Versions Compared

Old Version 3

changes.mady.by.user Wido den Hollander

Saved on

compared with

New Version Current

changes.mady.by.user Wido den Hollander

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • (Docker) containers with native IPv6 inside a Instance
  • VPN tunnels with native IPv6

Instances will still obtain a IPv6 Address (/128) using SLAAC, this could for example be 2001:db8:100:0:9804:6f0a:990a:a798

In addition they can have a subnet of IPv6 Addresses routed to them for their applications.

Goals

The goals for IPv6 Prefix Delegation are in Basic Networking are:

...

The management server will need to understand a IPv6 Address Pool from where it can assign subnets to Instances when requested.

Per POD a subnet (for example /48) can needs to be configured from which a pre-defined size of subnets (for example /60) can be assigned to Instances.

When a Instance is deployed and a subnet is requested the management server will assign a new subnet and record it in the database.

During deployment it will add this information to dnsmasq on the VR so that the Instance obtains a proper DHCPv6+PD response from dnsmasq when it requests a subnet.

subnets will be assigned. This will usually be a /40 of /48 subnet. When adding the subnet a size has to be configured for delegations.

This will usually be a /56 or a /60 subnet.

The Management Server needs to understand the concept of a subnet pool and in addition also be able to record which subnet belongs to which Instance.

Virtual Router

The Virtual Router will need to be able to hand out the delegated prefixes.

The DHCP Server in the VR will need to be updated to a DHCPv6 server which is capable of Prefix Delegation, which dnsmasq is not (and no support planned).

ISC Kea is a DHCPv6 server which would be capable of this.

Security Groups

The delegated subnet needs to be added to the Secondary IPs of the Instance so that the Anti-Spoof (source address filtering) rules allow packets for this subnet to go in to the instance and out of it.

Instance StartUp

During start of the Instance the Virtual Router needs to be configured to delegate the prefix using DHCPv6 and the subnet also needs to be passed to the Hypervisor in the Secondary IPs so that the Security Groups allow the traffic to flow.