Hi Wido, ACS must know what ip`s it should assignee for external and internal networks on VR isolated and vpc.
ACS will know external IP of VR and it will also know subnet or subnets that has been assigned. From this you can form route. This information can be exposed by ACS api. IT can be used by ansible/shell script/etc.. to form routing table and submit it to any L3 device and also Juniper MX. Junos has exceptional API. Anycast and multicast is grate when you control all network and your app is aware of it to some extent or you have other means to control it. The only place I know DHCPv6 are not working is Android as there is gentlemen Lorenzo Colitti who has decided that back work compatibility is not a thing. https://issuetracker.google.com/issues/36949085?pli=1 What are other examples? Every OS that wants to run in enterprise environment must support DHCPv6 as enterprise still needs: Ability to assign suffix such as git.com Register hosts in DNS Keep track of what host had what IP at a certain time Image deployment via PXE (think DHCP options) Other DHCP options used. Ability to easily swap DNS server in entire network. Dot1X deployment where you want RADIUS server to see DHCP request There are workarounds to some of them. On 2021/07/15 14:51:08, Wido den Hollander <w...@widodh.nl> wrote: > > > Op 14-07-2021 om 14:59 schreef Alex Mattioli: > > Hi Kristaps, > > Thanks for the nice schematic, pretty much where we were going. > > > > I just didn't understand your first statement " I would like to argue that > > implementer dynamic routing protocol and associated security > > problems/challenges with it to have IPv6 route inserted in L3 router/s is > > not a good goal." > > > > Would you mind clarifying/expanding on it please? > > I would like to know that as well. Because protocols like BGP and OSPF > are intended for that use-case. > > I don't see ACS logging into our Juniper MX routers to program a static > route. > > BGP doesn't have to be used for something like Anycast or multiple > datacenter availability. > > The reason I said DHCPv6 should be avoided is because of the limited > support. You also need to keep a database of IP addresses while SLAAC > exactly does what you want. > > Router Advertisements with SLAAC is much better supported in Operating > Systems then DHCPv6 is. > > Wido > > > > > Thanks > > Alex > > > > > > > > > > -----Original Message----- > > From: Kristaps Cudars <kristaps.cud...@gmail.com> > > Sent: 13 July 2021 20:44 > > To: dev@cloudstack.apache.org > > Subject: Re: IPV6 in Isolated/VPC networks > > > > Hi, > > > > I would like to argue that implementer dynamic routing protocol and > > associated security problems/challenges with it to have IPv6 route inserted > > in L3 router/s is not a good goal. > > > > In my opinion dynamic routing on VR would be interesting to scale > > availability of service across several datacenter if they participate in > > same AS. With BGP you could advertise same IP form different VR located in > > different DC IPv6/128 or/and IPv4/32. > > > > I would delegate task of router creation to ACS somewhere at moment of VR > > creation. > > It could happen over ssh/snmp/api rest or ansible- something that supports > > wide variety of vendors/devices. > > > > Have created rough schematic on how it could look on VR side: > > https://dice.lv/acs/ACS_router_v2.pdf > > > > > > On 2021/07/13 13:08:20, Wido den Hollander <w...@widodh.nl> wrote: > >> > >> > >> On 7/7/21 1:16 PM, Alex Mattioli wrote: > >>> Hi all, > >>> @Wei Zhou<mailto:wei.z...@shapeblue.com> @Rohit > >>> Yadav<mailto:rohit.ya...@shapeblue.com> and myself are investigating how > >>> to enable IPV6 support on Isolated and VPC networks and would like your > >>> input on it. > >>> At the moment we are looking at implementing FRR with BGP (and possibly > >>> OSPF) on the ACS VR. > >>> > >>> We are looking for requirements, recommendations, ideas, rants, > >>> etc...etc... > >>> > >> > >> Ok! Here we go. > >> > >> I think that you mean that the VR will actually route the IPv6 traffic > >> and for that you need to have a way of getting a subnet routed to the VR. > >> > >> BGP is probably you best bet here. Although OSPFv3 technically > >> supports this it is very badly implemented in Frr for example. > >> > >> Now FRR is a very good router and one of the fancy features it > >> supports is BGP Unnumered. This allows for auto configuration of BGP > >> over a L2 network when both sides are sending Router Advertisements. > >> This is very easy for flexible BGP configurations where both sides have > >> dynamic IPs. > >> > >> What you want to do is that you get a /56, /48 or something which is > >>> /64 bits routed to the VR. > >> > >> Now you can sub-segment this into separate /64 subnets. You don't want > >> to go smaller then a /64 is that prevents you from using SLAAC for > >> IPv6 address configuration. This is how it works for Shared Networks > >> now in Basic and Advanced Zones. > >> > >> FRR can now also send out the Router Advertisements on the downlinks > >> sending out: > >> > >> - DNS servers > >> - DNS domain > >> - Prefix (/64) to be used > >> > >> There is no need for DHCPv6. You can calculate the IPv6 address the VM > >> will obtain by using the MAC and the prefix. > >> > >> So in short: > >> > >> - Using BGP you routed a /48 to the VR > >> - Now you split this into /64 subnets towards the isolated networks > >> > >> Wido > >> > >>> Alex Mattioli > >>> > >>> > >>> > >>> > >> >
