On 26/03/2021 20:23, Stephan Seitz wrote:
Hi! I've recently deployed 4.15.0 Advanced Zone with CentOS 8 kvm hosts and classic linux bridges. I do know that CentOS 7 is preferred, but with some initial tweaks here and there, i'ld say it's working quite well.
VLAN or VXLAN?
Currently, I'm trying to use IPv6 on shared networks. I'd learned that IPv6 only does not work, so I switched to IPv6 plus RFC 1918 IPv4 natted at the outer gateway. IPv4 is not a requirement, but if it's necessary to add, it doesn't harm.
Yes. IPv4 is still needed and RFC1918 is just fine. Cloud-init works over IPv4. It's a lot of work to get rid of IPv4 in CloudStack.
I'm a big IPv6 fan (wrote a lot of the code in CS), but I didn't bother getting rid of IPv4. Not a real use-case for v6-only just yet.
The IPv4 addresses of the deployed hosts are provided by the virtual router as expected. My problem is: I don't get any dhcp6 lease out of the VR. I dug with tcpdump on the host and VR. I see the solicit message arriving, but no answering advertise message. I've tried almost everything at the host: accepting RA, Autoconf, selectively disabling these. Also modifying the dhcpv6 duid as seen on some 4.11 docs didn't change anything.
IPv6 does not work with DHCPv6. You should see that when the IPv6 CIDR is set properly for the shared network in the database that CloudStack calculates/generates the IPv6 address the Instance should obtain through SLAAC (without privacy addresses!)
When that works you have security grouping also working. It then filters on source addresses from VMs and such.
We have thousands of VMs connected with IPv6 this way. Wido
Best case is, that I'm stuck with hosts correctly configured by the router advertisement, but ACS doesn't know about it. So subsequently i can't add records to the respective DNS Zones. Alternatively, I could skip ACS and add the provable eui-64 addresses to the zone, but I'ld like to avoid that. After a few uneducated peeks into the VR's dnsmasq configuration, I cannot spot any setting for providing dhcp6 leases. Initially I've deployed the 4.15.0 systemvmtemplate downloaded from http://download.cloudstack.org/systemvm/4.15/ Right now, I've switched to the 4.15.1 from the same location, but that didn't change anything. I've also tried switching the Zone from internal DNS to external DNS and vice versa (these are identical, except the internal DNS is also equipped with the respective IPv6 addresses, which obviously cannot be added to the external DNS). That didn't change anything either. So, I'ld like to ask for any advise. Thanks in advance! Stephan
