cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hean Seng <heans...@gmail.com>
Subject Re: IPv6 Support
Date Wed, 11 Nov 2020 14:26:16 GMT
For ipv6 implementation for Advancezone with NAT,  i guess shall be
allocate a ipv6 /64 subnet to it  (the Virtual Router), and  VirtualRouter
allocate IPv6 to  VM under it.
So cloudstack shall allow add ipv6 /64 subnet to the zone , and when VM
created , it will assign a /64 subnet to VR, and VR have DHCP6 to
allocate IP to the VM.

On Wed, Nov 11, 2020 at 7:54 PM Eric Lee Green <eric.lee.green@gmail.com>
wrote:

> On 11/11/2020 2:01 AM, Hean Seng wrote:
> > IPv6 do not have NAT , each VM suppose to have indiviual Ipv6 Address.
>
> NAT66 does in fact exist, and the virtual routers used for VLANs could
> in fact be configured with RADV to provide an IETF RFC4193 SLAAC prefix
> to private VPC networks then use NAT66 to communicate with the rest of
> the IPv6 Internet via a SLAAC-configured IPv6 address on the virtual
> router's public interface. They are not currently so configured, but all
> the stuff to do it is already there in the base Debian distribution used
> for the virtual routers.
>
> Port forwarding would require changes to the virtual router to allow
> IPv6 port forwarding (as well as likely allowing a fixed IPv6 address
> for the virtual router rather than SLAAC).
>
> DHCPv6 to advertise IPv6 DNS servers would be the other part of that
> equation.
>
> Routing public subnets would require significant work, since the virtual
> routers would need to advertise routes upstream to whatever layer 3
> switch or router routes things to and from the Internet. In addition
> security would require disabling incoming IPv6 connections to the
> advertised subnet except to specific instances that have a hole poked in
> the firewall allowing incoming IPv6. It is unlikely that anybody is
> going to bother implementing this anytime soon, since NAT66 works fine
> for Cloudstack's purposes and is significantly easier to implement since
> it doesn't require upstream routers to accept route advertisements from
> virtual routers.
>
> >
> > For NAT zone,  is that any way to allocate IPv6 subnet ?
> >
> >
> >
> >
> >
> >
> >
> > On Tue, Nov 10, 2020 at 3:51 PM Andrija Panic <andrija.panic@gmail.com>
> > wrote:
> >
> >> If not mistaken, ipv6 is only supported for Shared Networks, and not for
> >> Isolated/VPC networks.
> >>
> >> On Tue, 3 Nov 2020 at 04:31, Hean Seng <heanseng@gmail.com> wrote:
> >>
> >>> Hi
> >>>
> >>> Is that anyone have a idea of best way implementing ipv6 in cloudstack
> ?
> >>>
> >>> I saw the doc, and mentioned create another SharedGuestNework in
> >>> AdvanceZone, and assigned ipv6 /64 network there.
> >>>
> >>> However, I not quite understand is in Advancezone with NAT (public ip,
> >>> isolated vlan), the network of  the VM is  their own LAN IP and
> isolated
> >> by
> >>> VLAN or VXLAN.   How can we assign Ipv6 over there?     Or shall we
> >> create
> >>> another SharedGuestNetwork with another VLAN , and assign another
> >>> GuestNetwork manually to the VM ?  But then, the VM become 2 network.
> Is
> >>> that the way to do ?
> >>>
> >>>
> >>> --
> >>> Regards,
> >>> Hean Seng
> >>>
> >>
> >> --
> >>
> >> Andrija Panić
> >>
> >
>


-- 
Regards,
Hean Seng

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message