Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPv6 Support #175

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ cleanup-partition:
sudo $(CONTAINERLAB) destroy --topo mini-lab.cumulus.yaml
sudo $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml

# IPv4
.PHONY: _privatenet
_privatenet: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network
Expand All @@ -128,6 +129,20 @@ machine: _privatenet
firewall: _ips _privatenet
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')

# IPv6
.PHONY: _privatenet6
_privatenet6: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6

.PHONY: machine6
machine6: _privatenet6
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')

.PHONY: firewall6
firewall6: _ips _privatenet6
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')


.PHONY: ls
ls: env
docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine ls
Expand Down
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,14 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy
Here is some code that should help you to set up most of the requirements:

```bash
# Enable IPv6 for docker
# cat /etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2001:db8:1::/64"
}
# systemctl restart docker if changes where made to this file

# If UFW enabled.
# Disable the firewall or allow traffic through Docker network IP range.
sudo ufw status
Expand Down
29 changes: 26 additions & 3 deletions files/inet/frr.conf
Original file line number Diff line number Diff line change
@@ -1,13 +1,18 @@
frr defaults datacenter
hostname inet
!
log syslog informational
ipv6 forwarding
!
vrf vrfInternet
vni 104009
ip route 0.0.0.0/0 172.17.0.1
exit-vrf
!
vrf vrfInternet6
vni 106009
ipv6 route ::/0 2001:db8:1::1
exit-vrf
!
interface eth2
ipv6 nd ra-interval 6
no ipv6 nd suppress-ra
Expand All @@ -32,6 +37,10 @@ router bgp 4200000021
redistribute connected route-map LOOPBACKS
exit-address-family
!
address-family ipv6 unicast
redistribute connected route-map LOOPBACKS
exit-address-family
!
address-family l2vpn evpn
advertise-all-vni
neighbor FABRIC activate
Expand All @@ -51,7 +60,21 @@ router bgp 4200000021 vrf vrfInternet
exit-address-family
!
route-map LOOPBACKS permit 10
match interface lo
match interface lo
!

router bgp 4200000021 vrf vrfInternet6
bgp router-id 10.0.0.21
bgp bestpath as-path multipath-relax
!
address-family ipv6 unicast
redistribute static
exit-address-family
!
address-family l2vpn evpn
advertise ipv6 unicast
exit-address-family
!
line vty
route-map LOOPBACKS permit 10
match interface lo
!
25 changes: 25 additions & 0 deletions files/inet/network.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ ip link add vrfInternet type vrf table 1000
ip link set dev vrfInternet up
ip link set dev eth0 master vrfInternet

# IPv6
ip link add vrfInternet6 type vrf table 1006
ip link set dev vrfInternet6 up
ip link set dev eth0 master vrfInternet6

ip link add name bridge type bridge stp_state 0
ip link set dev bridge type bridge vlan_filtering 1
ip link set dev bridge mtu 9000
Expand All @@ -17,6 +22,13 @@ bridge vlan del vid 1 dev bridge self
bridge vlan add vid 1000 dev bridge self
ip link set dev vlanInternet up

# IPv6
ip link add link bridge up name vlanInternet6 type vlan id 1006
ip link set dev vlanInternet6 mtu 9000
ip link set dev vlanInternet6 master vrfInternet6
bridge vlan add vid 1006 dev bridge self
ip link set dev vlanInternet6 up

ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning
ip link set dev vlanInternet mtu 9000
ip link set dev vniInternet master bridge
Expand All @@ -26,4 +38,17 @@ bridge vlan add vid 1000 dev vniInternet
bridge vlan add vid 1000 untagged pvid dev vniInternet
ip link set up dev vniInternet

# IPv6
ip link add vniInternet6 type vxlan id 106009 dstport 4789 local 10.0.0.21 nolearning
ip link set dev vlanInternet6 mtu 9000
ip link set dev vniInternet6 master bridge
bridge vlan del vid 1 dev vniInternet6
bridge vlan del vid 1 untagged pvid dev vniInternet6
bridge vlan add vid 1006 dev vniInternet6
bridge vlan add vid 1006 untagged pvid dev vniInternet6
ip link set up dev vniInternet6

# Does not have a ipv6 address on eth0 on startup, fix this
ip ad add 2001:db8:1::42/64 dev eth0

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
5 changes: 3 additions & 2 deletions inventories/group_vars/all/images.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ metal_stack_release_version: develop

# metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests/<pr-number-and-title>/metal-hammer-initrd.img.lz4
# metal_api_image_name:
# metal_api_image_tag:
metal_api_image_tag: ipv6-support
# metal_metalctl_image_name:
# metal_metalctl_image_tag:
metal_metalctl_image_tag: 252-ipv6-support
# metal_masterdata_api_image_name:
# metal_masterdata_api_image_tag:
# metal_console_image_name:
Expand All @@ -19,6 +19,7 @@ metal_stack_release_version: develop
# further overrides can be looked up in the metal-role projects where the mapping is defined:
# https://github.com/metal-stack/metal-roles/blob/master/defaults/main.yaml

metal_core_image_tag: ipv6-support
##
## for ansible roles
##
Expand Down
33 changes: 32 additions & 1 deletion inventories/group_vars/control-plane/metal.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ metal_api_images:
- id: firewall-ubuntu-3.0
name: Firewall 3 Ubuntu
description: Firewall 3 Ubuntu Latest Release
url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4
# url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4
url: https://images.metal-stack.io/metal-os/pull_requests/247-ipv6-support/firewall/3.0-ubuntu/img.tar.lz4
features:
- firewall
- id: ubuntu-24.04
Expand Down Expand Up @@ -56,13 +57,27 @@ metal_api_networks:
- id: tenant-super-network-mini-lab
name: "Project Super Network"
description: "Super network of all project networks"
# must be inherited to child networks
nat: false
privatesuper: true
underlay: false
destinationprefixes: []
partitionid: mini-lab
defaultchildprefixlength: 22
prefixes:
- 10.0.0.0/16
- id: tenant-super-network-ipv6-mini-lab
name: "Project Super Network IPv6"
description: "Super network of all project networks"
nat: false
privatesuper: true
underlay: false
destinationprefixes: []
partitionid: mini-lab
defaultchildprefixlength: 64
prefixes:
# See https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv6
- 2001:db8:2::/48
- id: internet-mini-lab
name: "Virtual Internet Network"
description: "Virtual Internet Network for mini-lab"
Expand All @@ -78,6 +93,22 @@ metal_api_networks:
labels:
network.metal-stack.io/default: ""
network.metal-stack.io/default-external: ""
- id: internet-ipv6-mini-lab
name: "Virtual Internet Network IPv6"
description: "Virtual Internet Network for mini-lab"
nat: true
privatesuper: false
underlay: false
destinationprefixes:
- ::/0
partitionid: "mini-lab"
vrf: 106009
prefixes:
- 2001:db8:3::/48
# TODO put these labels to metal-lib
labels:
network.metal-stack.io/default-ipv6: ""
network.metal-stack.io/default-external-ipv6: ""
- id: underlay-mini-lab
name: "Underlay Network"
description: "Underlay Network for mini-lab"
Expand Down
1 change: 1 addition & 0 deletions mini-lab.sonic.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ topology:
- files/inet/vtysh.conf:/etc/frr/vtysh.conf
- files/inet/network.sh:/root/network.sh
exec:
- apk add iptables
- sh /root/network.sh
vms:
kind: linux
Expand Down
27 changes: 27 additions & 0 deletions roles/cumulus/files/frr.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ vrf vrfInternet
vni 104009
ip route 0.0.0.0/0 172.17.0.1 nexthop-vrf mgmt
exit-vrf
vrf vrfInternet6
vni 106009
ip route ::/0 2001:db8:1::1 nexthop-vrf mgmt
exit-vrf
{{- range $vrf, $t := .Ports.Vrfs }}
!
vrf vrf{{ $t.VNI }}
Expand Down Expand Up @@ -65,6 +69,15 @@ router bgp {{ $ASN }}
{{- end }}
exit-address-family
!
address-family ipv6 unicast
redistribute connected route-map LOOPBACKS
neighbor FIREWALL allowas-in 2
neighbor FIREWALL activate
{{- range $k, $f := .Ports.Firewalls }}
neighbor {{ $f.Port }} route-map fw-{{ $k }}-in in
{{- end }}
exit-address-family
!
address-family l2vpn evpn
advertise-all-vni
neighbor FABRIC activate
Expand Down Expand Up @@ -112,6 +125,15 @@ router bgp {{ $ASN }} vrf {{ $vrf }}
{{- end }}
exit-address-family
!
address-family ipv6 unicast
redistribute connected
neighbor MACHINE maximum-prefix 24000
neighbor MACHINE activate
{{- if gt (len $t.IPPrefixLists) 0 }}
neighbor MACHINE route-map {{ $vrf }}-in6 in
{{- end }}
exit-address-family
!
address-family l2vpn evpn
advertise ipv4 unicast
exit-address-family
Expand All @@ -138,6 +160,11 @@ router bgp {{ $ASN }} vrf vrfInternet
network 0.0.0.0/0
exit-address-family
!
address-family ipv6 unicast
import vrf mgmt
network ::/0
exit-address-family
!
address-family l2vpn evpn
advertise ipv4 unicast
exit-address-family
Expand Down