Overview: IPv4 and IPv6 Dual-Stack Networking
SUMMARY Cloud-Native Contrail® Networking™ supports dual-stack networking for your Kubernetes cluster. When you bring up a Kubernetes cluster, dual stack is enabled by default. The Cloud-Native Contrail Networking deployer then creates dual-stack (IPv4, IPv6) pod networks and service networks.
IPv4 and IPv6 Overview
The ever-increasing scale and complexity of small, medium, and enterprise networks means that the demand for IP addresses is greater than ever before. As a result of the increasing demand for IP addresses, the number of IPv4 addresses that service providers allocate is scarce. In addition, service providers must serve current IPv4 customers and new IPv6 customers simultaneously. Since IPv4 comprises the majority of current network infrastructure, most of these IPv6 networks attempt to communicate with IPv4 destinations.
The scarcity of IPv4 addresses is not new, and modern solutions like dual-stack virtual networking facilitate the transition between IPv4 and IPv6 efficiently. A dual-stack device has network interfaces that send and receive both IPv4 and IPv6 packets. In the case of virtual networking, the dual-stack feature of your Kubernetes cluster assigns both IPv4 addresses and IPv6 addresses to pods.
Dual-Stack Networking Prerequisites
Dual-stack networking requires the following:
-
Kubernetes version 1.20 or later
-
Provider support for dual-stack networking
Your provider must be able to provide Kubernetes nodes with routable IPv4 and IPv6 networking interfaces.
-
A network plug-in that supports dual stack (provided with Cloud-Native Contrail Networking)
Enable Dual-Stack Networking
The following Kubernetes distributions support dual-stack networking:
- Kubeadm
- Kubespray
You must set
up
a Kubeadm or Kubespray Kubernetes cluster with dual-stack featureGate
enabled.
Consider the following YAML file. Note that the dual-stack
featureGate flag is IPv6DualStack: true and
that
the IPv6 Classless Inter-Domain Routing (CIDR) subnet is present as
podSubnet and
serviceSubnet.
apiVersion: kubeadm.k8s.io/v1beta2
bootstrapTokens:
- groups:
- system:bootstrappers:kubeadm:default-node-token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
- signing
- authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: 0.0.0.0
bindPort: 6443
nodeRegistration:
name: hostname
criSocket: unix:///var/run/crio/crio.sock
kubeletExtraArgs:
fail-swap-on: "false"
network-plugin: "cni"
cni-conf-dir: "/etc/cni/net.d"
cni-bin-dir: "/opt/cni/bin"
---
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes-contrail-dev
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.20.0
networking:
dnsDomain: cluster.local
serviceSubnet: 10.96.0.0/12,2222:0:0:0::/108
podSubnet: 192.168.0.0/16,2001:0:0:0::/64
scheduler: {}
featureGates:
IPv6DualStack: true
---
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
anonymous:
enabled: false
webhook:
cacheTTL: 0s
enabled: true
x509:
clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
mode: Webhook
webhook:
cacheAuthorizedTTL: 0s
cacheUnauthorizedTTL: 0s
cgroupDriver: systemd
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
cpuManagerReconcilePeriod: 0s
evictionPressureTransitionPeriod: 0s
fileCheckFrequency: 0s
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 0s
imageMinimumGCAge: 0s
kind: KubeletConfiguration
logging: {}
nodeStatusReportFrequency: 0s
nodeStatusUpdateFrequency: 0s
rotateCertificates: true
runtimeRequestTimeout: 0s
shutdownGracePeriod: 0s
shutdownGracePeriodCriticalPods: 0s
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 0s
syncFrequency: 0s
volumeStatsAggPeriod: 0s
podNetwork. Subsequent pod networks that you create contain an IPv6 subnet.
As a result, pods receive IPv4 and IPv6 addresses. Cloud-Native Contrail Networking does not currently support IPv6 for services. The service network is IPv4 only.