- CLOUDSTACK-9853Getting issue details... STATUS
Since version 4.10 there is support for IPv6 in Basic Networking, but this is limited to a single address (/128) per Instance.
The feature is that using DHCPv6 Prefix Delegation the Instances can get a subnet, for example a /60 routed to them.
A routed IPv6 subnet allows for multiple features inside Instances, not limited to, but for example:
Instances will still obtain a IPv6 Address (/128) using SLAAC, this could for example be 2001:db8:100:0:9804:6f0a:990a:a798
In addition they can have a subnet of IPv6 Addresses routed to them for their applications.
The goals for IPv6 Prefix Delegation are in Basic Networking are:
Since the Virtual Router in Basic Networking does not function as a gateway it is up to the network administrator to configure (static) routes for the subnets towards the Instances.
For example: 2001:db8:200:1::/60 -> 2001:db8:100:0:9804:6f0a:990a:a798
This document only covers IPv6 Prefix Delegation where Instances are able to obtain a subnet using DHCPv6 PD.
In addition to having a single IPv6 address Instances will be able to have a IPv6 subnet routed to them.
The management server will need to understand a IPv6 Address Pool from where it can assign subnets to Instances when requested.
Per POD a subnet needs to be configured from which subnets will be assigned. This will usually be a /40 of /48 subnet. When adding the subnet a size has to be configured for delegations.
This will usually be a /56 or a /60 subnet.
The Management Server needs to understand the concept of a subnet pool and in addition also be able to record which subnet belongs to which Instance.
The Virtual Router will need to be able to hand out the delegated prefixes.
The DHCP Server in the VR will need to be updated to a DHCPv6 server which is capable of Prefix Delegation, which dnsmasq is not (and no support planned).
ISC Kea is a DHCPv6 server which would be capable of this.
The delegated subnet needs to be added to the Secondary IPs of the Instance so that the Anti-Spoof (source address filtering) rules allow packets for this subnet to go in to the instance and out of it.
During start of the Instance the Virtual Router needs to be configured to delegate the prefix using DHCPv6 and the subnet also needs to be passed to the Hypervisor in the Secondary IPs so that the Security Groups allow the traffic to flow.