You can configure NCP to support IPv6.
To configure IPv6, note the following:
- Only Policy mode is supported. For more information, see Setting Up NSX-T Resources.
- Both single-tier and two-tier topologies are supported.
- For north-south traffic to work properly, the tier-0 gateway must have an IPv6 address.
- Kubernetes nodes must have an IPv6 address. Otherwise, there will be no connectivity between the nodes and pods, and TCP and HTTP liveness and readiness probes will not work. Either SLAAC, or static IPs can be used for Kubernetes nodes. The Kubernetes nodes can also be in dual-stack mode. In this case, you must register the node with an IPv6 address in Kubernetes. To do this, specify the IPv6 address with the -node-ip option as one of kubelet's startup parameters. Otherwise, kubelet will always prioritize the IPv4 address.
- The Kubernetes cluster must be created with an IPv6 service cluster network CIDR. Note that the maximum size for this subnet is 16 bits.
- In NCP config, you must disable SpoofGuard by setting enable_spoofguard = False in the [nsx_v3] section.
- In nsx-node-agent config, IPv6 must be enabled to instruct the CNI plugin to enable IPv6 in containers. To do this, set enable_ipv6 = True in the [nsx-node-agent] section. Make sure to set this configuration option before the bootstrap process for NCP is executed.
- All namespaces will be in no-SNAT mode. SNAT per service as well as any other SNAT capability are not enabled in IPv6.
- Dual stack for containers is not supported. Every container must have only an IPv6 address.
- Mixing IPv4 and IPv6 IP blocks in NCP configuration will result in a startup failure.
NCP with IPv6 has the following limitations:
- Creating NSX-T load balancers through LoadBalancer CRDs is not supported.
- Automatic scaling of NSX-T layer-4 load balancers is not supported.