Newer version

Please also see this design that was based on work done in this design.

Bug Reference

TBD

Branch

ipv6_vpc

Introduction

Purpose

Functional specification for ipv6 support in VPC router and associated networks (Work in progress)

References

  • relevant links

Feature Specifications

  • VPC router will support a public block of IPv6 space, a "super CIDR", similar to the IPv4 private space. A /60, for example, might be assigned to the VPC, from which prefixes are carved for tiers.
  • Admin can assign prefixes from within the super CIDR space to the individual tiers in that VPC.
    • Address space can be smallest /64, largest == super CIDR.
    • IPv6 prefix will be optional for tier
    • Admin can choose a type for their prefix, SLAAC or DHCP. SLAAC requires /64 sized prefix, and is simple auto-assignment, whereas DHCP can accommodate multiple IPs per instance.
  • IPv6 DNS settings already exist for zones, but instances could also leverage existing IPv4 VPC router DNS resolver.
  • VPC router wlll run DHCPv6 and/or stateless autoconfig, some options would include:
    • stateless autoconfig addr/gw + DHCPv6 for DNS
    • stateless autoconfig addr/gw/dns (linux, freebsd guests only)
    • stateless autoconfig addr/gw + DNS via DHCPv4 addr
    • DHCPv6 ip/gw/dns
    • both stateless autoconfig and DHCPv6 ips on an instance
  • Routers have a public interface, this network will have IPv6 space assigned to it as well. Router will get an IPv6 address for its public interface from this network, just like it currently does for IPv4.
  • When a VPC is started/restarted, the super CIDR and public IP of the router are published via event bus.  We also call a plugin system, such that the admin and network equipment providers have options to program the super CIDR routes to the VPCs via SDN, API, or admin scripts. iBGP route publishing scales quadratically, and eBGP requires dealing with ASN assignments.
  • Also, when VPC is started or prefix is added to network, we need to configure the VPC router.
  • Work on IPv6 can be broken into stages
    • Basic connectivity
      • Public IPv6 space and IP allocation for VPC router public interfaces (the public network traffic type)
      • Assign super CIDRs to VPCs
      • Assign prefixes to network tiers of type SLAAC
      • publish super CIDR route upon VPC router startup
      • configure SLAAC to network tiers upon VPC router startup
    • Advanced features
      • ip6tables ACLs at VPC router
      • public load balancing via assignment of extra IP on router public interface and haproxy
      • prefixes of type DHCPv6
      • NAT66 service provided by VPC router, allows prefixes of type 'private', that don't require a super CIDR (or require a private one)

Architecture and Design description

Modify table containing VPC info to accomodate ip6 super CIDR information

create new table to track ip6 prefixes to network tiers

Web Services APIs

createNetwork: existing parameters ip6cidr, ip6gateway, startipv6, endipv6 can be leveraged for type dhcpv6, need ip6prefix for slaac and ip6type to choose dhcp,slaac for network

createVpc: add optional IPv6 parameter to assign super CIDR 'ip6cidr'

addIP6RangeToNetwork: Add an IPv6 prefix to tier, given same parameters necessary for createNetwork

updateVpc: Add/remove super CIDR to existing VPC router by adding optional ip6cidr parameter