AKO provides end-to-end support for IPv6 for Layer 7. This topic provides detailed explanation on the use cases, supportability, and configuration for IPv6.
Use Cases
AKO supports IPv6 as well as dual stack. The different use cases with details about dual stack support are as listed below:
Use Case |
Dual Stack Support |
Description |
|---|---|---|
Frontend (VIPs) |
IPv4 only, IPv6 only, and Dual Stack |
User can choose to have either v6 only or dual VIPs (v4 and v6) for the virtual services. IPv6 VIP for AKO uses relevant cidrs provided to configure VIPs for Kubernetes LB type and Ingress type objects. |
Kubernetes Cluster/Nodes |
IPv4 only, IPv6 only, and Dual Stack |
AKO configures routes to the pod IPs through Node IP. AKO chooses either a v4 or a v6 IP based on the ipFamily attribute in AKO config. For NodePort mode, AKO will choose either v4 or v6 IPs of Nodes based on the ipFamily attribute in AKO config. AKO defaults to the type of cluster but can be restricted using ipFamily. See the later sections for further details. |
Avi Load Balancer Controller Host IP |
IPv4/IPv6 |
AKO only accepts a single IP because the controller currently only supports either v4 or v6 IP. |
Kubernetes API Server |
IPv4 or IPv6 |
Kubernetes does not support dual stack on the Kube API server. |
CNIs |
Calico, Antrea |
AKO uses annotations added by CNI to add static routes. |
Backend (services) |
IPv4 only, IPv6 only, and Dual Stack |
AKO read the ipFamilyPolicy in the service specification to determine ipFamily for the backend. |
Gateway API |
Not Supported |
AKO currently does not support gateway API with dual stack/IPV6. |
Platform |
Kubernetes |
Support is restricted to Kubernetes only. |
Kubernetes Objects Supported |
Ingress and LB type |
IPv4, IPv6, or dual stack end-to-end support is provided for Ingress and LB type services. |
Supportability Matrix
Case |
Support |
|---|---|
Cloud |
vCenter |
CNI |
Calico, Antrea |
Kubernetes |
Supported |
OpenShift |
Not Supported |
NodeportLocal |
Not Supported |
Configuring Frontend Support for IPv6
Under NetworkSettings.vipNetworklist in values.yaml, specify v6cidr for networks.
NetworkSettings: ... vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud. # vipNetworkList: # - networkName: net1 # cidr: 100.1.1.0/24 # v6cidr: 2002::1234:abcd:ffff:c0a8:101/64 ...
v6cidr is an optional field and can be specified independent of cidr. When v6cidr is specified, AKO will enable auto allocation for IPv6 IPs for VIP. AKO allows VIPs to have both v4 and v6 IPs.
Configuring Backend Support for IPv6
The ipFamily field, ipFamily (values: V4, V6; default: V4), in values.yaml determines whether AKO will choose IPv6 or IPv4 IPs for pool servers. To change ipFamily, AKO must reboot.
When the ipFamily is v6, AKO looks for an IPv6 address for nodes to add to static routes.For Calico CNI, AKO will read node IP from internal IP or node annotation projectcalico.org/IPv6Address.
For Antrea CNI, AKO will read node IP from internal IP or node annotation node.antrea.io/transport-addresses, if transport interface is specified in the Antrea configuration.
Configurations
This section defines AKO configmap/value.yaml settings required to enable IPV6/dual stack support.
- AKOsettings.ipFamily
-
This flag defines the type of static route entries in VRF and server entries in each pool. Starting with the AKO version 1.12.1, this flag’s behaviour is changed.
ipFamily Flag Value
AKO Behaviour
Default Value (Y/N)
Comment
““ (Empty)
If both v4 and v6 node IPs are available, AKO will add them to the static routes based on whether the Kubernetes cluster is a dual-stack or single-stack.
AKO will use
ipFamilyPolicyof service to add IPV4/IPV6 pool servers.
Yes
“V4”
AKO will add v4 node IPs to static routes.
AKO will add v4 pool servers.
No
Setting v4 in v6 Kubernetes cluster will not work.
“V6”
AKO will add v6 node IPs to static routes.
AKO will add v6 pool servers.
No
Setting v6 in v4 Kubernetes cluster will not work.
- NetworkSettings.vipNetworklist
-
By configuring NetworkSettings.vipNetworklist present in values.yaml, the user can configure IPVv4 only, IPv6 only, or both to VS VIP.
NetworkSettings: ... vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud. # vipNetworkList: # - networkName: net1 # cidr: 100.1.1.0/24 # v6cidr: 2002::1234:abcd:ffff:c0a8:101/64 ...
v6cidris an optional field and can be specified independently of cidr. Whenv6cidris specified, AKO will enable auto allocation for IPv6 IPs for VIP. AKO allows VIPs to have both v4 and v6 IPs.
Kubernetes Resource Status
AKO will now update both the IPv4 and IPv6 IPs to the ingress when allocated instead of prioritizing one over the other. The status will, however, be overwritten by the public IP if enabled and allocated.
