner",
    "create_router:ha": "rule:admin_or_owner",
    "create_router:distributed": "rule:admin_or_owner"
}