Re: IPv6 Support

Wed, 11 Nov 2020 03:54:57 -0800 

On 11/11/2020 2:01 AM, Hean Seng wrote:

IPv6 do not have NAT , each VM suppose to have indiviual Ipv6 Address.



NAT66 does in fact exist, and the virtual routers used for VLANs could 
in fact be configured with RADV to provide an IETF RFC4193 SLAAC prefix 
to private VPC networks then use NAT66 to communicate with the rest of 
the IPv6 Internet via a SLAAC-configured IPv6 address on the virtual 
router's public interface. They are not currently so configured, but all 
the stuff to do it is already there in the base Debian distribution used 
for the virtual routers.



Port forwarding would require changes to the virtual router to allow 
IPv6 port forwarding (as well as likely allowing a fixed IPv6 address 
for the virtual router rather than SLAAC).



DHCPv6 to advertise IPv6 DNS servers would be the other part of that 
equation.



Routing public subnets would require significant work, since the virtual 
routers would need to advertise routes upstream to whatever layer 3 
switch or router routes things to and from the Internet. In addition 
security would require disabling incoming IPv6 connections to the 
advertised subnet except to specific instances that have a hole poked in 
the firewall allowing incoming IPv6. It is unlikely that anybody is 
going to bother implementing this anytime soon, since NAT66 works fine 
for Cloudstack's purposes and is significantly easier to implement since 
it doesn't require upstream routers to accept route advertisements from 
virtual routers.




For NAT zone,  is that any way to allocate IPv6 subnet ?







On Tue, Nov 10, 2020 at 3:51 PM Andrija Panic <andrija.pa...@gmail.com>
wrote:


If not mistaken, ipv6 is only supported for Shared Networks, and not for
Isolated/VPC networks.

On Tue, 3 Nov 2020 at 04:31, Hean Seng <heans...@gmail.com> wrote:


Hi

Is that anyone have a idea of best way implementing ipv6 in cloudstack ?

I saw the doc, and mentioned create another SharedGuestNework in
AdvanceZone, and assigned ipv6 /64 network there.

However, I not quite understand is in Advancezone with NAT (public ip,
isolated vlan), the network of  the VM is  their own LAN IP and isolated

by

VLAN or VXLAN.   How can we assign Ipv6 over there?     Or shall we

create

another SharedGuestNetwork with another VLAN , and assign another
GuestNetwork manually to the VM ?  But then, the VM become 2 network.  Is
that the way to do ?


--
Regards,
Hean Seng



--

Andrija Panić

























					Reply via email to