This topic provides the work flow for enabling IPv6 communication between Service Engine and Controller for different use-cases like Write access vCenter Cloud and No access Service Engine in vCenter.
With version 22.1.3, the NSX Advanced Load Balancer supports IPv6 configuration for its Controllers and connectivity between Controllers to Service Engines. This support enables the option for IPv6 communication between control plane and data plane.
Workflow 1: IPv6 Enabled Controller
The following workflow explains the steps to configure Controllers with IPv6 interface and enable IPv6 communication to the control plane. This workflow is followed for using an IPv6 interface on the Controller, and to use this configured IPv6 interface for IPv6 connectivity to the Service Engine:
Create the Controller. For more information, see Deploying the NSX Advanced Load Balancer Controller OVA section in Deploying NSX Advanced Load Balancer Controller in VMware vCenter topic in VMware NSX Advanced Load BalancerInstallation guide.
Add an additional network adapter on all the Controller nodes from vCenter configuration.
Note:Ensure that the Controller nodes are powered off before the NIC is added and then powered on again.
In case of a cluster setup, do this sequentially, one node at a time.
Configure IPv6 addresses for the controller interfaces using the controller cluster configuration.For more information, see Configuring IPv6 Addresses for Secondary Interface.
Note:Starting with NSX Advanced Load Balancer version 22.1.3, interface configuration under cluster node supports IPv6 fields, in addition to IPv4 fields.
Configure ip6, mode6, and gateway6 instead of IP, mode, and gateway for IPv6 configuration for secondary interfaces (non-eth0).
Move the SE_SECURE_CHANNEL label to the IPv6 interface from eth0.
Form a cluster with 3 nodes.
You can also complete step 5 before steps 3 and 4, that is, form the cluster, followed by configuring IPv6 interface details on all the 3 nodes at once, from the leader.
Moving the SE_SECURE_CHANNEL label is possible only if no SEs are connected to the Controller.
After configuring the cluster for IPv6, the cluster configuration appears as shown below:
[admin:1234]: > show cluster +-----------------+----------------------------------------------+ | Field | Value | +-----------------+----------------------------------------------+ | uuid | cluster-38d7ba17-e356-431c-8778-0c1cd94c2fd7 | | name | cluster-0-1 | | nodes[1] | | | name | 100.65.8.152 | | ip | 100.65.8.152 | | vm_uuid | 0000004bef8c | | vm_mor | vm-39057 | | vm_hostname | node1.controller.local | | interfaces[1] | | | if_name | eth0 | | mac_address | 00:00:00:4b:ef:8c | | mode | STATIC | | ip | 100.65.8.152/20 | | gateway | 100.65.15.254 | | labels[1] | MGMT | | labels[2] | HSM | | interfaces[2] | | | if_name | eth1 | | mac_address | 00:00:00:43:fd:ac | | labels[1] | SE_SECURE_CHANNEL | | mode6 | STATIC | | ip6 | 2402:740:0:412::152/64 | +-----------------+----------------------------------------------+ [admin:1234]: >
Workflow 2: No-Access Service Engines with IPv6 Management
After deploying the Controller with IPv6 interfaces and moving label for using IPv6 management, the following workflow must be followed to display no access Service Engines with IPv6 management IP.
Configure the secondary interfaces on Controllers as mentioned in the workflow above. Use that IP address in the vCenter property (AVI_CTRL) for the Controller IP, to enable the SE to connect to the Controller, using the steps below:
Download the SE.OVA and Service Engine deployment in no-access mode.
In the Deploy OVA template wizard, when prompted for management IP addresses and gateway, configure the following fields.
avi.mgmt-ip-v6.SE: Management Interface IPv6 Address
avi.mgmt-mask-v6.SE: Management Interface IPv6 Subnet Mask
default-gw-v6.SE: The Default IPv6 Gateway for the Service Engine
Note:Starting with NSX Advanced Load Balancer version 22.1.3., the above fields are available in the Service Engine OVA properties.
If these OVF properties are left blank, the Service Engine tries to acquire an IPv6 address based on the Router Advertisements for the network.
For management IP, Service Engines can also be dual stack.
Workflow 3: Write Access Service Engines with IPv6 Management
After deploying the Controller with IPv6 interfaces and after the SE_SECURE_CHANNEL label is moved for using IPv6 management, the write access cloud must be created with type vCenter. Service Engine deployment is automatically handled by the Controller. You can create a virtual service for the write access cloud, which, in turn triggers a Service Engine creation.
When the Controller’s secondary interface has IPv6 address with label enabled for IPv6 communication, Write access Service Engines will attempt to acquire both IPv6 and IPv4 address.
The Controller will provide its IP when Service Engines are being created. For choosing the Controller IP, the Service Engine has to consider the following order of preference of Controller IPs:
Secondary Interface IP with SE_SECURE_CHANNEL label
Public IP of the Controller
Cluster VIP
Leader Management IP
Caveats
IPv6 IPAM for the Service Engine's management network is not supported in vCenter Write access cloud. The Service Engine’s IPv6 address must be allocated through DHCP. The field ip6_autoconfig_enabled must be set to True
in the network configuration for the Service Engine's management network. A sample configuration is shown below.
[admin:1234]: > show network vxw-dvs-34-virtualwire-258-sid-2140257-wdc-02-vc14-avi-internal-mgmt +----------------------------+----------------------------------------------------------------------+ | Field | Value | +----------------------------+----------------------------------------------------------------------+ | uuid | dvportgroup-62624-cloud-7091e138-82c8-48b9-931c-7183dc5346a6 | | name | vxw-dvs-34-virtualwire-258-sid-2140257-wdc-02-vc14-avi-internal-mgmt | | vcenter_dvs | True | | vimgrnw_ref | vxw-dvs-34-virtualwire-258-sid-2140257-wdc-02-vc14-avi-internal-mgmt | | dhcp_enabled | True | | exclude_discovered_subnets | False | | vrf_context_ref | global | | synced_from_se | True | | ip6_autocfg_enabled | True | | tenant_ref | admin | | cloud_ref | Default-Cloud | +----------------------------+----------------------------------------------------------------------+
The ip6_autoconfig_enabled field under network configuration overwrites the ip6_autoconfig_enabled field under cloud configuration.