On 11/11/2020 2:01 AM, Hean Seng wrote:
> IPv6 do not have NAT , each VM suppose to have indiviual Ipv6 Address.
NAT66 does in fact exist, and the virtual routers used for VLANs could
in fact be configured with RADV to provide an IETF RFC4193 SLAAC prefix
to private VPC networks then use NAT66 to communicate with the rest of
the IPv6 Internet via a SLAAC-configured IPv6 address on the virtual
router's public interface. They are not currently so configured, but all
the stuff to do it is already there in the base Debian distribution used
for the virtual routers.
Port forwarding would require changes to the virtual router to allow
IPv6 port forwarding (as well as likely allowing a fixed IPv6 address
for the virtual router rather than SLAAC).
DHCPv6 to advertise IPv6 DNS servers would be the other part of that
equation.
Routing public subnets would require significant work, since the virtual
routers would need to advertise routes upstream to whatever layer 3
switch or router routes things to and from the Internet. In addition
security would require disabling incoming IPv6 connections to the
advertised subnet except to specific instances that have a hole poked in
the firewall allowing incoming IPv6. It is unlikely that anybody is
going to bother implementing this anytime soon, since NAT66 works fine
for Cloudstack's purposes and is significantly easier to implement since
it doesn't require upstream routers to accept route advertisements from
virtual routers.
>
> For NAT zone, is that any way to allocate IPv6 subnet ?
>
>
>
>
>
>
>
> On Tue, Nov 10, 2020 at 3:51 PM Andrija Panic <andrija.panic@gmail.com>
> wrote:
>
>> If not mistaken, ipv6 is only supported for Shared Networks, and not for
>> Isolated/VPC networks.
>>
>> On Tue, 3 Nov 2020 at 04:31, Hean Seng <heanseng@gmail.com> wrote:
>>
>>> Hi
>>>
>>> Is that anyone have a idea of best way implementing ipv6 in cloudstack ?
>>>
>>> I saw the doc, and mentioned create another SharedGuestNework in
>>> AdvanceZone, and assigned ipv6 /64 network there.
>>>
>>> However, I not quite understand is in Advancezone with NAT (public ip,
>>> isolated vlan), the network of the VM is their own LAN IP and isolated
>> by
>>> VLAN or VXLAN. How can we assign Ipv6 over there? Or shall we
>> create
>>> another SharedGuestNetwork with another VLAN , and assign another
>>> GuestNetwork manually to the VM ? But then, the VM become 2 network. Is
>>> that the way to do ?
>>>
>>>
>>> --
>>> Regards,
>>> Hean Seng
>>>
>>
>> --
>>
>> Andrija Panić
>>
>
|