-
Notifications
You must be signed in to change notification settings - Fork 261
feat(ipam): add doc about IPv6 #4009
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Changes from 5 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
829a8a2
feat(ipam): ipv6
RoRoJ 4cb0790
feat(ipam): continue IPv6 doc
RoRoJ 80593f1
fix(ipam): continue ipv6
RoRoJ 86f701b
fix(ipam): fix headres
RoRoJ a84ca5d
feat(ipam): finish IPv6 doc
RoRoJ a0bc8c3
Update network/ipam/reference-content/ipv6.mdx
RoRoJ 2d58f6f
Apply suggestions from code review
RoRoJ 1c573c7
Update network/ipam/reference-content/ipv6.mdx
RoRoJ 2d86a0b
feat(ipam): add ipv6 mention
RoRoJ 3fa41db
Update network/ipam/reference-content/ipv6.mdx
RoRoJ 4d77242
Apply suggestions from code review
RoRoJ File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| --- | ||
| meta: | ||
| title: IPv6 and the Scaleway ecosystem | ||
| description: Learn about IPv6 at Scaleway - configuration, routing, security, and best practices for seamless integration and scalability. Transition smoothly with our step-by-step guide. | ||
| content: | ||
| h1: IPv6 and the Scaleway ecosystem | ||
| paragraph: Learn about IPv6 at Scaleway - configuration, routing, security, and best practices for seamless integration and scalability. Transition smoothly with our step-by-step guide. | ||
| tags: ipv6 ipv4 support | ||
| dates: | ||
| validation: 2024-11-18 | ||
| posted: 2024-11-18 | ||
| categories: | ||
| - network | ||
| --- | ||
|
|
||
| IPv6 is increasingly important, as the world transitions to a more connected, secure and scalable internet. While IPv4 still reigns supreme in terms of volume of usage, IPv6 adoption is steadily increasing, with tech giants and ISPs in particular pushing for more widespread IPv6 uptake and integration. | ||
|
|
||
| Read on to find out more about IPv6, how it is supported at Scaleway, and how you can configure your resources and infrastructure to take full advantage of this modern protocol. | ||
|
|
||
| ## What is IPv6? | ||
|
|
||
| **IP**, or **Internet Protocol** enables machines to locate and communicate with each other on networks like the Internet or private subnets, by assigning each connected machine a unique IP address. An IP address is a set of numbers to identify the machine on the network. | ||
|
|
||
| The most commonly recognized and most widely-used IP version is **IPv4**, launched in 1983. Each IPv4 address has 32 bits. Written in human-readable form, an IPv4 address is generally shown as four octets separated by periods, e.g. `151.115.59.87`. However, with the growing number of machines connected to the Internet, the world is literally running out of unique IPv4 addresses - only 4.3 billion unique addresses of this format are possible. | ||
|
|
||
| This is where **IPv6** comes in, the most recent version of the IP protocol. Each IPv6 address has 128 bits, meaning a pool of Written in human-readable form, an IPv6 address can be shown as eight groups of four hexadecimal digits, each group representing 16 bits and separated by a colon, e.g. `2001:0DB8:0000:0003:0000:01FF:0000:002E`. This can also be notated as `2001:DB8::3:0:1FF:0:2E`. | ||
|
|
||
| As well as providing a much bigger address space, IPv6 also includes a built-in network security layer (IPsec), as well as improved features for reliability and efficiency, liked autoconfiguration, streamlined headers and improved Quality of Service (QoS). All leading to a more robust and secure protocol, that can potentially offer lower latency and faster data transfer. | ||
RoRoJ marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ## IPv6-compatible products | ||
|
|
||
| The following products support IPv6: | ||
|
|
||
| ### Instances and IPv6 | ||
|
|
||
| Scaleway Instances are compatible with IPv6, with the caveat that the Instance must be using [routed IPs](/compute/instances/concepts/#routed-flexible-ip). Recently created Instances use routed IPs by default, older Instances may need to be [moved manually to routed IPs](/compute/instances/how-to/migrate-routed-ips/). | ||
RoRoJ marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| #### Public IPv6 | ||
|
|
||
| You can attach one or multiple public (flexible) IPv6 addresses to your Instance, as well as, or instead of, a public IPv4 address. These public addresses are flexible, meaning that you can detach them from an Instance, hold them in your account, and attach them to a different Instance later, if you want. Each flexible IPv6 address is a `/64` IPv6 subnet. | ||
|
|
||
| #### Private IPv6 | ||
|
|
||
| When you attach an Instance to a Private Network, it gets both an IPv4 and an IPv6 address on that network. You can either let IPAM auto-allocate any available address, or specify a [reserved IP address](/network/ipam/how-to/reserve-ip/) to use. | ||
|
|
||
| #### Going further | ||
|
|
||
| Go further with Instances and IPv6 in the following documentation: | ||
|
|
||
| - [How to use flexible IPs](/compute/instances/how-to/use-flexips/) | ||
| - [Compatibility between OS images and different flexible IP type combinations](/compute/instances/reference-content/comaptibility-scw-os-images-flexible-ip/) | ||
| - [Using routed IPs](/compute/instances/api-cli/using-routed-ips/) | ||
| - Fix lost IPv6 connectivity when migrating to routed IP for old [Debian Buster images](/instances/troubleshooting/fix-lost-ip-connectivity-on-debian-buster/) or [RHEL images](/compute/instances/troubleshooting/fix-unreachable-ipv6-rhel-based-instance/) | ||
| - [Fix DNS resolution with a routed IPv6-only setup on Debian Bullseye](/compute/instances/troubleshooting/fix-dns-routed-ipv6-only-debian-bullseye/) | ||
|
|
||
| ### Elastic Metal and IPv6 | ||
|
|
||
| Scaleway Elastic Metal servers are compatible with IPv6. | ||
|
|
||
| #### Public IPv6 | ||
|
|
||
| You can attach one or multiple public (flexible) IPv6 addresses to your Elastic Metal server, as well as, or instead of, a public IPv4 address. These public addresses are flexible, meaning that you can detach them from an Elastic Metal server, hold them in your account, and attach them to a different Elastic Metal server, if you want. Each flexible IPv6 address is a `/64` IPv6 subnet. Flexible IPv6 addresses can also be used as additional IP addresses to create virtual machines on your Elastic Metal server. | ||
RoRoJ marked this conversation as resolved.
Show resolved
Hide resolved
RoRoJ marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| #### Private IPv6 | ||
|
|
||
| When you attach an Elastic Metal server to a Private Network, it gets both an IPv4 and an IPv6 address on that network. You can either let IPAM auto-allocate any available address, or specify a [reserved IP address](/network/ipam/how-to/reserve-ip/) to use. | ||
|
|
||
| You can also use IPAM's [reserve a private IP](https://www.scaleway.com/en/developers/api/ipam/#path-ips-reserve-a-new-ip) and [attach IP to custom resource](https://www.scaleway.com/en/developers/api/ipam/#path-ips-attach-ip-to-custom-resource) feature to attach an IPv6 address to a named resource via its MAC address. This is suitable for ensuring virtual machines on your Elastic Metal server get private IPv6 addresses. | ||
|
|
||
| #### Going further | ||
|
|
||
| Go further with Elastic Metal and IPv6 in the following documentation: | ||
| - [How to order a flexible IP](/bare-metal/elastic-metal/how-to/order-flexible-ip/) | ||
| - [How to attach/detach a flexible IP](/bare-metal/elastic-metal/how-to/attach-detach-flexible-ip/) | ||
| - [How to configure a flexible IPv6 address on your Elastic Metal server](/bare-metal/elastic-metal/how-to/configure-flexible-ipv6/) | ||
| - [How to configure a flexible IPv6 address on a virtual Proxmox machine](/bare-metal/elastic-metal/how-to/configure-ipv6-hypervisor/) | ||
| - [How to configure the network interface on your server for Private Networks](/bare-metal/elastic-metal/how-to/use-private-networks/#how-to-configure-the-network-interface-on-your-elastic-metal-server-for-private-networks) | ||
|
|
||
| ### Dedibox and IPv6 | ||
|
|
||
| The Scaleway Dedibox network fully supports IPv6. IPv6 can serve as your server’s primary IP and also as a failover IP utilizing the concept of a virtual MAC address. | ||
|
|
||
| Full information on IPv6 with Dedibox can be found in our [dedicated documentation](/dedibox-network/ipv6/). | ||
RoRoJ marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ### Load Balancer and IPv6 | ||
|
|
||
| Scaleway Load Balancers are compatible with IPv6. | ||
|
|
||
| #### Public IPv6 | ||
|
|
||
| You can attach a maximum of one (flexible) IPv6 address to your Load Balancer, in addition to a flexible IPv4 address. The Load Balancer cannot have **only** an IPv6 address. Once attached, the IPv6 address cannot be detached or changed for a different one. Each flexible IPv6 address is a `/64` IPv6 subnet. | ||
|
|
||
| #### Private IPv6 | ||
|
|
||
| When you attach a Load Balancer to a Private Network, it gets both an IPv4 and an IPv6 address on that network. You can either let IPAM auto-allocate any available address, or specify a [reserved IP address](/network/ipam/how-to/reserve-ip/) to use. | ||
|
|
||
| #### IPv6 at the backend | ||
|
|
||
| Load Balancers can also use IPv6 to communicate with their backend servers. When you attach backend servers to a Load Balancer, you can either specify their public IPv6 address, or their private IPv6 address (if the Load Balancer and the backend servers are attached to the same Private Network). | ||
|
|
||
| #### Going further | ||
|
|
||
| Go further with IPv6 and Load Balancers with the following documentation: | ||
| - [How to create and manage flexible IPs](/network/load-balancer/how-to/create-manage-flex-ips/) | ||
|
|
||
| ### VPC, Private Networks and IPv6 | ||
|
|
||
| VPC and Private Networks are compatible with IPv6. | ||
|
|
||
| - When you create a Private Network in a VPC, an IPv6 CIDR block is automatically defined for it. This is a `/64` block, guaranteed to be unique within the VPC and not overlapping with any of your other Private Networks. | ||
| - All IPv6-compatible resources will automatically receive an IPv6 address when they join a Private Network. | ||
| - This address can be auto-allocated from the pool, or specified by the user via a [reserved IP address](/network/ipam/how-to/reserve-ip/) | ||
| - Scaleway VPC routing supports both IPv4 and IPv6 protocols. [Managed routes](/network/vpc/how-to/manage-routing/#how-to-generate-a-managed-route) to Private Networks are simultaneously generated for both IPV4 and IPV6, and both are added to the VPC's route table. Note that auto-generated managed routes to Public Gateways are only created in IPv4, since Public Gateways are not yet IPv6-compatible. [Custom routes](/network/vpc/how-to/manage-routing/#how-to-create-a-custom-route) are only created for the IP type specified during the creation process. | ||
|
|
||
| ## Other products and IPv6 | ||
|
|
||
| Products other than those listed here do not officially support IPv6. These non-compatible products include Managed Databases, Kubernetes Kapsule and Public Gateways. | ||
|
|
||
| Please open or upvote a [feature request](https://feature-request.scaleway.com/) to register your interest in IPv6 for these resources. | ||
|
|
||
| Alternatively, get in touch on the [Scaleway Slack Community](/tutorials/scaleway-slack-community/) if you'd like to find out more about IPv6 compatibility of these or other products. | ||
RoRoJ marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ## IPv6 best practices | ||
|
|
||
| **Only expose a public IPv6 address when necessary**: Adding both IPv4 and IPv6 public addresses to your resource expands the potential attack surface, particularly in terms of the large address space of IPv6. As stated in our [dedicated documentation](/network/ipam/reference-content/public-connectivity-best-practices/), you should favor connectivity over Private Networks, and detach public IP addresses from resources unless strictly necessary. | ||
|
|
||
| **Audit DNS and address exposure**: Regularly audit the DNS records and public IPv6 addresses associated with your resources to minimize exposure. | ||
|
|
||
| **Implement IPv6-specific security measures**: Features such as [security groups](/compute/instances/concepts/#security-group) for Instances and [ACLs](/network/load-balancer/concepts/#acl) for Load Balancers allow you to filter traffic based on both IPv4 and IPv6 addresses. Ensure that such security measures are equally robust for both protocols. | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.