Using ipv6 in cloud: Difference between revisions
m (fix typo) |
mNo edit summary |
||
(18 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
<languages /> | <languages /> | ||
<translate> | <translate> | ||
<!--T:2--> | == IPv6 in Arbutus Cloud == <!--T:2--> | ||
IPv6 Link-Local (LLA) and Global Unicast Addresses (GUA) are generally available within the Arbutus cloud environment.<br> | |||
IPv6 Link-Local (LLA) and Global Unicast (GUA) | |||
GUA can be set up via a separate interface, which in turn also handles only the IPv6 traffic. | GUA can be set up via a separate interface, which in turn also handles only the IPv6 traffic. | ||
Addresses are being | Addresses are being set up using ''Stateless Address Auto Configuration'' (SLAAC), which automatically sets up the IP on the VM interface. By default, the security group rules will allow all outbound traffic from the VM via the IPv6 GUA, but no traffic that originates from outside the VM will be allowed until specific security group rules have been defined. This is the same behaviour as IPv4. | ||
=== Example of an openstack cli configuration === <!--T:3--> | |||
<!--T:4--> | |||
Get the ID of the VM to attach the network interface. | |||
<pre> | |||
openstack server list | |||
+--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+ | |||
| ID | Name | Status | Networks | Image | Flavor | | |||
+--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+ | |||
| 74be352d-19ca-46cc-9661-7088d2652e34 | test | ACTIVE | def-bott-network=192.168.27.140, 206.12.93.29 | Debian-10.9.2-Buster-x64-2021-05 | p1-1.5gb | | |||
+--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+ | |||
</pre> | |||
<!--T:5--> | |||
Assign a new network interface to the VM, using IPv6 as network. | |||
<!--T:6--> | |||
<pre> | |||
openstack server add network 74be352d-19ca-46cc-9661-7088d2652e34 IPv6-GUA | |||
</pre> | |||
<!--T:7--> | |||
Check the status of the assignment. | |||
<!--T:8--> | |||
<pre> | |||
openstack server list | |||
+--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+ | |||
| ID | Name | Status | Networks | Image | Flavor | | |||
+--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+ | |||
| 74be352d-19ca-46cc-9661-7088d2652e34 | test | ACTIVE | IPv6-GUA=2607:f8f0:c11:7004:f816:3eff:fef1:8cee; def-bott-network=192.168.27.140, 206.12.93.29 | Debian-10.9.2-Buster-x64-2021-05 | p1-1.5gb | | |||
+--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+ | |||
</pre> | |||
=== Example of a Webinterface configuration === <!--T:9--> | |||
Log in to the dashboard and go to the ''Instances'' menu, click on ''Attach Interface'', which will open a dialog. | |||
Use IPv6-GUA (2607:f8f0:c11:7004::/64) from the network menu and click on ''Attach''. | |||
<!--T:10--> | |||
<gallery widths=300px heights=200px> | <gallery widths=300px heights=200px> | ||
Instancemenu.png|Dashboard showing | Instancemenu.png|1. Dashboard showing instances | ||
Interface menu attach.png.png|Drop down menu to attach an interface | Interface menu attach.png.png|2. Drop-down menu to attach an interface | ||
netlist.png|Available | netlist.png|3. Available networks menu | ||
show_attached.png| Show the second IPv6 interface | show_attached.png| 4. Show the second IPv6 interface | ||
</gallery> | </gallery> | ||
<!--T:11--> | |||
The shown IPv6 address is now available and can be used until the interface is detached. Every time the interface is detached, | The shown IPv6 address is now available and can be used until the interface is detached. Every time the interface is detached, | ||
the GUA is released and put back into the pool and thus, can be used by anyone else. Rebuilding or restarting the VM however, will not | the GUA is released and put back into the pool and thus, can be used by anyone else. Rebuilding or restarting the VM however, will not | ||
release the GUA. | release the GUA. | ||
Access from any IPv6 GUA can be granted via | <!--T:12--> | ||
Access from any IPv6 GUA can be granted via ''Security Groups'' in OpenStack; the only difference is the CIDR which automatically detects the address type. | |||
[[File:secpol.png|thumb|left|Allow icmp from any IPv6 GUA]] | [[File:secpol.png|thumb|left|Allow icmp from any IPv6 GUA]] | ||
<br /> | |||
== Example of a Linux configuration == <!--T:13--> | |||
<!--T:14--> | |||
The OpenStack network you configured above will appear in Linux as an additional eth-type interface. In most cases, /dev/eth0 will be your existing interface. In most cases, your new IPv6 enabled interface will be /dev/eth1. The easiest way to pick-up your new device is to reboot. But first, check to confirm that IPv6 is enabled with this command | |||
<pre> | |||
sudo sysctl -a | grep ipv6.*disable | |||
</pre> | |||
The output should all end in zeros. IPv6 enabled is the default in all recent images. Any kernel parameters that need to be changed to zero should be added to /etc/sysctl.conf. | |||
<!--T:15--> | |||
Also, add the following kernel parameters in /etc/sysctl.conf. | |||
<pre> | |||
net.ipv6.conf.eth1.forwarding=0 | |||
net.ipv6.conf.eth1.accept_ra=1 | |||
</pre> | |||
<!--T:16--> | |||
Reboot your system and confirm IPv6 is enabled and that /dev/eth1 exists. | |||
<!--T:17--> | |||
Next, add the following configurations to /etc/sysconfig/network-scripts/ifcfg-eth1 | |||
<pre> | |||
IPV6INIT=yes | |||
IPV6_AUTOCONF=yes | |||
IPV6_DEFROUTE=yes | |||
IPV6_FAILURE_FATAL=no | |||
</pre> | |||
<!--T:18--> | |||
Reboot your system again. The /dev/eth1 interface should be configured and ready to be used. | |||
<!--T:19--> | |||
You may then confirm the IPv6 configuration with | |||
<pre> | |||
$ ip -6 address | |||
</pre> | |||
<!--T:20--> | |||
Finally, confirm that IPv6 is working with | |||
<pre> | |||
$ ping6 -c 1 www.google.com | |||
</pre> | |||
<!--T:21--> | |||
That's all. Congratulations. Your system is now configured to use IPv6. | |||
==Further reading== <!--T:22--> | |||
* From RedHat, [https://www.redhat.com/sysadmin/what-you-need-know-about-ipv6 What you need to know about IPv6] | |||
* From RedHat, [https://www.redhat.com/sysadmin/configuring-ipv6-rhel-7-8 Configuring an IPv6 address in Red Hat Enterprise Linux 7 and 8] | |||
* From OpenStack, [https://docs.openstack.org/neutron/pike/admin/config-ipv6.html IPv6] | |||
</translate> | </translate> | ||
[[Category:Cloud]] |
Latest revision as of 21:08, 27 February 2023
IPv6 in Arbutus Cloud
IPv6 Link-Local (LLA) and Global Unicast Addresses (GUA) are generally available within the Arbutus cloud environment.
GUA can be set up via a separate interface, which in turn also handles only the IPv6 traffic.
Addresses are being set up using Stateless Address Auto Configuration (SLAAC), which automatically sets up the IP on the VM interface. By default, the security group rules will allow all outbound traffic from the VM via the IPv6 GUA, but no traffic that originates from outside the VM will be allowed until specific security group rules have been defined. This is the same behaviour as IPv4.
Example of an openstack cli configuration
Get the ID of the VM to attach the network interface.
openstack server list +--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+ | 74be352d-19ca-46cc-9661-7088d2652e34 | test | ACTIVE | def-bott-network=192.168.27.140, 206.12.93.29 | Debian-10.9.2-Buster-x64-2021-05 | p1-1.5gb | +--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+
Assign a new network interface to the VM, using IPv6 as network.
openstack server add network 74be352d-19ca-46cc-9661-7088d2652e34 IPv6-GUA
Check the status of the assignment.
openstack server list +--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+ | 74be352d-19ca-46cc-9661-7088d2652e34 | test | ACTIVE | IPv6-GUA=2607:f8f0:c11:7004:f816:3eff:fef1:8cee; def-bott-network=192.168.27.140, 206.12.93.29 | Debian-10.9.2-Buster-x64-2021-05 | p1-1.5gb | +--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+
Example of a Webinterface configuration
Log in to the dashboard and go to the Instances menu, click on Attach Interface, which will open a dialog. Use IPv6-GUA (2607:f8f0:c11:7004::/64) from the network menu and click on Attach.
The shown IPv6 address is now available and can be used until the interface is detached. Every time the interface is detached, the GUA is released and put back into the pool and thus, can be used by anyone else. Rebuilding or restarting the VM however, will not release the GUA.
Access from any IPv6 GUA can be granted via Security Groups in OpenStack; the only difference is the CIDR which automatically detects the address type.
Example of a Linux configuration
The OpenStack network you configured above will appear in Linux as an additional eth-type interface. In most cases, /dev/eth0 will be your existing interface. In most cases, your new IPv6 enabled interface will be /dev/eth1. The easiest way to pick-up your new device is to reboot. But first, check to confirm that IPv6 is enabled with this command
sudo sysctl -a | grep ipv6.*disable
The output should all end in zeros. IPv6 enabled is the default in all recent images. Any kernel parameters that need to be changed to zero should be added to /etc/sysctl.conf.
Also, add the following kernel parameters in /etc/sysctl.conf.
net.ipv6.conf.eth1.forwarding=0 net.ipv6.conf.eth1.accept_ra=1
Reboot your system and confirm IPv6 is enabled and that /dev/eth1 exists.
Next, add the following configurations to /etc/sysconfig/network-scripts/ifcfg-eth1
IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no
Reboot your system again. The /dev/eth1 interface should be configured and ready to be used.
You may then confirm the IPv6 configuration with
$ ip -6 address
Finally, confirm that IPv6 is working with
$ ping6 -c 1 www.google.com
That's all. Congratulations. Your system is now configured to use IPv6.
Further reading
- From RedHat, What you need to know about IPv6
- From RedHat, Configuring an IPv6 address in Red Hat Enterprise Linux 7 and 8
- From OpenStack, IPv6