Using ipv6 in cloud: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
No edit summary
(Marked this version for translation)
Line 1: Line 1:
<languages />
<languages />
<translate>
<translate>
<!--T:2-->
== IPv6 in Arbutus Cloud == <!--T:2-->
== IPv6 in Arbutus Cloud ==
IPv6 Link-Local (LLA) and Global Unicast Addresses (GUA) are generally available within the Arbutus Cloud environment.
IPv6 Link-Local (LLA) and Global Unicast Addresses (GUA) are generally available within the Arbutus Cloud environment.
GUA can be set up via a separate interface, which in turn also handles only the IPv6 traffic.
GUA can be set up via a separate interface, which in turn also handles only the IPv6 traffic.
Addresses are being setup using ''Stateless Address Auto Configuration'' (SLAAC), which automatically sets up the IP on the VM interface. By default, the security group rules will allow all outbound traffic from the VM via the IPv6 GUA, but no traffic that originates from outside the VM will be allowed until specific security group rules have been defined. This is the same behaviour as IPv4.
Addresses are being setup using ''Stateless Address Auto Configuration'' (SLAAC), which automatically sets up the IP on the VM interface. By default, the security group rules will allow all outbound traffic from the VM via the IPv6 GUA, but no traffic that originates from outside the VM will be allowed until specific security group rules have been defined. This is the same behaviour as IPv4.


=== Example configuration openstack cli ===
=== Example configuration openstack cli === <!--T:3-->


<!--T:4-->
Get the ID of the VM to attach the Network interface.
Get the ID of the VM to attach the Network interface.
<pre>
<pre>
Line 19: Line 19:
</pre>
</pre>


<!--T:5-->
Assign a new network interface to the VM, using IPv6 as network.
Assign a new network interface to the VM, using IPv6 as network.


<!--T:6-->
<pre>
<pre>
openstack server add network 74be352d-19ca-46cc-9661-7088d2652e34  IPv6-GUA
openstack server add network 74be352d-19ca-46cc-9661-7088d2652e34  IPv6-GUA
</pre>
</pre>


<!--T:7-->
Check the status of the assignment.
Check the status of the assignment.


<!--T:8-->
<pre>
<pre>
openstack server list
openstack server list
Line 36: Line 40:
</pre>
</pre>


=== Example configuration Webinterface ===
=== Example configuration Webinterface === <!--T:9-->
Login into the dashboard and go to the Instances menu, click on ''Attach Interface'', which will open a dialog.
Login into the dashboard and go to the Instances menu, click on ''Attach Interface'', which will open a dialog.
Use IPv6-GUA (2607:f8f0:c11:7004::/64) from the network menu and click on attach.
Use IPv6-GUA (2607:f8f0:c11:7004::/64) from the network menu and click on attach.


<!--T:10-->
<gallery widths=300px heights=200px>
<gallery widths=300px heights=200px>
Instancemenu.png|Dashboard showing Instances
Instancemenu.png|Dashboard showing Instances
Line 47: Line 52:
</gallery>
</gallery>


<!--T:11-->
The shown IPv6 address is now available and can be used until the interface is detached. Every time the interface is detached,  
The shown IPv6 address is now available and can be used until the interface is detached. Every time the interface is detached,  
the GUA is released and put back into the pool and thus, can be used by anyone else. Rebuilding or restarting the VM however, will not
the GUA is released and put back into the pool and thus, can be used by anyone else. Rebuilding or restarting the VM however, will not
release the GUA.
release the GUA.


<!--T:12-->
Access from any IPv6 GUA can be granted via the ''Security Groups'' in Openstack; the only difference is the CIDR which automatically detects the address type.
Access from any IPv6 GUA can be granted via the ''Security Groups'' in Openstack; the only difference is the CIDR which automatically detects the address type.


[[File:secpol.png|thumb|left|Allow icmp from any IPv6 GUA]]
[[File:secpol.png|thumb|left|Allow icmp from any IPv6 GUA]]
<br />
<br />
== Example Linux configuration ==
== Example Linux configuration == <!--T:13-->


<!--T:14-->
The Openstack network you configured above will appear in Linux as an additional eth-type interface.  In most cases, /dev/eth0 will be your existing interface.  In most cases, your new IPv6 enabled interface will be /dev/eth1 .  The easiest way to pick-up your new device is to reboot.  But first, check to confirm that IPv6 is enabled.  Use the command:
The Openstack network you configured above will appear in Linux as an additional eth-type interface.  In most cases, /dev/eth0 will be your existing interface.  In most cases, your new IPv6 enabled interface will be /dev/eth1 .  The easiest way to pick-up your new device is to reboot.  But first, check to confirm that IPv6 is enabled.  Use the command:
<pre>
<pre>
Line 63: Line 71:
The output should all end in zeros.  IPv6 enabled is the default in all recent images.  Any kernel parameters that need to be changed to zero should be added to /etc/sysctl.conf.
The output should all end in zeros.  IPv6 enabled is the default in all recent images.  Any kernel parameters that need to be changed to zero should be added to /etc/sysctl.conf.


<!--T:15-->
Also, add the following kernel parameters in /etc/sysctl.conf.
Also, add the following kernel parameters in /etc/sysctl.conf.
<pre>
<pre>
Line 69: Line 78:
</pre>
</pre>


<!--T:16-->
Reboot your system and confirm IPv6 is enabled and that /dev/eth1 exists.
Reboot your system and confirm IPv6 is enabled and that /dev/eth1 exists.


<!--T:17-->
Next, add the following configurations to /etc/sysconfig/network-scripts/ifcfg-eth1  
Next, add the following configurations to /etc/sysconfig/network-scripts/ifcfg-eth1  
<pre>
<pre>
Line 79: Line 90:
</pre>
</pre>


<!--T:18-->
Reboot your system again.  This will auto-configure /dev/eth1.
Reboot your system again.  This will auto-configure /dev/eth1.


<!--T:19-->
Next, confirm that the IPv6 configuration with the command:
Next, confirm that the IPv6 configuration with the command:
<pre>
<pre>
Line 86: Line 99:
</pre>
</pre>


<!--T:20-->
Finally, confirm that IPv6 is working with the command:
Finally, confirm that IPv6 is working with the command:
<pre>
<pre>
Line 91: Line 105:
</pre>
</pre>


<!--T:21-->
That's all.  Congratulations.  Your system is now configured to use IPv6.
That's all.  Congratulations.  Your system is now configured to use IPv6.


==Further reading==
==Further reading== <!--T:22-->
* A RedHat article about IPv6: [https://www.redhat.com/sysadmin/what-you-need-know-about-ipv6]
* A RedHat article about IPv6: [https://www.redhat.com/sysadmin/what-you-need-know-about-ipv6]
* A RedHat article on configuring IPv6: [https://www.redhat.com/sysadmin/configuring-ipv6-rhel-7-8]
* A RedHat article on configuring IPv6: [https://www.redhat.com/sysadmin/configuring-ipv6-rhel-7-8]

Revision as of 21:24, 25 July 2022

Other languages:

IPv6 in Arbutus Cloud

IPv6 Link-Local (LLA) and Global Unicast Addresses (GUA) are generally available within the Arbutus Cloud environment. GUA can be set up via a separate interface, which in turn also handles only the IPv6 traffic. Addresses are being setup using Stateless Address Auto Configuration (SLAAC), which automatically sets up the IP on the VM interface. By default, the security group rules will allow all outbound traffic from the VM via the IPv6 GUA, but no traffic that originates from outside the VM will be allowed until specific security group rules have been defined. This is the same behaviour as IPv4.

Example configuration openstack cli

Get the ID of the VM to attach the Network interface. 

openstack server list
+--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+
| ID                                   | Name            | Status  | Networks                                      | Image                            | Flavor   |
+--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+
| 74be352d-19ca-46cc-9661-7088d2652e34 | test            | ACTIVE  | def-bott-network=192.168.27.140, 206.12.93.29 | Debian-10.9.2-Buster-x64-2021-05 | p1-1.5gb |
+--------------------------------------+-----------------+---------+-----------------------------------------------+----------------------------------+----------+

Assign a new network interface to the VM, using IPv6 as network. 

openstack server add network 74be352d-19ca-46cc-9661-7088d2652e34  IPv6-GUA

Check the status of the assignment. 

openstack server list
+--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+
| ID                                   | Name            | Status  | Networks                                                                                       | Image                            | Flavor   |
+--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+
| 74be352d-19ca-46cc-9661-7088d2652e34 | test            | ACTIVE  | IPv6-GUA=2607:f8f0:c11:7004:f816:3eff:fef1:8cee; def-bott-network=192.168.27.140, 206.12.93.29 | Debian-10.9.2-Buster-x64-2021-05 | p1-1.5gb |
+--------------------------------------+-----------------+---------+------------------------------------------------------------------------------------------------+----------------------------------+----------+

Example configuration Webinterface

Login into the dashboard and go to the Instances menu, click on Attach Interface, which will open a dialog. Use IPv6-GUA (2607:f8f0:c11:7004::/64) from the network menu and click on attach.

  • Dashboard showing Instances

    Dashboard showing Instances

  • Drop down menu to attach an interface

    Drop down menu to attach an interface

  • Available Networks Menu

    Available Networks Menu

  • Show the second IPv6 interface

    Show the second IPv6 interface

The shown IPv6 address is now available and can be used until the interface is detached. Every time the interface is detached, the GUA is released and put back into the pool and thus, can be used by anyone else. Rebuilding or restarting the VM however, will not release the GUA.

Access from any IPv6 GUA can be granted via the Security Groups in Openstack; the only difference is the CIDR which automatically detects the address type.

Allow icmp from any IPv6 GUA


Example Linux configuration

The Openstack network you configured above will appear in Linux as an additional eth-type interface. In most cases, /dev/eth0 will be your existing interface. In most cases, your new IPv6 enabled interface will be /dev/eth1 . The easiest way to pick-up your new device is to reboot. But first, check to confirm that IPv6 is enabled. Use the command: 

sudo sysctl -a | grep ipv6.*disable

The output should all end in zeros. IPv6 enabled is the default in all recent images. Any kernel parameters that need to be changed to zero should be added to /etc/sysctl.conf.

Also, add the following kernel parameters in /etc/sysctl.conf. 

net.ipv6.conf.eth1.forwarding=0
net.ipv6.conf.eth1.accept_ra=1

Reboot your system and confirm IPv6 is enabled and that /dev/eth1 exists.

Next, add the following configurations to /etc/sysconfig/network-scripts/ifcfg-eth1 

IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no

Reboot your system again. This will auto-configure /dev/eth1.

Next, confirm that the IPv6 configuration with the command: 

$ ip -6 address

Finally, confirm that IPv6 is working with the command: 

$ ping6 -c 1 www.google.com

That's all. Congratulations. Your system is now configured to use IPv6.

Further reading

  • A RedHat article about IPv6: [1]
  • A RedHat article on configuring IPv6: [2]
  • An Openstack article on configuring IPv6: [3]
Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Using_ipv6_in_cloud&oldid=118201"