Versions Compared

Old Version 2

changes.mady.by.user Marcus Sorensen

Saved on

compared with

New Version 3

changes.mady.by.user Marcus Sorensen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • When creating vpc router, admin will assign a block "super cidr" for ipv6, as is currently done for ipv4
  • ipv6 super cidr will be optional parameter 
  • When deploying a network, admin will optionally provide a "sub cidr" for ipv6, as is currently done for ipv4
    • could potentially assign multiple blocks to a network, say one stateless autoconfig cidr and one dhcp cidr
  • Example: user issues a /60 ipv6 block to vpc, and each network is a /64. This allows for standard stateless autoconfig support and up to 16 networks for the vpc
  • ipv6 DNS settings already exist for zones
  • ipv6 ip allocation already exists for shared networks, assuming we can leverage that code (or at least the properties in the DB/VO).
  • vpc router wlll run dhcp6 and stateless autoconfig, admins can choose which to use in their guests some options would include:
    • stateless autoconfig addr/gw + DHCPv6 for DNS
    • stateless autoconfig addr/gw/dns (linux, freebsd guests only)
    • stateless autoconfig addr/gw + DNS via DHCPv4 addr
    • DHCPv6 ip/gw/dns
    • both stateless autoconfig and DHCPv6 ips on an instance
  • Routers themselves need IPv6 addresses, so we need to add support for it in public ip ranges
  • Deployment could be broken into stages potentially
    • could support just SLAAC block first + DNS via IPv4 private gw for first phase
      • this would consist of adding the columns and/or table to track the blocks for vpc/network, and a Command to send the details for VPC, but no dealing with ip assignments to guests
    • could add a DHCP block per network in second phase. This would handle the individual ip assignments and programming DHCP on the router for each.
    • could add ability to edit/upgrade existing VPCs to add SLAAC and/or DHCP blocks in another phase (although adding SLAAC block may be simple enough to combine in an existing phase)
    • IPv6 ACLs could also be done separately, or at the same time but a separate feature. This may require the caveat that adding an IPv6 config to a VPC opens it up to the world (for IPv6), if the separate feature doesn't make it into the same release.

Architecture and Design description

...