You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by GitBox <gi...@apache.org> on 2022/02/28 10:59:06 UTC

[GitHub] [cloudstack-documentation] weizhouapache commented on a change in pull request #262: ipv6: support for isolated nw, vpc tiers

weizhouapache commented on a change in pull request #262:
URL: https://github.com/apache/cloudstack-documentation/pull/262#discussion_r815778459



##########
File path: source/plugins/ipv6.rst
##########
@@ -199,3 +202,117 @@ each of the VMs. Use DUID-LL to set up dhclient.
          iface eth0 inet6 dhcp
          autoconf 0
          accept_ra 1
+
+
+Isolated network and VPC tier
+-----------------------------
+
+.. note::
+   - The IPv6 support for isolated networks and VPC tiers is available from version 4.17.0.
+
+   - The IPv6 isolated networks and VPC tiers only supports **Static routing**, i.e, the administrator will need to add upstream routes for routing to work inside the networks.
+
+Guest VMs in an isolated network or VPC tier can obtain both IPv4 and IPv6 IP addresses by using a supported network offering and appropriate configurations for IPv6 support by the administrator.
+Both VR for such networks and the guest VMs using these networks obtain a SLAAC based IPv6 address. While VR is assigned an IPv6 address from the public IPv6 range, guest VMs get their IPv6 addresses from the IPv6 subnet assinged to the network.
+
+Here's the sequence of events when IPv6 is used:
+
+#. The administrator sets global configuration - ``network.offering.ipv6.enabled`` to **true**.
+
+#. The administrator adds a public IPv6 range in an advanced zone.
+
+#. The administrator adds an IPv6 prefix for guest traffic type for the zone.
+
+#. The administrator creates a network offering with IPv4 + IPv6 (Dual stack) support.
+
+#. The user deploys an isolated network or a VPC tier with above network offering.
+
+#. CloudStack assigns a SLAAC based public IPv6 address to the network from the public IPv6 range of the zone. It also assigns an IPv6 subnet to the network from the guest IPv6 prefix for the zone. See `SLAAC <https://datatracker.ietf.org/doc/html/rfc4862>`__\ for more information.
+
+#. The user deploys a guest VM in the network. The VM is assigned a SLAAC based IPv6 address from the guest IPv6 subnet of the network.
+
+
+Prerequisites and Guidelines
+############################
+
+Consider the following:
+
+-  CIDR size for the public IPv6 range for a zone must be 64.
+
+-  CIDR size for the guest IPv6 prefix for the zone must be lesser than 64. Each guest network is assigned a subnet from this prefix with CIDR size 64 therefore only as many IPv6 supporting guest networks can be deployed from the guest prefix as the number of subnets with CIDR size 64.
+
+-  Currently, a guest network cannot be IPv6 only and it can only be either IPv4 only or Dual Stack (both IPv4 + IPv6).
+
+-  Once a public IPv6 address and guest subnet are assigned to the network or the network is successfully, the operator must update routing in the upstream router. For this, CloudStack returns the gateway and subnet for the network with listNetworks API response.
+
+
+Adding a Public IPv6 Range
+##########################
+
+The administrator can use both UI and API to add a public IPv6 range. UI is the preferable option.
+Option to add a new public Ipv6 range in the UI can be found in Infrastructure -> Zones -> Zone details -> Physical Network tab -> Physical network details -> Traffic Types tab -> Public -> *Add IP range*.
+In the Add IP range form, IPv6 can be selected as the IP Range Type. IPv6 Gateway and CIDR must be provided and optionally a VLAN/VNI can be provided.
+
+Alternatively, ``createVlanIpRange`` API can be used to add a new public IPv6 range.
+
+|add-public-ipv6-range-form.png|
+
+
+
+   .. note::
+      As SLAAC based public IPv6 address will be assigned to the networks therefore public IPv6 range must be added without specifying start and end IP addresses.
+
+
+Adding Guest IPv6 Prefix
+########################
+
+Again, both UI and API to add a guest IPv6 prefix. UI is the preferable option.
+Option to add a new public Ipv6 range in the UI can be found in Infrastructure -> Zones -> Zone details -> Physical Network tab -> Physical network details -> Traffic Types tab -> Guest -> *Add IPv6 prefix*.
+In the Add IPv6 prefix form, an IPv6 prefix with CIDR size lesser than 64 must be provided.
+
+Alternatively, ``createGuestNetworkIpv6Prefix`` API can be used to add a new guest IPv6 prefix.
+
+|add-guest-ipv6-prefix-form.png|
+
+
+Adding Network Offering with IPv6 Support
+#########################################
+
+To create an IPv6 suported network offering, global configuration - ``network.offering.ipv6.enabled`` must be set to **true**.
+
+With 4.17.0, a new paramter - ``internetprotocol`` has been added to the ``createNetworkOffering`` API which can be used to create a network offering with IPv6 support by using the value dualstack.
+Corresponding option has also been provided in the UI form creating network offering:
+
+|add-ipv6-network-offering-form.png|
+
+
+Adding Upstream Route
+#####################
+
+Currently, CloudStack supports IPv6 isolated networks and VPC tiers only with **static** routes and therefore the administrator needs to add upstream IPv6 routes once a network is successfully deployed.
+To facilitate the automation, *CloudStack Event Notification* can be used. CloudStack will generate appropriate events on network creation or deletion and while assigning or releasing a public IPv6 address for a network. Based on the events the corresponding network can be queried for the IPv6 routes that it needs configured in upstream network.

Review comment:
       is cloudstack api also an option ?
   I think few cloudstack users use event bus. it would be better to provide more resolutions.

##########
File path: source/plugins/ipv6.rst
##########
@@ -199,3 +202,117 @@ each of the VMs. Use DUID-LL to set up dhclient.
          iface eth0 inet6 dhcp
          autoconf 0
          accept_ra 1
+
+
+Isolated network and VPC tier
+-----------------------------
+
+.. note::
+   - The IPv6 support for isolated networks and VPC tiers is available from version 4.17.0.
+
+   - The IPv6 isolated networks and VPC tiers only supports **Static routing**, i.e, the administrator will need to add upstream routes for routing to work inside the networks.
+
+Guest VMs in an isolated network or VPC tier can obtain both IPv4 and IPv6 IP addresses by using a supported network offering and appropriate configurations for IPv6 support by the administrator.
+Both VR for such networks and the guest VMs using these networks obtain a SLAAC based IPv6 address. While VR is assigned an IPv6 address from the public IPv6 range, guest VMs get their IPv6 addresses from the IPv6 subnet assinged to the network.
+
+Here's the sequence of events when IPv6 is used:
+
+#. The administrator sets global configuration - ``network.offering.ipv6.enabled`` to **true**.
+
+#. The administrator adds a public IPv6 range in an advanced zone.
+
+#. The administrator adds an IPv6 prefix for guest traffic type for the zone.
+
+#. The administrator creates a network offering with IPv4 + IPv6 (Dual stack) support.
+
+#. The user deploys an isolated network or a VPC tier with above network offering.
+
+#. CloudStack assigns a SLAAC based public IPv6 address to the network from the public IPv6 range of the zone. It also assigns an IPv6 subnet to the network from the guest IPv6 prefix for the zone. See `SLAAC <https://datatracker.ietf.org/doc/html/rfc4862>`__\ for more information.
+
+#. The user deploys a guest VM in the network. The VM is assigned a SLAAC based IPv6 address from the guest IPv6 subnet of the network.
+
+
+Prerequisites and Guidelines
+############################
+
+Consider the following:
+
+-  CIDR size for the public IPv6 range for a zone must be 64.
+
+-  CIDR size for the guest IPv6 prefix for the zone must be lesser than 64. Each guest network is assigned a subnet from this prefix with CIDR size 64 therefore only as many IPv6 supporting guest networks can be deployed from the guest prefix as the number of subnets with CIDR size 64.
+
+-  Currently, a guest network cannot be IPv6 only and it can only be either IPv4 only or Dual Stack (both IPv4 + IPv6).
+
+-  Once a public IPv6 address and guest subnet are assigned to the network or the network is successfully, the operator must update routing in the upstream router. For this, CloudStack returns the gateway and subnet for the network with listNetworks API response.
+
+
+Adding a Public IPv6 Range
+##########################
+
+The administrator can use both UI and API to add a public IPv6 range. UI is the preferable option.
+Option to add a new public Ipv6 range in the UI can be found in Infrastructure -> Zones -> Zone details -> Physical Network tab -> Physical network details -> Traffic Types tab -> Public -> *Add IP range*.
+In the Add IP range form, IPv6 can be selected as the IP Range Type. IPv6 Gateway and CIDR must be provided and optionally a VLAN/VNI can be provided.
+
+Alternatively, ``createVlanIpRange`` API can be used to add a new public IPv6 range.
+
+|add-public-ipv6-range-form.png|
+
+
+
+   .. note::
+      As SLAAC based public IPv6 address will be assigned to the networks therefore public IPv6 range must be added without specifying start and end IP addresses.
+
+
+Adding Guest IPv6 Prefix
+########################
+
+Again, both UI and API to add a guest IPv6 prefix. UI is the preferable option.
+Option to add a new public Ipv6 range in the UI can be found in Infrastructure -> Zones -> Zone details -> Physical Network tab -> Physical network details -> Traffic Types tab -> Guest -> *Add IPv6 prefix*.
+In the Add IPv6 prefix form, an IPv6 prefix with CIDR size lesser than 64 must be provided.
+
+Alternatively, ``createGuestNetworkIpv6Prefix`` API can be used to add a new guest IPv6 prefix.
+
+|add-guest-ipv6-prefix-form.png|
+
+
+Adding Network Offering with IPv6 Support
+#########################################
+
+To create an IPv6 suported network offering, global configuration - ``network.offering.ipv6.enabled`` must be set to **true**.
+
+With 4.17.0, a new paramter - ``internetprotocol`` has been added to the ``createNetworkOffering`` API which can be used to create a network offering with IPv6 support by using the value dualstack.
+Corresponding option has also been provided in the UI form creating network offering:
+
+|add-ipv6-network-offering-form.png|
+
+
+Adding Upstream Route
+#####################
+
+Currently, CloudStack supports IPv6 isolated networks and VPC tiers only with **static** routes and therefore the administrator needs to add upstream IPv6 routes once a network is successfully deployed.
+To facilitate the automation, *CloudStack Event Notification* can be used. CloudStack will generate appropriate events on network creation or deletion and while assigning or releasing a public IPv6 address for a network. Based on the events the corresponding network can be queried for the IPv6 routes that it needs configured in upstream network.
+Upstream IPv6 routes required by an IPv6 supported isolated network or VPC tier are also shown in the UI in the network details.
+
+|network-details-upstream-ipv6-routes.png|
+
+
+IPv6 Firewall

Review comment:
       Do we have firewall enabled/disabled option in network offerings ?
   what's the default policy ?

##########
File path: source/plugins/ipv6.rst
##########
@@ -199,3 +202,117 @@ each of the VMs. Use DUID-LL to set up dhclient.
          iface eth0 inet6 dhcp
          autoconf 0
          accept_ra 1
+
+
+Isolated network and VPC tier
+-----------------------------
+
+.. note::
+   - The IPv6 support for isolated networks and VPC tiers is available from version 4.17.0.
+
+   - The IPv6 isolated networks and VPC tiers only supports **Static routing**, i.e, the administrator will need to add upstream routes for routing to work inside the networks.
+
+Guest VMs in an isolated network or VPC tier can obtain both IPv4 and IPv6 IP addresses by using a supported network offering and appropriate configurations for IPv6 support by the administrator.
+Both VR for such networks and the guest VMs using these networks obtain a SLAAC based IPv6 address. While VR is assigned an IPv6 address from the public IPv6 range, guest VMs get their IPv6 addresses from the IPv6 subnet assinged to the network.
+
+Here's the sequence of events when IPv6 is used:

Review comment:
       Is the "VLAN/VNI" supported in ipv6 range ?
   If it is currently not supported, it is better to point it out.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org