This topic provides the work flow for enabling IPv6 communication between Service Engine and Controller for different use-cases like Write access vCenter Cloud, No access Service Engine in vCenter and NSX-T cloud.

Starting with Avi Load Balancer version 30.2.1, the Avi Load Balancer supports IPv6 Interface for its Primary Interface for SE communication and communication with external entities. This support enables the option for IPv6 systems in vCenter and NSX environments.

Note:
  • IPv6 Controller should be deployed with a Global unicast IPv6 address if the Controller should be accessible across the network.

  • Configuring Controllers with ULA will not program the default gateway address, resulting in external networks not being reachable by default from Controllers.

Workflow 1: IPv6 Controllers

The following workflow explains the steps to configure new Controllers with IPv6 Interface as Primary. This workflow is followed for using an IPv6 Controller, and to use this configured IPv6 interface for IPv6 connectivity to the Service Engine and configuring Clouds with IPv6 endpoints.

  1. Create the Controller with Management IP with IPv6 address (Static IPs). For more information, see Deploying the NSX Advanced Load Balancer Controller OVA section in the Installation guide.

  2. In case of a cluster setup, do this sequentially, one node at a time and form cluster using IPv6 IP and provide IPv6 address for cluster IP.

  3. Once Controllers are up, configure Controller settings with DNS, NTP addresses with IPv6 endpoints.

  4. All labels (SE_SECURE_CHANNEL, HSM, MGMT) are attached to primary interface (eth0) by default. You can optionally add the additional secondary interface (either v6 or v4) and move the labels to secondary as follows:

    1. Add the additional interface from vCenter to the Controller Interface.

    2. Configure this additional interface and move labels using UI for Controller Node Interface. For more details, see Controller Interface and Route Management section below in this guide.

    3. Ensure to have consistency for above interface across nodes in cluster.

  5. After configuring the cluster for IPv6, the cluster configuration appears as shown below:



Workflow 2: No-Access Service Engines with IPv6 Management

After deploying the Controller with IPv6 management interface, the following workflow must be followed to connect with Service Engine in no orchestrator mode with IPv6 management IP on SE:.

Configure the primary interface on Controllers with IPv6 as mentioned in the workflow above. Use that IP address in the vCenter property (AVI_CTRL) for the Controller IP, to enable the SE to connect to the Controller, using the steps below:

  1. Download the SE.OVA and Service Engine deployment in no-access mode.

  2. Provide the IPv6 address of Controller management interfaces during deployment using AVICNTRLV6 field.

  3. In the Deploy OVA template wizard, when prompted for management IP addresses and gateway, configure the following fields:

    1. avi.mgmt-ip-v6.SE: Management Interface IPv6 Address

    2. avi.mgmt-mask-v6.SE: Management Interface IPv6 Subnet Mask

    3. default-gw-v6.SE: The Default IPv6 Gateway for the Service Engine

  4. Starting with Avi Load Balancer version 30.2.1, mgmt_ip_v6_enable and mgmt_ip_v4_enable flags are introduced to decide the SE Management Interface type for connecting to the Controller. For IPv6 only Controller, mgmt_ip_v6_enable should be set to True. (If both mgmt_ip_v4_enable and mgmt_ip_v6_enable is True, the SE will acquire the V4 IP as its name. If the Controller IP is V4, or the V6 IP as its name if the Controller IP is V6).

Note:

Starting with Avi Load Balancer version 30.2.1, the above fields are available in the Service Engine OVA properties. If these OVF properties are left blank, the Service Engine tries to acquire an IPv6 address based on the Router Advertisements for the network.

For management IP, Service Engines can also be dual stack and secure channel establishment will be based on the Controller IP provided while deploying Service Engine.

Workflow 3: Write Access Service Engines with IPv6 Management

After deploying the Controller with IPv6 interfaces for primary interface, the write access cloud must be created with type vCenter. Service Engine deployment is automatically handled by the Controller. You can create a virtual service for the write access cloud, which, in turn triggers a Service Engine creation.

  • With IPv6 only Controllers, vCenter cloud should be created with option of Enable IPv6 for management network. This setting will make sure to bring up SE with IPv6 management network.

  • For dual stack configuration on Service Engine, use both Enable IPv4 and Enable IPv6 options.

  • The Controller will provide its IP when Service Engines are being created. For choosing the Controller IP, the Service Engine has to consider the following order of preference of Controller IPs:

    • Interface IP with SE_SECURE_CHANNEL label (Primary interface in above case of IPv6 only Controller)

    • Public IP of the Controller

    • Cluster VIP

    • Leader Management IP



Note:
  1. The ip6_autoconfig_enabled field under network configuration overwrites the ip6_autoconfig_enabled field under cloud configuration.