AKO provides end-to-end support for IPv6 for Layer 7. This topic provides detailed explanation on the use cases, supportability, and configuration for IPv6.
Use Cases
AKO supports IPv6 as well as dual stack. The different use cases with details about dual stack support are as listed below:
Use Case |
Dual Stack Support |
Description |
|---|---|---|
Frontend VIP |
Supported |
User can choose tohave either v6 only or dual VIPs (v4 and v6) for the virtual services. IPv6 VIP for LoadBalancer type service is not supported (L4Policy set does not support IPv6 on NSX Advanced Load Balancer). |
Backend (Pod IPs) |
v4/v6 |
AKO will add either v4 or v6 addresses to the pools based on AKO configuration (value of ipFamily field). AKO does not support a mixture of v4 and v6 addresses. |
Kubernetes Nodes |
v4/v6 |
AKO configures routes to the pod IPs through Node IP. AKO chooses either a v4 or a v6 IP based on the ipFamily attribute in AKO config. For NodePort mode, AKO will choose either v4 or v6 IPs of Nodes based on the ipFamily attribute in AKO config. |
Avi Controller IP |
v4 only |
AKO supports only v4 IPs to communicate to the Avi Controller management interface. |
Kubernetes API Server |
v4 only |
AKO supports only IPv4 to communicate to the Kubernetes API server. v6 is not supported. |
Supportability Matrix
Case |
Support |
|---|---|
Cloud |
vCenter |
CNI |
Calico, Antrea |
Kubernetes |
Supported |
OpenShift |
Not Supported |
NodeportLocal |
Not Supported |
Configuring Frontend Support for IPv6
Under NetworkSettings.vipNetworklist in values.yaml, specify v6cidr for networks.
NetworkSettings: ... vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud. # vipNetworkList: # - networkName: net1 # cidr: 100.1.1.0/24 # v6cidr: 2002::1234:abcd:ffff:c0a8:101/64 ...
v6cidr is an optional field and can be specified independent of cidr. When v6cidr is specified, AKO will enable auto allocation for IPv6 IPs for VIP. AKO allows VIPs to have both v4 and v6 IPs.
Configuring Backend Support for IPv6
The ipFamily field, ipFamily (values: V4, V6; default: V4), in values.yaml determines whether AKO will choose IPv6 or IPv4 IPs for pool servers. To change ipFamily, AKO must reboot.
When the ipFamily is v6, AKO looks for an IPv6 address for nodes to add to static routes.For Calico CNI, AKO will read node IP from internal IP or node annotation projectcalico.org/IPv6Address.
For Antrea CNI, AKO will read node IP from internal IP or node annotation node.antrea.io/transport-addresses, if transport interface is specified in the Antrea configuration.
