Versions Compared

Old Version 6

changes.mady.by.user Suresh Ramamurthy

Saved on

compared with

New Version 7

changes.mady.by.user Suresh Ramamurthy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

3. VPC Tier : When a VPC tier created, user shall configure an IPv6 CIDR . It and the IPv6 gateway. Tier IPv6 CIDR should be within the super IPv6 CIDR configured for its VPC. In this case, it would be a /64 prefix. If user does not configure any value, CloudStack automatically picks an unused /64 CIDR and assigns it to the VPC. So, it is not a mandatory attribute. Appropriate error will be given to user, if he tries to configure IPv6 CIDR with out configuring the super IPv6 for the Zone.

...

  1. IPv6 needs to be enabled so that VPC Router can Router Public and Guest Network NICs can be assigned with IPv6 address. Public NIC will get an IPv6 address from the address range configured for the public network(using createVlanIpRange API)
  2. RA needs to enabled in the dnsmasq running in the VPC Router. enable-ra line has to be added in dnsmasq.conf file. This will set M and O flag in RA advertisement, telling Instances to ONLY use that router as their default gateways and not to use SLAAC to auto-configure their IP-Address. CloudStack allocates and controls the IP address allocation to the guest VMs, so we need to disable SLAAC in order to maintain this behavior  
  3. Also, VPC Router needs to be programmed to set the IPv6 network prefix that it needs to advertise
    Example:

...

Only IPv6 addresses that are handed out will be stored in the Database.


Network ACL

As the IPv6 address are in public space, VPC Router will take care of routing the traffic between across the tier as a normal router. But, by default, ACLs will be added to block the traffic between tiers (except for ICMPv6 which will be allowd by default). This default ACL is added to maintain current VPC network traffic functionality. 

...

-A INPUT -m state --state NEW -m udp -p udp --dport 546 --sport 547 -s
fe80::/10 -d fe80::/10 -j ACCEPT

...


Loadbalancing(HA Proxy)
HA proxy which is used for load balancing will be enhanced to support IPv6.

Password Reset
Password reset feature will be enhanced to support Ipv6.
CloudStack Management server uses Control IP of the VPC Router VM to save the guest VMs password. This will remain the same because Control, Management and Storage traffic will still be IPv4. So, there is no change needed here.
But for password management, guest VM use VPC Router gateway IP to make a wget request. So, we can either
            i) Modify the password script to use IPv6 address of the VPC Router or
           ii) Use cloud-init which should take of using the IPv6 address of VPC Router.
Note: According to latest document, password management is not supported by cloud-init. But, when it is available it should make sure that it supports IPv6Note: More investigation needed

BGP on VPC Router
BGP will be enabled in the VPC Router for the IPv6 announcement.
...