The Avi Load Balancer supports IPv6 and IPv4 network infrastructure for data plane and limited support for Controllers with IPv6. With increased adoption of IPv6 in traditional networks and modern infrastructure, enterprises are moving to hybrid (IPv4 + IPv6) layer3 networks.
Avi Load Balancer supports IPv6 configuration for its Controllers for all purposes including SE connectivity and communication with external entities. This support enables customers to deploy Control-plane with full IPv6 capabilities for private cloud environment.
In Avi Load Balancer 22.1.x versions, the Avi Load Balancer supported configuring secondary interfaces (with either V4 or V6), primary interface (Strictly V4) and static routes on the Controller at the cluster level. You could move se_secure_channel
label to secondary v6 interface to have SE to Controller connectivity over IPv6. For more information on this configutation, see Controller Interface and Route Management section in this guide.
Starting with Avi Load Balancer version 30.2.1, the Controllers can have Primary Interface with IPv6 (no dual stack support). Customers can add an optional secondary interface (either IPv4 or IPv6) and move the labels as per their requirements. The following features are supported on the Controller side of the Avi Load Balancer version 30.2.1:
Primary Interface with IPv6 or IPv4 address.
Clustering over IPv6.
Cloud connector support for NSX-T cloud and vCenter Cloud with IPv6 IPs for NSX Manager and vCenter.
Controller support for DNS, NTP and external entities communication over IPv6.
AKO to Avi Load Balancer Controller Communication over IPv6.
Considerations
This feature is only supported in VMware ecosystems with No-access and Write-access vCenter Cloud type and NSX-T Cloud.
Only Static IP mode is supported for the IPv6 interface on the Controller.Dual stack is not supported.
Primary or secondary should be configured with either IPv4 or IPv6.
Clustering is supported with only IP address for IPv6 Controllers and not with FQDN resolving to IPv6 address.
Router Advertisement is not supported for IPv6 controllers and static gateway should be configured for IPv6.
The access controls are applied only to the primary interface. It is recommended to use external firewall settings to restrict access, for instance, inbound SSH to the additional interface. For more information, see Securing Management IP Access section.
Enabling the System to Utilize IPv6 for Management Plane
To enable the system to utilize IPv6 for management plane, run the following steps:
Deploy Controller with IPv6 Management plane.
Follow migration guide for moving to IPv6 system. One needs to create new Controllers with IPv6 IP and use Disaster Recovery mechanism for moving to new Controllers from IPv4 management Controllers. For more details, see Migration from IPv4 Primary with IPv6 Secondary to IPv6 only Cluster topic.
Only new NSX-T clouds with IPv6 address are supported whereas existing vCenter Cloud could be edited to point to IPv6 address of vCenter.
Change Controller settings to point to IPv6 endpoints, for instance, DNS, NTP etc.
Caveats
You can configure either IPv4 or IPv6 address for interfaces on the Controller. Dual stack mode for Controller’s management IP configuration is currently not supported in the Avi Load Balancer.
IPv6 Management plane support is not available in FIPS mode.