Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
list Table of Contents
file_download PDF
keyboard_arrow_right

FloatingIP/DNAT for IPv6 Addresses

date_range 20-Jul-23

SUMMARY Juniper Cloud-Native Contrail release 23.1 supports FloatingIP, or Dynamic Network Address Translation (DNAT), for dual stack-enabled services (ClusterIP). This article provides information about how this feature works in CN2.

Prerequisites

This feature requires the following:

FloatingIP/DNAT Overview

In CN2, a FloatingIP implements ClusterIP functionality. After you create a service, a FloatingIP is allocated to that service from the service subnet and associated to all the back-end pod VMIs in the cluster. The vRouter performs DNAT for the back-end pods. This process comprises Equal-Cost Multi-Path Routing (ECMP) load balancing, where the back-end pod VMIs act as ECMP paths.

DNAT for IPv6 Overview

CN2 release 23.1 supports DNAT (FloatingIP) for IPv4 and IPv6 addresses for the CN2 ClusterIP service. DNAT for IPv6 functions the same as DNAT for IPv4; create a service (ClusterIP), specify PreferDualStack for the ipFamilyPolicy, and an IPv6 FloatingIP is allocated to that service. The vRouter performs DNAT and routes traffic to the next hop, or the translated destination address (back end pod VMI). from external networks to your back-end pod VMIs.

Deploy FloatingIP/DNAT

Complete the following steps to deploy this feature.

  • Configure and install a Deployment. The Deployment object creates the back-end pods for the ClusterIP service. The following is an example Deployment. This Deployment creates a pod named nginx with a mounted nginx-xconf config.

    content_copy zoom_out_map
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: nginx
      namespace: example-clusterip6
    spec:
      selector:
        matchLabels:
          app: nginx
      replicas: 1 
      template: 
        metadata:
          labels:
            app: nginx
        spec:
          tolerations:
            - key: "node.kubernetes.io/unreachable"
              operator: "Exists"
              effect: "NoExecute"
              tolerationSeconds: 2
            - key: "node.kubernetes.io/not-ready"
              operator: "Exists"
              effect: "NoExecute"
              tolerationSeconds: 2
          containers:
          - name: nginx
            image: <repository>:<tag>
            ports:
            - containerPort: 8080
            volumeMounts:
                - name: nginx-conf
                  mountPath: /etc/nginx/nginx.conf
                  subPath: nginx.conf
                  readOnly: true
          volumes:
          - name: nginx-conf
            configMap:
              name: nginx-conf
              items:
                - key: nginx.conf
                  path: nginx.conf
  • Create a ClusterIP service. The following is an example service.

    content_copy zoom_out_map
    apiVersion: v1
    kind: Service
    metadata:
      name: nginx
      namespace: clusterip6
      labels:
        app: nginx
    spec:
      ports:
      - name: http
        port: 8080
        protocol: TCP
        targetPort: 8080
      selector:
        app: nginx
      ipFamilies:
      - "IPv6"

    Note the following fields:

    • labels: Identifies back-end pods with the app: nginx label.

    • selector: Instructs the service to select VMIs belonging to back-end pods the with app: nginx label.

    • ipFamilies: Specifies the IP family the ClusterIP service uses. The default is IPv4. To use both IP families, use the value IpFamilyPolicy: PreferDualStack.

external-footer-nav