Hi Wido, That's pretty much in line with our thoughts, thanks for the input. I believe we agree on the following points then:
- FRR with BGP (no OSPF) - Route /48 (or/56) down to the VR - /64 per network - SLACC for IP addressing I believe the next big question is then "on which level of ACS do we manage AS numbers?". I see two options: 1) Private AS number on a per-zone basis 2) Root Admin assigned AS number on a domain/account basis 3) End-user driven AS number on a per network basis (for bring your own AS and IP scenario) Thoughts? Cheers Alex -----Original Message----- From: Wido den Hollander <w...@widodh.nl> Sent: 13 July 2021 15:08 To: dev@cloudstack.apache.org; Alex Mattioli <alex.matti...@shapeblue.com> Cc: Wei Zhou <wei.z...@shapeblue.com>; Rohit Yadav <rohit.ya...@shapeblue.com>; Gabriel Beims Bräscher <gabr...@pcextreme.nl> Subject: Re: IPV6 in Isolated/VPC networks On 7/7/21 1:16 PM, Alex Mattioli wrote: > Hi all, > @Wei Zhou<mailto:wei.z...@shapeblue.com> @Rohit > Yadav<mailto:rohit.ya...@shapeblue.com> and myself are investigating how to > enable IPV6 support on Isolated and VPC networks and would like your input on > it. > At the moment we are looking at implementing FRR with BGP (and possibly OSPF) > on the ACS VR. > > We are looking for requirements, recommendations, ideas, rants, etc...etc... > Ok! Here we go. I think that you mean that the VR will actually route the IPv6 traffic and for that you need to have a way of getting a subnet routed to the VR. BGP is probably you best bet here. Although OSPFv3 technically supports this it is very badly implemented in Frr for example. Now FRR is a very good router and one of the fancy features it supports is BGP Unnumered. This allows for auto configuration of BGP over a L2 network when both sides are sending Router Advertisements. This is very easy for flexible BGP configurations where both sides have dynamic IPs. What you want to do is that you get a /56, /48 or something which is >/64 bits routed to the VR. Now you can sub-segment this into separate /64 subnets. You don't want to go smaller then a /64 is that prevents you from using SLAAC for IPv6 address configuration. This is how it works for Shared Networks now in Basic and Advanced Zones. FRR can now also send out the Router Advertisements on the downlinks sending out: - DNS servers - DNS domain - Prefix (/64) to be used There is no need for DHCPv6. You can calculate the IPv6 address the VM will obtain by using the MAC and the prefix. So in short: - Using BGP you routed a /48 to the VR - Now you split this into /64 subnets towards the isolated networks Wido > Alex Mattioli > > > >
