cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hean Seng <heans...@gmail.com>
Subject Re: IPv6 Support
Date Wed, 11 Nov 2020 14:33:51 GMT
Hi Gabriel.

For this case, :

n such a network setup it is possible to deploy multiple shared guest
networks, isolated via VLAN/VXLAN. These networks can be configured with
only IPv4 addresses, or IPv4 + IPv6; on the second case the IPv4 address
could be a either a private IP (e.g. 10.1.1.1) or a public IP; all VMs then
have a public IPv6 address.

For those have IPv4+IPv6 , can I know how you configure it ?


On Wed, Nov 11, 2020 at 10:26 PM Hean Seng <heanseng@gmail.com> wrote:

> For ipv6 implementation for Advancezone with NAT,  i guess shall be
> allocate a ipv6 /64 subnet to it  (the Virtual Router), and  VirtualRouter
> allocate IPv6 to  VM under it.
> So cloudstack shall allow add ipv6 /64 subnet to the zone , and when VM
> created , it will assign a /64 subnet to VR, and VR have DHCP6 to
> allocate IP to the VM.
>
> On Wed, Nov 11, 2020 at 7:54 PM Eric Lee Green <eric.lee.green@gmail.com>
> wrote:
>
>> On 11/11/2020 2:01 AM, Hean Seng wrote:
>> > IPv6 do not have NAT , each VM suppose to have indiviual Ipv6 Address.
>>
>> NAT66 does in fact exist, and the virtual routers used for VLANs could
>> in fact be configured with RADV to provide an IETF RFC4193 SLAAC prefix
>> to private VPC networks then use NAT66 to communicate with the rest of
>> the IPv6 Internet via a SLAAC-configured IPv6 address on the virtual
>> router's public interface. They are not currently so configured, but all
>> the stuff to do it is already there in the base Debian distribution used
>> for the virtual routers.
>>
>> Port forwarding would require changes to the virtual router to allow
>> IPv6 port forwarding (as well as likely allowing a fixed IPv6 address
>> for the virtual router rather than SLAAC).
>>
>> DHCPv6 to advertise IPv6 DNS servers would be the other part of that
>> equation.
>>
>> Routing public subnets would require significant work, since the virtual
>> routers would need to advertise routes upstream to whatever layer 3
>> switch or router routes things to and from the Internet. In addition
>> security would require disabling incoming IPv6 connections to the
>> advertised subnet except to specific instances that have a hole poked in
>> the firewall allowing incoming IPv6. It is unlikely that anybody is
>> going to bother implementing this anytime soon, since NAT66 works fine
>> for Cloudstack's purposes and is significantly easier to implement since
>> it doesn't require upstream routers to accept route advertisements from
>> virtual routers.
>>
>> >
>> > For NAT zone,  is that any way to allocate IPv6 subnet ?
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Tue, Nov 10, 2020 at 3:51 PM Andrija Panic <andrija.panic@gmail.com>
>> > wrote:
>> >
>> >> If not mistaken, ipv6 is only supported for Shared Networks, and not
>> for
>> >> Isolated/VPC networks.
>> >>
>> >> On Tue, 3 Nov 2020 at 04:31, Hean Seng <heanseng@gmail.com> wrote:
>> >>
>> >>> Hi
>> >>>
>> >>> Is that anyone have a idea of best way implementing ipv6 in
>> cloudstack ?
>> >>>
>> >>> I saw the doc, and mentioned create another SharedGuestNework in
>> >>> AdvanceZone, and assigned ipv6 /64 network there.
>> >>>
>> >>> However, I not quite understand is in Advancezone with NAT (public ip,
>> >>> isolated vlan), the network of  the VM is  their own LAN IP and
>> isolated
>> >> by
>> >>> VLAN or VXLAN.   How can we assign Ipv6 over there?     Or shall we
>> >> create
>> >>> another SharedGuestNetwork with another VLAN , and assign another
>> >>> GuestNetwork manually to the VM ?  But then, the VM become 2
>> network.  Is
>> >>> that the way to do ?
>> >>>
>> >>>
>> >>> --
>> >>> Regards,
>> >>> Hean Seng
>> >>>
>> >>
>> >> --
>> >>
>> >> Andrija Panić
>> >>
>> >
>>
>
>
> --
> Regards,
> Hean Seng
>


-- 
Regards,
Hean Seng

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message