From 6ab9e716a1595591b7fccf45b5a8e05864e449a8 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Sun, 14 Jul 2024 16:43:55 +0200 Subject: [PATCH] Full IPv6 Support --- .../src/development/proposals/MEP13/README.md | 34 +++++++++++++++++++ docs/src/development/proposals/index.md | 3 +- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 docs/src/development/proposals/MEP13/README.md diff --git a/docs/src/development/proposals/MEP13/README.md b/docs/src/development/proposals/MEP13/README.md new file mode 100644 index 0000000000..bbd994d26d --- /dev/null +++ b/docs/src/development/proposals/MEP13/README.md @@ -0,0 +1,34 @@ +# IPv6 Support + +IPv6 support is required to be able to create Kubernetes clusters with either IPv6 single- or dual-stack enabled. +With immanent shortage of IPv4 addresses the need to be able to use IPv6 increased. + +Full IPv6 dual-stack Support was added to Kubernetes with v1.23 as stable. + +Gardener on the other hand does not yet have full IPv6 dual-stack support. See: https://github.com/gardener/gardener/issues/7051 + +Metal Stack manages Cidrs and IP Addresses with the [go-ipam](https://github.com/metal-stack/go-ipam) library, which gained full IPv6 Support already in 2021 https://metal-stack.io/blog/2021/02/ipv6-part1. +But this was only the foundation, to get full IPv6 support for all aspects which are managed by metal-stack.io, further work needs to be done. + +## General Decisions + +### Networks + +Currently metal-stack organizes Cidrs/Prefixes in a `network`. A network can consist of multiple cidrs from the same address family, +for example if you need internet connectivity, you start with a small cidrs but with time you will need more ipaddresses and by more internet cidrs. +Then you simply add these additional cidrs you bought, to the already existing internet `network` and more servers can be created with internet addresses. + +With IPv6 we have to choose between two options: + +#### Network per Address Family + +This means that we allow networks with cidrs from one address family only, one for IPv4 and one for IPv6 + +The machine creation process will not change if the machine only needs to be either IPv4 or IPv6 addressable. +But if on the other side, the machine need to be able to connect to both address families, the machine creation needs to specify two networks, one for IPv4 and one for IPv6. +Also there will be 2 distinct VRF IDs for every network with a different address family. + +#### Network with both Address Families + +Make a network dual address family capable, that means that you can add multiple cidrs from both address families to one network +Then the machine creation will stay the same for the single stack and dual-stack case, but the ip address allocation from one network must return a pair of ip addresses if the network is dual-stack. diff --git a/docs/src/development/proposals/index.md b/docs/src/development/proposals/index.md index 41a5bc2429..6e394662d8 100644 --- a/docs/src/development/proposals/index.md +++ b/docs/src/development/proposals/index.md @@ -18,7 +18,7 @@ Possible states are: Once a proposal was accepted, an issue should be raised and the implementation should be done in a separate PR. | Name | Description | State | -| :------------------------ | :--------------------------------------------- | :-------------: | +|:--------------------------|:-----------------------------------------------|:---------------:| | [MEP-1](MEP1/README.md) | Distributed Control Plane Deployment | `In Discussion` | | [MEP-2](MEP2/README.md) | Two Factor Authentication | `Aborted` | | [MEP-3](MEP3/README.md) | Machine Re-Installation to preserve local data | `Completed` | @@ -30,3 +30,4 @@ Once a proposal was accepted, an issue should be raised and the implementation s | [MEP-10](MEP10/README.md) | SONiC Support | `Completed` | | [MEP-11](MEP11/README.md) | Auditing of metal-stack resources | `Completed` | | [MEP-12](MEP12/README.md) | Rack Spreading | `Completed` | +| [MEP-13](MEP13/README.md) | IPv6 | `In Discussion` |