With depletion of public IPv4 addresses service providers are starting to consider offering IPv6 addresses for their tenants workloads. Let me describe what are the options related to IPv6 support for service providers that use vCloud Director.
In the new vCloud Architecture Toolkit (vCAT) Document for Service Providers I have proposed a design (6.3.6) how to provide IPv6 services to tenants. So let me summarize the constraints:
- Currently in vCloud Director the tenants cannot assign IPv6 subnets to Org VDC or vApp networks
- In consequence this means that the tenants cannot use vCloud Director IP Address Management (IPAM) to assign IPv6 addresses to their VMs. However, IPv6 addresses can still be assigned from within the guest operating system.
- vCloud Director deployed Edge Gateways do not support IPv6. It means internal or external interfaces of the Edges need to have IPv4 addresses.
- vCloud Director relies for network services on vCloud Networking and Security (vCNS) or NSX components. vCNS does not support IPv6 however NSX does. vCNS will soon go out of support anyway.
The proposed design that works around the above limitations is following. Let me paste the picture from the linked vCAT document:
The provider deploys NSX Edge Service Gateway outside of vCloud Director (directly from NSX GUI/API) and connects it to a VXLAN or VLAN based network which is then imported to vCloud Director as an external network. Both the Edge Gateway and the external networks are dedicated to a particular tenant and managed by the provider.
The tenant can attach his workloads to an OrgVDC network which is directly connected to the external network. As this tenant NSX Edge is managed externally outside of vCloud Director scope it can offer full set of services NSX provides – and among them are IPv6 services.
There is one undocumented cool feature that I recently discovered which enables even more IPv6 functionality to the tenant.
There is in fact the possibility for service provider to assign IPv6 subnet to the external network and thus the tenant can use vCloud Director IPAM in a limited way. He can manually assign IPv6 address (IP Mode Static – Manual) to a VM network interface from vCloud Director UI/API and let vCloud Director to configure the VM networking through guest customization. vCloud DIrector even makes sure the IP address is unique.
Note: IP Mode Static – IP Pool is not supported as it is not possible to define IPv6 IP pool.
Here is how to configure IPv6 subnet on external network:
- Create vCloud DIrector external network (with IPv4 subnet)
- Find vCloud UUID of the external network. For example use the following API call: GET /api/admin/extension/externalNetworkReferences
- Insert into vCloud Director database gateway, prefix length, nameservers and dns suffix information. You must create new entries in config table with the following values:cat = network
name = ipv6.<ext network UUID>.gateway | subnetprefixlength | nameserver1 | nameserver2 | dnssuffix
value = <value of the network property>
The following example is valid for MS SQL database:
external network UUID: 85f22674-7419-4e44-b48d-9210723a8e64
gateway IPv6 address: fd6a:32b6:ab90::1
DNS 1: fd13:5905:f858:e502::208
DNS 2: fd13:5905:f858:e502::209
dns suffix: acme.fojta.com
INSERT into config values ('network', 'ipv6.85f22674-7419-4e44-b48d-9210723a8e64.dnssuffix', 'acme.fojta.com', 0);
INSERT into config values ('network', 'ipv6.85f22674-7419-4e44-b48d-9210723a8e64.nameserver1', 'fd13:5905:f858:e502::208', 0);
INSERT into config values ('network', 'ipv6.85f22674-7419-4e44-b48d-9210723a8e64.nameserver2', 'fd13:5905:f858:e502::209', 0);
INSERT into config values ('network', 'ipv6.85f22674-7419-4e44-b48d-9210723a8e64.subnetprefixlength', '64', 0);
INSERT into config values ('network', 'ipv6.85f22674-7419-4e44-b48d-9210723a8e64.gateway', 'fd6a:32b6:ab90::1', 0);
- In the tenant Org VDC create Org VDC network directly connected to the external network.
- The tenant can now connect VMs to the Org VDC network and assign IPv6 addresses directly from UI (or API).
Note that when using this provider managed Edge Gateway concept, the external network is dedicated to a particular tenant. For scalability reasons it is recommended to use VXLAN based external networks created directly in NSX. vCloud Director supports maximum of 750 external networks.
The tenant cannot directly manage Edge Gateway services and must rely on the provider to configure them.