cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Mattioli <Alex.Matti...@shapeblue.com>
Subject RE: IPV6 in Isolated/VPC networks
Date Wed, 14 Jul 2021 14:56:13 GMT
Hi Hean,
Do you mean using NAT66?  Or did I miss something?

Regards,
Alex

 


-----Original Message-----
From: Hean Seng <heanseng@gmail.com> 
Sent: 14 July 2021 16:44
To: users@cloudstack.apache.org
Cc: Wido den Hollander <wido@widodh.nl>; dev@cloudstack.apache.org; Wei Zhou <Wei.Zhou@shapeblue.com>;
Rohit Yadav <rohit.yadav@shapeblue.com>; Gabriel Beims Bräscher <gabriel@pcextreme.nl>
Subject: Re: IPV6 in Isolated/VPC networks

Hi

I replied in another thread, i think do not need implement BGP or OSPF, that would be complicated
.

We only need assign  IPv6 's /64 prefix to Virtual Router (VR) in NAT zone, and the VR responsible
to deliver single IPv6 to VM via DHCP6.

In VR, you need to have Default IPv6 route to  Physical Router's /48. IP as
IPv6 Gateway.  Thens should be done .

Example :
Physical Router Interface
 IPv6 IP : 2000:aaaa::1/48

Cloudstack  virtual router : 2000:aaaa:200:201::1/64 with default ipv6 route to router ip
2000:aaaa::1 and Clodustack Virtual router dhcp allocate IP to VM , and  VM will have default
route to VR. IPv6 2000:aaaa:200:201::1

So in cloudstack need to allow  user to enter ,  IPv6 gwateway , and the
/48 Ipv6 prefix , then it will self allocate the /64 ip to the VR , and maintain make sure
not ovelap allocation







On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli <Alex.Mattioli@shapeblue.com>
wrote:

> Hi Wido,
> That's pretty much in line with our thoughts, thanks for the input.  I 
> believe we agree on the following points then:
>
> - FRR with BGP (no OSPF)
> - Route /48 (or/56) down to the VR
> - /64 per network
> - SLACC for IP addressing
>
> I believe the next big question is then "on which level of ACS do we 
> manage AS numbers?".  I see two options:
> 1) Private AS number on a per-zone basis
> 2) Root Admin assigned AS number on a domain/account basis
> 3) End-user driven AS number on a per network basis (for bring your 
> own AS and IP scenario)
>
> Thoughts?
>
> Cheers
> Alex
>
>
>
>
> -----Original Message-----
> From: Wido den Hollander <wido@widodh.nl>
> Sent: 13 July 2021 15:08
> To: dev@cloudstack.apache.org; Alex Mattioli 
> <Alex.Mattioli@shapeblue.com>
> Cc: Wei Zhou <Wei.Zhou@shapeblue.com>; Rohit Yadav < 
> rohit.yadav@shapeblue.com>; Gabriel Beims Bräscher 
> <gabriel@pcextreme.nl>
> Subject: Re: IPV6 in Isolated/VPC networks
>
>
>
> On 7/7/21 1:16 PM, Alex Mattioli wrote:
> > Hi all,
> > @Wei Zhou<mailto:Wei.Zhou@shapeblue.com> @Rohit Yadav<mailto:
> rohit.yadav@shapeblue.com> and myself are investigating how to enable
> IPV6 support on Isolated and VPC networks and would like your input on it.
> > At the moment we are looking at implementing FRR with BGP (and 
> > possibly
> OSPF) on the ACS VR.
> >
> > We are looking for requirements, recommendations, ideas, rants,
> etc...etc...
> >
>
> Ok! Here we go.
>
> I think that you mean that the VR will actually route the IPv6 traffic 
> and for that you need to have a way of getting a subnet routed to the VR.
>
> BGP is probably you best bet here. Although OSPFv3 technically 
> supports this it is very badly implemented in Frr for example.
>
> Now FRR is a very good router and one of the fancy features it 
> supports is BGP Unnumered. This allows for auto configuration of BGP 
> over a L2 network when both sides are sending Router Advertisements. 
> This is very easy for flexible BGP configurations where both sides have dynamic IPs.
>
> What you want to do is that you get a /56, /48 or something which is
> >/64 bits routed to the VR.
>
> Now you can sub-segment this into separate /64 subnets. You don't want 
> to go smaller then a /64 is that prevents you from using SLAAC for 
> IPv6 address configuration. This is how it works for Shared Networks 
> now in Basic and Advanced Zones.
>
> FRR can now also send out the Router Advertisements on the downlinks 
> sending out:
>
> - DNS servers
> - DNS domain
> - Prefix (/64) to be used
>
> There is no need for DHCPv6. You can calculate the IPv6 address the VM 
> will obtain by using the MAC and the prefix.
>
> So in short:
>
> - Using BGP you routed a /48 to the VR
> - Now you split this into /64 subnets towards the isolated networks
>
> Wido
>
> > Alex Mattioli
> >
> >
> >
> >
>
>

--
Regards,
Hean Seng
Mime
View raw message