For ipv6 implementation for Advancezone with NAT, i guess shall be allocate a ipv6 /64 subnet to it (the Virtual Router), and VirtualRouter allocate IPv6 to VM under it. So cloudstack shall allow add ipv6 /64 subnet to the zone , and when VM created , it will assign a /64 subnet to VR, and VR have DHCP6 to allocate IP to the VM.
On Wed, Nov 11, 2020 at 7:54 PM Eric Lee Green <eric.lee.gr...@gmail.com> wrote: > On 11/11/2020 2:01 AM, Hean Seng wrote: > > IPv6 do not have NAT , each VM suppose to have indiviual Ipv6 Address. > > NAT66 does in fact exist, and the virtual routers used for VLANs could > in fact be configured with RADV to provide an IETF RFC4193 SLAAC prefix > to private VPC networks then use NAT66 to communicate with the rest of > the IPv6 Internet via a SLAAC-configured IPv6 address on the virtual > router's public interface. They are not currently so configured, but all > the stuff to do it is already there in the base Debian distribution used > for the virtual routers. > > Port forwarding would require changes to the virtual router to allow > IPv6 port forwarding (as well as likely allowing a fixed IPv6 address > for the virtual router rather than SLAAC). > > DHCPv6 to advertise IPv6 DNS servers would be the other part of that > equation. > > Routing public subnets would require significant work, since the virtual > routers would need to advertise routes upstream to whatever layer 3 > switch or router routes things to and from the Internet. In addition > security would require disabling incoming IPv6 connections to the > advertised subnet except to specific instances that have a hole poked in > the firewall allowing incoming IPv6. It is unlikely that anybody is > going to bother implementing this anytime soon, since NAT66 works fine > for Cloudstack's purposes and is significantly easier to implement since > it doesn't require upstream routers to accept route advertisements from > virtual routers. > > > > > For NAT zone, is that any way to allocate IPv6 subnet ? > > > > > > > > > > > > > > > > On Tue, Nov 10, 2020 at 3:51 PM Andrija Panic <andrija.pa...@gmail.com> > > wrote: > > > >> If not mistaken, ipv6 is only supported for Shared Networks, and not for > >> Isolated/VPC networks. > >> > >> On Tue, 3 Nov 2020 at 04:31, Hean Seng <heans...@gmail.com> wrote: > >> > >>> Hi > >>> > >>> Is that anyone have a idea of best way implementing ipv6 in cloudstack > ? > >>> > >>> I saw the doc, and mentioned create another SharedGuestNework in > >>> AdvanceZone, and assigned ipv6 /64 network there. > >>> > >>> However, I not quite understand is in Advancezone with NAT (public ip, > >>> isolated vlan), the network of the VM is their own LAN IP and > isolated > >> by > >>> VLAN or VXLAN. How can we assign Ipv6 over there? Or shall we > >> create > >>> another SharedGuestNetwork with another VLAN , and assign another > >>> GuestNetwork manually to the VM ? But then, the VM become 2 network. > Is > >>> that the way to do ? > >>> > >>> > >>> -- > >>> Regards, > >>> Hean Seng > >>> > >> > >> -- > >> > >> Andrija Panić > >> > > > -- Regards, Hean Seng
