Hi Alex, No BGP or NAT66 on VR.
Route insert in to L3 handled or list acquired from ACS api. On Wed, 14 Jul 2021 at 19:05, Hean Seng <heans...@gmail.com> wrote: > Yes, sorry for that, can use NAT 6 also . I mentiioned DHCP6 , and you > can point the gateway to /48 gw, and this does not need any BGP. Maintain > BGP or OSPF is good, but is a lot more complicated , > > On Wed, Jul 14, 2021 at 10:57 PM Alex Mattioli < > alex.matti...@shapeblue.com> > wrote: > > > Hi Hean, > > Do you mean using NAT66? Or did I miss something? > > > > Regards, > > Alex > > > > > > > > > > -----Original Message----- > > From: Hean Seng <heans...@gmail.com> > > Sent: 14 July 2021 16:44 > > To: us...@cloudstack.apache.org > > Cc: Wido den Hollander <w...@widodh.nl>; dev@cloudstack.apache.org; Wei > > Zhou <wei.z...@shapeblue.com>; Rohit Yadav <rohit.ya...@shapeblue.com>; > > Gabriel Beims Bräscher <gabr...@pcextreme.nl> > > Subject: Re: IPV6 in Isolated/VPC networks > > > > Hi > > > > I replied in another thread, i think do not need implement BGP or OSPF, > > that would be complicated . > > > > We only need assign IPv6 's /64 prefix to Virtual Router (VR) in NAT > > zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. > > > > In VR, you need to have Default IPv6 route to Physical Router's /48. IP > as > > IPv6 Gateway. Thens should be done . > > > > Example : > > Physical Router Interface > > IPv6 IP : 2000:aaaa::1/48 > > > > Cloudstack virtual router : 2000:aaaa:200:201::1/64 with default ipv6 > > route to router ip 2000:aaaa::1 and Clodustack Virtual router dhcp > allocate > > IP to VM , and VM will have default route to VR. IPv6 > 2000:aaaa:200:201::1 > > > > So in cloudstack need to allow user to enter , IPv6 gwateway , and the > > /48 Ipv6 prefix , then it will self allocate the /64 ip to the VR , and > > maintain make sure not ovelap allocation > > > > > > > > > > > > > > > > On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli < > alex.matti...@shapeblue.com > > > > > wrote: > > > > > Hi Wido, > > > That's pretty much in line with our thoughts, thanks for the input. I > > > believe we agree on the following points then: > > > > > > - FRR with BGP (no OSPF) > > > - Route /48 (or/56) down to the VR > > > - /64 per network > > > - SLACC for IP addressing > > > > > > I believe the next big question is then "on which level of ACS do we > > > manage AS numbers?". I see two options: > > > 1) Private AS number on a per-zone basis > > > 2) Root Admin assigned AS number on a domain/account basis > > > 3) End-user driven AS number on a per network basis (for bring your > > > own AS and IP scenario) > > > > > > Thoughts? > > > > > > Cheers > > > Alex > > > > > > > > > > > > > > > -----Original Message----- > > > From: Wido den Hollander <w...@widodh.nl> > > > Sent: 13 July 2021 15:08 > > > To: dev@cloudstack.apache.org; Alex Mattioli > > > <alex.matti...@shapeblue.com> > > > Cc: Wei Zhou <wei.z...@shapeblue.com>; Rohit Yadav < > > > rohit.ya...@shapeblue.com>; Gabriel Beims Bräscher > > > <gabr...@pcextreme.nl> > > > Subject: Re: IPV6 in Isolated/VPC networks > > > > > > > > > > > > On 7/7/21 1:16 PM, Alex Mattioli wrote: > > > > Hi all, > > > > @Wei Zhou<mailto:wei.z...@shapeblue.com> @Rohit Yadav<mailto: > > > rohit.ya...@shapeblue.com> and myself are investigating how to enable > > > IPV6 support on Isolated and VPC networks and would like your input on > > it. > > > > At the moment we are looking at implementing FRR with BGP (and > > > > possibly > > > OSPF) on the ACS VR. > > > > > > > > We are looking for requirements, recommendations, ideas, rants, > > > etc...etc... > > > > > > > > > > Ok! Here we go. > > > > > > I think that you mean that the VR will actually route the IPv6 traffic > > > and for that you need to have a way of getting a subnet routed to the > VR. > > > > > > BGP is probably you best bet here. Although OSPFv3 technically > > > supports this it is very badly implemented in Frr for example. > > > > > > Now FRR is a very good router and one of the fancy features it > > > supports is BGP Unnumered. This allows for auto configuration of BGP > > > over a L2 network when both sides are sending Router Advertisements. > > > This is very easy for flexible BGP configurations where both sides have > > dynamic IPs. > > > > > > What you want to do is that you get a /56, /48 or something which is > > > >/64 bits routed to the VR. > > > > > > Now you can sub-segment this into separate /64 subnets. You don't want > > > to go smaller then a /64 is that prevents you from using SLAAC for > > > IPv6 address configuration. This is how it works for Shared Networks > > > now in Basic and Advanced Zones. > > > > > > FRR can now also send out the Router Advertisements on the downlinks > > > sending out: > > > > > > - DNS servers > > > - DNS domain > > > - Prefix (/64) to be used > > > > > > There is no need for DHCPv6. You can calculate the IPv6 address the VM > > > will obtain by using the MAC and the prefix. > > > > > > So in short: > > > > > > - Using BGP you routed a /48 to the VR > > > - Now you split this into /64 subnets towards the isolated networks > > > > > > Wido > > > > > > > Alex Mattioli > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Regards, > > Hean Seng > > > > > -- > Regards, > Hean Seng > -- Ar vislabākajiem novēlējumiem, Kristaps Čudars mob.tel: +371 26331466 e-mail: kristaps.cud...@gmail.com
