Yes, sorry for that, can use NAT 6 also . I mentiioned DHCP6 , and you can point the gateway to /48 gw, and this does not need any BGP. Maintain BGP or OSPF is good, but is a lot more complicated ,
On Wed, Jul 14, 2021 at 10:57 PM Alex Mattioli <alex.matti...@shapeblue.com> wrote: > Hi Hean, > Do you mean using NAT66? Or did I miss something? > > Regards, > Alex > > > > > -----Original Message----- > From: Hean Seng <heans...@gmail.com> > Sent: 14 July 2021 16:44 > To: users@cloudstack.apache.org > Cc: Wido den Hollander <w...@widodh.nl>; d...@cloudstack.apache.org; Wei > Zhou <wei.z...@shapeblue.com>; Rohit Yadav <rohit.ya...@shapeblue.com>; > Gabriel Beims Bräscher <gabr...@pcextreme.nl> > Subject: Re: IPV6 in Isolated/VPC networks > > Hi > > I replied in another thread, i think do not need implement BGP or OSPF, > that would be complicated . > > We only need assign IPv6 's /64 prefix to Virtual Router (VR) in NAT > zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. > > In VR, you need to have Default IPv6 route to Physical Router's /48. IP as > IPv6 Gateway. Thens should be done . > > Example : > Physical Router Interface > IPv6 IP : 2000:aaaa::1/48 > > Cloudstack virtual router : 2000:aaaa:200:201::1/64 with default ipv6 > route to router ip 2000:aaaa::1 and Clodustack Virtual router dhcp allocate > IP to VM , and VM will have default route to VR. IPv6 2000:aaaa:200:201::1 > > So in cloudstack need to allow user to enter , IPv6 gwateway , and the > /48 Ipv6 prefix , then it will self allocate the /64 ip to the VR , and > maintain make sure not ovelap allocation > > > > > > > > On Wed, Jul 14, 2021 at 8:55 PM Alex Mattioli <alex.matti...@shapeblue.com > > > wrote: > > > Hi Wido, > > That's pretty much in line with our thoughts, thanks for the input. I > > believe we agree on the following points then: > > > > - FRR with BGP (no OSPF) > > - Route /48 (or/56) down to the VR > > - /64 per network > > - SLACC for IP addressing > > > > I believe the next big question is then "on which level of ACS do we > > manage AS numbers?". I see two options: > > 1) Private AS number on a per-zone basis > > 2) Root Admin assigned AS number on a domain/account basis > > 3) End-user driven AS number on a per network basis (for bring your > > own AS and IP scenario) > > > > Thoughts? > > > > Cheers > > Alex > > > > > > > > > > -----Original Message----- > > From: Wido den Hollander <w...@widodh.nl> > > Sent: 13 July 2021 15:08 > > To: d...@cloudstack.apache.org; Alex Mattioli > > <alex.matti...@shapeblue.com> > > Cc: Wei Zhou <wei.z...@shapeblue.com>; Rohit Yadav < > > rohit.ya...@shapeblue.com>; Gabriel Beims Bräscher > > <gabr...@pcextreme.nl> > > Subject: Re: IPV6 in Isolated/VPC networks > > > > > > > > On 7/7/21 1:16 PM, Alex Mattioli wrote: > > > Hi all, > > > @Wei Zhou<mailto:wei.z...@shapeblue.com> @Rohit Yadav<mailto: > > rohit.ya...@shapeblue.com> and myself are investigating how to enable > > IPV6 support on Isolated and VPC networks and would like your input on > it. > > > At the moment we are looking at implementing FRR with BGP (and > > > possibly > > OSPF) on the ACS VR. > > > > > > We are looking for requirements, recommendations, ideas, rants, > > etc...etc... > > > > > > > Ok! Here we go. > > > > I think that you mean that the VR will actually route the IPv6 traffic > > and for that you need to have a way of getting a subnet routed to the VR. > > > > BGP is probably you best bet here. Although OSPFv3 technically > > supports this it is very badly implemented in Frr for example. > > > > Now FRR is a very good router and one of the fancy features it > > supports is BGP Unnumered. This allows for auto configuration of BGP > > over a L2 network when both sides are sending Router Advertisements. > > This is very easy for flexible BGP configurations where both sides have > dynamic IPs. > > > > What you want to do is that you get a /56, /48 or something which is > > >/64 bits routed to the VR. > > > > Now you can sub-segment this into separate /64 subnets. You don't want > > to go smaller then a /64 is that prevents you from using SLAAC for > > IPv6 address configuration. This is how it works for Shared Networks > > now in Basic and Advanced Zones. > > > > FRR can now also send out the Router Advertisements on the downlinks > > sending out: > > > > - DNS servers > > - DNS domain > > - Prefix (/64) to be used > > > > There is no need for DHCPv6. You can calculate the IPv6 address the VM > > will obtain by using the MAC and the prefix. > > > > So in short: > > > > - Using BGP you routed a /48 to the VR > > - Now you split this into /64 subnets towards the isolated networks > > > > Wido > > > > > Alex Mattioli > > > > > > > > > > > > > > > > > > -- > Regards, > Hean Seng > -- Regards, Hean Seng
