...
3. VPC Tier : When a VPC tier created, user shall configure an IPv6 CIDR . It and the IPv6 gateway. Tier IPv6 CIDR should be within the super IPv6 CIDR configured for its VPC. In this case, it would be a /64 prefix. If user does not configure any value, CloudStack automatically picks an unused /64 CIDR and assigns it to the VPC. So, it is not a mandatory attribute. Appropriate error will be given to user, if he tries to configure IPv6 CIDR with out configuring the super IPv6 for the Zone.
...
...
Only IPv6 addresses that are handed out will be stored in the Database.
Network ACL
As the IPv6 address are in public space, VPC Router will take care of routing the traffic between across the tier as a normal router. But, by default, ACLs will be added to block the traffic between tiers (except for ICMPv6 which will be allowd by default). This default ACL is added to maintain current VPC network traffic functionality.
...
-A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s fe80::/10 -d fe80::/10 -j ACCEPT
...
Loadbalancing(HA Proxy)
HA proxy which is used for load balancing will be enhanced to support IPv6.
Password Reset
Password reset feature will be enhanced to support Ipv6.
CloudStack Management server uses Control IP of the VPC Router VM to save the guest VMs password. This will remain the same because Control, Management and Storage traffic will still be IPv4. So, there is no change needed here.
But for password management, guest VM use VPC Router gateway IP to make a wget request. So, we can either
i) Modify the password script to use IPv6 address of the VPC Router or
ii) Use cloud-init which should take of using the IPv6 address of VPC Router.
Note: According to latest document, password management is not supported by cloud-init. But, when it is available it should make sure that it supports IPv6Note: More investigation needed
BGP on VPC Router
BGP will be enabled in the VPC Router for the IPv6 announcement.
...