Skip to content

Commit 007c82a

Browse files
authored
Dualstack support (#208)
1 parent 4b32d5e commit 007c82a

File tree

10 files changed

+114
-4
lines changed

10 files changed

+114
-4
lines changed

Makefile

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -128,10 +128,15 @@ external_network:
128128
--gateway=203.0.113.1 \
129129
--subnet=203.0.113.0/24 \
130130
--ip-range=203.0.113.0/26 \
131+
--ipv6 \
132+
--gateway=2001:db8::1 \
133+
--subnet=2001:db8::/48 \
131134
--opt "com.docker.network.driver.mtu=9000" \
132135
--opt "com.docker.network.bridge.name=mini_lab_ext" \
133136
--opt "com.docker.network.bridge.enable_ip_masquerade=true" && \
134-
sudo ip route add 203.0.113.128/25 via 203.0.113.128 dev mini_lab_ext; fi
137+
sudo ip route add 203.0.113.128/25 via 203.0.113.128 dev mini_lab_ext && \
138+
sudo ip -6 route add 2001:db8:0:113::/64 via 2001:db8:0:1::1 dev mini_lab_ext; \
139+
fi
135140

136141
.PHONY: env
137142
env:
@@ -168,7 +173,11 @@ firewall: _privatenet
168173

169174
.PHONY: public-ip
170175
public-ip:
171-
@docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network ip create --name test --network internet-mini-lab --project 00000000-0000-0000-0000-000000000001 -o template --template "{{ .ipaddress }}"
176+
@docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network ip create --name test --network internet-mini-lab --project 00000000-0000-0000-0000-000000000001 --addressfamily IPv4 -o template --template "{{ .ipaddress }}"
177+
178+
.PHONY: public-ipv6
179+
public-ipv6:
180+
@docker compose run $(DOCKER_COMPOSE_RUN_ARG) metalctl network ip create --name test --network internet-mini-lab --project 00000000-0000-0000-0000-000000000001 --addressfamily IPv6 -o template --template "{{ .ipaddress }}"
172181

173182
.PHONY: ls
174183
ls: env
@@ -292,6 +301,25 @@ test-connectivity-to-external-service:
292301
fi; \
293302
done
294303

304+
.PHONY: test-connectivity-to-external-service-via-ipv6
305+
test-connectivity-to-external-service-via-ipv6:
306+
@for i in $$(seq 1 $(MAX_RETRIES)); do \
307+
if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent http://[2001:db8::10]" > /dev/null 2>&1; then \
308+
echo "Connected successfully"; \
309+
exit 0; \
310+
else \
311+
echo "Connection failed"; \
312+
if [ $$i -lt $(MAX_RETRIES) ]; then \
313+
echo "Retrying in 2 seconds..."; \
314+
sleep 2; \
315+
else \
316+
echo "Max retries reached"; \
317+
exit 1; \
318+
fi; \
319+
fi; \
320+
done
321+
322+
295323
## DEV TARGETS ##
296324

297325
.PHONY: dev-env

docs/network.svg

Lines changed: 1 addition & 1 deletion
Loading

files/exit/frr.conf

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ log syslog informational
66
vrf vrfInternet
77
vni 104009
88
ip route 0.0.0.0/0 203.0.113.1
9+
ipv6 route ::/0 2001:db8::1
910
exit-vrf
1011
!
1112
interface eth1
@@ -18,6 +19,7 @@ interface eth2
1819
!
1920
interface mini_lab_ext
2021
ip address 203.0.113.128/24
22+
ipv6 address 2001:db8:0:1::1/48
2123
!
2224
interface lo
2325
ip address 10.0.0.21/32
@@ -35,6 +37,10 @@ router bgp 4200000021
3537
redistribute connected route-map LOOPBACKS
3638
exit-address-family
3739
!
40+
address-family ipv6 unicast
41+
redistribute connected route-map LOOPBACKS
42+
exit-address-family
43+
!
3844
address-family l2vpn evpn
3945
advertise-all-vni
4046
neighbor FABRIC activate
@@ -49,8 +55,13 @@ router bgp 4200000021 vrf vrfInternet
4955
redistribute static
5056
exit-address-family
5157
!
58+
address-family ipv6 unicast
59+
redistribute static
60+
exit-address-family
61+
!
5262
address-family l2vpn evpn
5363
advertise ipv4 unicast
64+
advertise ipv6 unicast
5465
exit-address-family
5566
!
5667
route-map LOOPBACKS permit 10

files/exit/network.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,3 +25,5 @@ bridge vlan del vid 1 untagged pvid dev vniInternet
2525
bridge vlan add vid 1000 dev vniInternet
2626
bridge vlan add vid 1000 untagged pvid dev vniInternet
2727
ip link set up dev vniInternet
28+
29+
sysctl -w net.ipv6.conf.all.forwarding=1

files/external_service/network.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,5 @@ set -o errexit -o xtrace
33

44
ip addr add 203.0.113.100/24 dev mini_lab_ext
55
ip route add 203.0.113.128/25 via 203.0.113.128 dev mini_lab_ext
6+
ip -6 addr add 2001:db8::10/48 dev mini_lab_ext
7+
ip -6 route add 2001:db8:0:113::/64 via 2001:db8:0:1::1 dev mini_lab_ext

files/ignition.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
"path": "/etc/hosts.allow",
1515
"append": true,
1616
"contents": {
17-
"source": "data:,ALL%3A%20%5Bfe80%3A%3A%5D%2F10%0D%0AALL%3A%20203.0.113.1%0D%0A",
17+
"source": "data:,ALL%3A%20%5Bfe80%3A%3A%5D%2F10%0AALL%3A%20203.0.113.1%0AALL%3A%20%5B2001%3Adb8%3A%3A1%5D%0A%0A",
1818
"verification": {}
1919
},
2020
"mode": 644

files/rules.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,27 @@ egress:
33
- comment: allow outgoing http and https
44
ports:
55
- 80
6+
protocol: TCP
7+
to:
8+
- 0.0.0.0/0
9+
- comment: allow outgoing http
10+
ports:
11+
- 80
12+
protocol: TCP
13+
to:
14+
- ::/0
15+
- comment: allow outgoing https
16+
ports:
617
- 443
718
protocol: TCP
819
to:
920
- 0.0.0.0/0
21+
- comment: allow outgoing https
22+
ports:
23+
- 443
24+
protocol: TCP
25+
to:
26+
- ::/0
1027
- comment: allow outgoing dns via tcp
1128
ports:
1229
- 53
@@ -38,3 +55,11 @@ ingress:
3855
- 203.0.113.0/24
3956
to:
4057
- 203.0.113.128/25
58+
- comment: allow incoming ssh
59+
ports:
60+
- 22
61+
protocol: TCP
62+
from:
63+
- 2001:db8::1/128
64+
to:
65+
- 2001:db8:0:113::/64

inventories/group_vars/all/images.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ setup_yaml:
1818
# metal_masterdata_api_image_tag:
1919
# metal_console_image_name:
2020
# metal_console_image_tag:
21+
# metal_core_image_tag:
2122
# ...
2223
#
2324
# further overrides can be looked up in the metal-role projects where the mapping is defined:

inventories/group_vars/control-plane/metal.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -65,8 +65,12 @@ metal_api_networks:
6565
underlay: false
6666
destinationprefixes: []
6767
partitionid: mini-lab
68+
defaultchildprefixlength:
69+
IPv4: 22
70+
IPv6: 96
6871
prefixes:
6972
- 10.0.0.0/16
73+
- 2001:db8:0:10::/64
7074
additionalAnnouncableCIDRs:
7175
- 10.240.0.0/12
7276
- id: internet-mini-lab
@@ -77,10 +81,12 @@ metal_api_networks:
7781
underlay: false
7882
destinationprefixes:
7983
- 0.0.0.0/0
84+
- ::/0
8085
partitionid: "mini-lab"
8186
vrf: 104009
8287
prefixes:
8388
- 203.0.113.128/25
89+
- 2001:db8:0:113::/64
8490
labels:
8591
network.metal-stack.io/default: ""
8692
network.metal-stack.io/default-external: ""
@@ -95,6 +101,18 @@ metal_api_networks:
95101
prefixes:
96102
- 10.1.0.0/24
97103

104+
metal_api_ips:
105+
- name: "reserve v4"
106+
description: "Reserve IPv4 (for testing purposes)"
107+
networkid: internet-mini-lab
108+
projectid: 00000000-0000-0000-0000-000000000000
109+
ipaddress: "203.0.113.142"
110+
- name: "reserve v6"
111+
description: "Reserve IPv6 (for testing purposes)"
112+
networkid: internet-mini-lab
113+
projectid: 00000000-0000-0000-0000-000000000000
114+
ipaddress: "2001:db8:0:113::142"
115+
98116
metal_masterdata_api_tls_ca: "{{ lookup('file', 'certs/ca.pem') }}"
99117
metal_masterdata_api_tls_cert: "{{ lookup('file', 'certs/masterdata-api/server.pem') }}"
100118
metal_masterdata_api_tls_cert_key: "{{ lookup('file', 'certs/masterdata-api/server-key.pem') }}"

test/integration.sh

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@ echo "$phoned/$minPhoned machines have phoned home"
4545
echo "Test connectivity to outside"
4646
make test-connectivity-to-external-service
4747

48+
echo "Test connectivity to outside via ipv6"
49+
make test-connectivity-to-external-service-via-ipv6
50+
4851
echo "Test connectivity from outside"
4952
public_ip=$(make public-ip)
5053
make ssh-machine COMMAND="sudo ip addr add ${public_ip}/32 dev lo"
@@ -65,4 +68,24 @@ for i in $(seq 1 10); do
6568
fi
6669
done
6770

71+
echo "Test connectivity from outside via ipv6"
72+
public_ipv6=$(make public-ipv6)
73+
make ssh-machine COMMAND="sudo ip -6 addr add ${public_ipv6}/128 dev lo"
74+
75+
for i in $(seq 1 10); do
76+
if ssh -F files/ssh/config metal@"${public_ipv6}" -C exit > /dev/null 2>&1; then
77+
echo "Connected successfully"
78+
break
79+
else
80+
echo "Connection failed"
81+
if [ $i -lt 10 ]; then
82+
echo "Retrying in 1 second..."
83+
sleep 1
84+
else
85+
echo "Max retries reached"
86+
exit 1
87+
fi
88+
fi
89+
done
90+
6891
echo "Successfully started mini-lab"

0 commit comments

Comments
 (0)