From 9815e42e123db28785dbebf27d88d91f9d184c2c Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Thu, 4 Jul 2024 15:02:17 +0200 Subject: [PATCH 1/4] IPv6 Support --- inventories/group_vars/all/images.yaml | 2 +- .../group_vars/control-plane/metal.yml | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/inventories/group_vars/all/images.yaml b/inventories/group_vars/all/images.yaml index 86b83341..2b754015 100644 --- a/inventories/group_vars/all/images.yaml +++ b/inventories/group_vars/all/images.yaml @@ -7,7 +7,7 @@ metal_stack_release_version: develop # metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests//metal-hammer-initrd.img.lz4 # metal_api_image_name: -# metal_api_image_tag: +metal_api_image_tag: ipv6-support # metal_metalctl_image_name: # metal_metalctl_image_tag: # metal_masterdata_api_image_name: diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index 6cf4cb36..dbac4185 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -63,6 +63,16 @@ metal_api_networks: partitionid: mini-lab prefixes: - 10.0.0.0/16 +- id: tenant-super-network-ipv6-mini-lab + name: "Project Super Network IPv6" + description: "Super network of all project networks" + nat: false + privatesuper: true + underlay: false + destinationprefixes: [] + partitionid: mini-lab + prefixes: + - fd00:000a::/48 - id: internet-mini-lab name: "Virtual Internet Network" description: "Virtual Internet Network for mini-lab" @@ -78,6 +88,18 @@ metal_api_networks: labels: network.metal-stack.io/default: "" network.metal-stack.io/default-external: "" +- id: internet-ipv6-mini-lab + name: "Virtual Internet Network IPv6" + description: "Virtual Internet Network for mini-lab" + nat: true + privatesuper: false + underlay: false + destinationprefixes: + - ::/0 + partitionid: "mini-lab" + vrf: 106009 + prefixes: + - fd00:000b::/48 - id: underlay-mini-lab name: "Underlay Network" description: "Underlay Network for mini-lab" From 3ebae8b02ae908bbd832935ac9f7d6e4b2fadc33 Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Thu, 4 Jul 2024 15:12:30 +0200 Subject: [PATCH 2/4] Add childprefixlength --- inventories/group_vars/control-plane/metal.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index dbac4185..53a2c1a7 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -61,6 +61,7 @@ metal_api_networks: underlay: false destinationprefixes: [] partitionid: mini-lab + childprefixlength: 22 prefixes: - 10.0.0.0/16 - id: tenant-super-network-ipv6-mini-lab @@ -71,6 +72,7 @@ metal_api_networks: underlay: false destinationprefixes: [] partitionid: mini-lab + childprefixlength: 64 prefixes: - fd00:000a::/48 - id: internet-mini-lab From bd00a02b5d7000b13c61c43cd6b4d1f084603c0d Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Thu, 4 Jul 2024 15:21:09 +0200 Subject: [PATCH 3/4] use metalctl also from pr --- Makefile | 15 ++++++++++ README.md | 8 +++++ files/inet/frr.conf | 29 +++++++++++++++++-- files/inet/network.sh | 25 ++++++++++++++++ inventories/group_vars/all/images.yaml | 3 +- .../group_vars/control-plane/metal.yml | 17 +++++++---- mini-lab.sonic.yaml | 1 + roles/cumulus/files/frr.tpl | 27 +++++++++++++++++ 8 files changed, 116 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index ef8b0dee..6c3523fb 100644 --- a/Makefile +++ b/Makefile @@ -116,6 +116,7 @@ cleanup-partition: sudo $(CONTAINERLAB) destroy --topo mini-lab.cumulus.yaml sudo $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml +# IPv4 .PHONY: _privatenet _privatenet: env docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network @@ -128,6 +129,20 @@ machine: _privatenet firewall: _ips _privatenet docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}') +# IPv6 +.PHONY: _privatenet6 +_privatenet6: env + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6 + +.PHONY: machine6 +machine6: _privatenet6 + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}') + +.PHONY: firewall6 +firewall6: _ips _privatenet6 + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}') + + .PHONY: ls ls: env docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine ls diff --git a/README.md b/README.md index cb0a08c1..19ad443e 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,14 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy Here is some code that should help you to set up most of the requirements: ```bash +# Enable IPv6 for docker +# cat /etc/docker/daemon.json +{ + "ipv6": true, + "fixed-cidr-v6": "2001:db8:1::/64" +} +# systemctl restart docker if changes where made to this file + # If UFW enabled. # Disable the firewall or allow traffic through Docker network IP range. sudo ufw status diff --git a/files/inet/frr.conf b/files/inet/frr.conf index 0e32b873..22df49af 100644 --- a/files/inet/frr.conf +++ b/files/inet/frr.conf @@ -1,13 +1,18 @@ frr defaults datacenter hostname inet -! log syslog informational +ipv6 forwarding ! vrf vrfInternet vni 104009 ip route 0.0.0.0/0 172.17.0.1 exit-vrf ! +vrf vrfInternet6 + vni 106009 + ipv6 route ::/0 2001:db8:1::1 +exit-vrf +! interface eth2 ipv6 nd ra-interval 6 no ipv6 nd suppress-ra @@ -32,6 +37,10 @@ router bgp 4200000021 redistribute connected route-map LOOPBACKS exit-address-family ! + address-family ipv6 unicast + redistribute connected route-map LOOPBACKS + exit-address-family + ! address-family l2vpn evpn advertise-all-vni neighbor FABRIC activate @@ -51,7 +60,21 @@ router bgp 4200000021 vrf vrfInternet exit-address-family ! route-map LOOPBACKS permit 10 - match interface lo + match interface lo +! + +router bgp 4200000021 vrf vrfInternet6 + bgp router-id 10.0.0.21 + bgp bestpath as-path multipath-relax + ! + address-family ipv6 unicast + redistribute static + exit-address-family + ! + address-family l2vpn evpn + advertise ipv6 unicast + exit-address-family ! -line vty +route-map LOOPBACKS permit 10 + match interface lo ! \ No newline at end of file diff --git a/files/inet/network.sh b/files/inet/network.sh index 5b0313c2..422eeeba 100644 --- a/files/inet/network.sh +++ b/files/inet/network.sh @@ -5,6 +5,11 @@ ip link add vrfInternet type vrf table 1000 ip link set dev vrfInternet up ip link set dev eth0 master vrfInternet +# IPv6 +ip link add vrfInternet6 type vrf table 1006 +ip link set dev vrfInternet6 up +ip link set dev eth0 master vrfInternet6 + ip link add name bridge type bridge stp_state 0 ip link set dev bridge type bridge vlan_filtering 1 ip link set dev bridge mtu 9000 @@ -17,6 +22,13 @@ bridge vlan del vid 1 dev bridge self bridge vlan add vid 1000 dev bridge self ip link set dev vlanInternet up +# IPv6 +ip link add link bridge up name vlanInternet6 type vlan id 1006 +ip link set dev vlanInternet6 mtu 9000 +ip link set dev vlanInternet6 master vrfInternet6 +bridge vlan add vid 1006 dev bridge self +ip link set dev vlanInternet6 up + ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning ip link set dev vlanInternet mtu 9000 ip link set dev vniInternet master bridge @@ -26,4 +38,17 @@ bridge vlan add vid 1000 dev vniInternet bridge vlan add vid 1000 untagged pvid dev vniInternet ip link set up dev vniInternet +# IPv6 +ip link add vniInternet6 type vxlan id 106009 dstport 4789 local 10.0.0.21 nolearning +ip link set dev vlanInternet6 mtu 9000 +ip link set dev vniInternet6 master bridge +bridge vlan del vid 1 dev vniInternet6 +bridge vlan del vid 1 untagged pvid dev vniInternet6 +bridge vlan add vid 1006 dev vniInternet6 +bridge vlan add vid 1006 untagged pvid dev vniInternet6 +ip link set up dev vniInternet6 + +# Does not have a ipv6 address on eth0 on startup, fix this +ip ad add 2001:db8:1::42/64 dev eth0 + iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE diff --git a/inventories/group_vars/all/images.yaml b/inventories/group_vars/all/images.yaml index 2b754015..7801fc8d 100644 --- a/inventories/group_vars/all/images.yaml +++ b/inventories/group_vars/all/images.yaml @@ -9,7 +9,7 @@ metal_stack_release_version: develop # metal_api_image_name: metal_api_image_tag: ipv6-support # metal_metalctl_image_name: -# metal_metalctl_image_tag: +metal_metalctl_image_tag: 252-ipv6-support # metal_masterdata_api_image_name: # metal_masterdata_api_image_tag: # metal_console_image_name: @@ -19,6 +19,7 @@ metal_api_image_tag: ipv6-support # further overrides can be looked up in the metal-role projects where the mapping is defined: # https://github.com/metal-stack/metal-roles/blob/master/defaults/main.yaml +metal_core_image_tag: ipv6-support ## ## for ansible roles ## diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index 53a2c1a7..cf17c044 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -17,7 +17,8 @@ metal_api_images: - id: firewall-ubuntu-3.0 name: Firewall 3 Ubuntu description: Firewall 3 Ubuntu Latest Release - url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4 + # url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4 + url: https://images.metal-stack.io/metal-os/pull_requests/247-ipv6-support/firewall/3.0-ubuntu/img.tar.lz4 features: - firewall - id: ubuntu-24.04 @@ -56,12 +57,13 @@ metal_api_networks: - id: tenant-super-network-mini-lab name: "Project Super Network" description: "Super network of all project networks" + # must be inherited to child networks nat: false privatesuper: true underlay: false destinationprefixes: [] partitionid: mini-lab - childprefixlength: 22 + defaultchildprefixlength: 22 prefixes: - 10.0.0.0/16 - id: tenant-super-network-ipv6-mini-lab @@ -72,9 +74,10 @@ metal_api_networks: underlay: false destinationprefixes: [] partitionid: mini-lab - childprefixlength: 64 + defaultchildprefixlength: 64 prefixes: - - fd00:000a::/48 + # See https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv6 + - 2001:db8:2::/48 - id: internet-mini-lab name: "Virtual Internet Network" description: "Virtual Internet Network for mini-lab" @@ -101,7 +104,11 @@ metal_api_networks: partitionid: "mini-lab" vrf: 106009 prefixes: - - fd00:000b::/48 + - 2001:db8:3::/48 + # TODO put these labels to metal-lib + labels: + network.metal-stack.io/default-ipv6: "" + network.metal-stack.io/default-external-ipv6: "" - id: underlay-mini-lab name: "Underlay Network" description: "Underlay Network for mini-lab" diff --git a/mini-lab.sonic.yaml b/mini-lab.sonic.yaml index 1e10b974..90f00077 100644 --- a/mini-lab.sonic.yaml +++ b/mini-lab.sonic.yaml @@ -31,6 +31,7 @@ topology: - files/inet/vtysh.conf:/etc/frr/vtysh.conf - files/inet/network.sh:/root/network.sh exec: + - apk add iptables - sh /root/network.sh vms: kind: linux diff --git a/roles/cumulus/files/frr.tpl b/roles/cumulus/files/frr.tpl index 1dfef936..9cd8ad9d 100644 --- a/roles/cumulus/files/frr.tpl +++ b/roles/cumulus/files/frr.tpl @@ -14,6 +14,10 @@ vrf vrfInternet vni 104009 ip route 0.0.0.0/0 172.17.0.1 nexthop-vrf mgmt exit-vrf +vrf vrfInternet6 + vni 106009 + ip route ::/0 2001:db8:1::1 nexthop-vrf mgmt +exit-vrf {{- range $vrf, $t := .Ports.Vrfs }} ! vrf vrf{{ $t.VNI }} @@ -65,6 +69,15 @@ router bgp {{ $ASN }} {{- end }} exit-address-family ! + address-family ipv6 unicast + redistribute connected route-map LOOPBACKS + neighbor FIREWALL allowas-in 2 + neighbor FIREWALL activate + {{- range $k, $f := .Ports.Firewalls }} + neighbor {{ $f.Port }} route-map fw-{{ $k }}-in in + {{- end }} + exit-address-family + ! address-family l2vpn evpn advertise-all-vni neighbor FABRIC activate @@ -112,6 +125,15 @@ router bgp {{ $ASN }} vrf {{ $vrf }} {{- end }} exit-address-family ! + address-family ipv6 unicast + redistribute connected + neighbor MACHINE maximum-prefix 24000 + neighbor MACHINE activate + {{- if gt (len $t.IPPrefixLists) 0 }} + neighbor MACHINE route-map {{ $vrf }}-in6 in + {{- end }} + exit-address-family + ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family @@ -138,6 +160,11 @@ router bgp {{ $ASN }} vrf vrfInternet network 0.0.0.0/0 exit-address-family ! + address-family ipv6 unicast + import vrf mgmt + network ::/0 + exit-address-family + ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family From 9dd32fb7627e3168944a45725e87d60ed3f9aa7b Mon Sep 17 00:00:00 2001 From: Stefan Majer Date: Thu, 8 Aug 2024 14:56:14 +0200 Subject: [PATCH 4/4] Make ipv6 work to the outside --- Makefile | 48 ++++++++++++++++++- README.md | 6 --- files/inet/frr.conf | 3 +- files/inet/network.sh | 3 -- files/rules.yaml | 6 +++ .../group_vars/control-plane/metal.yml | 5 +- mini-lab.sonic.yaml | 3 ++ test/integration.sh | 3 ++ 8 files changed, 63 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 22b5ac59..fccd5256 100644 --- a/Makefile +++ b/Makefile @@ -97,6 +97,9 @@ external_network: --driver=bridge \ --gateway=203.0.113.1 \ --subnet=203.0.113.0/24 \ + --ipv6 \ + --gateway=2001:db8:1::1 \ + --subnet=2001:db8:1::/64 \ --opt "com.docker.network.driver.mtu=9000" \ --opt "com.docker.network.bridge.name=mini_lab_ext" \ --opt "com.docker.network.bridge.enable_ip_masquerade=true" && \ @@ -134,11 +137,11 @@ _public_ips: env .PHONY: machine machine: _privatenet _public_ips - docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --ips 203.0.113.130 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}') + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}') .PHONY: firewall firewall: _privatenet _public_ips - docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --ips 203.0.113.129 --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}') + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}') # IPv6 .PHONY: _privatenet6 @@ -273,6 +276,47 @@ connect-to-www: fi; \ done +.PHONY: connect-to-www-ipv6 +connect-to-www-ipv6: + @echo "Attempting to connect to container www..." + @for i in $$(seq 1 $(MAX_RETRIES)); do \ + if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent http://[2001:db8:1::3]" > /dev/null 2>&1; then \ + echo "Connected successfully"; \ + exit 0; \ + else \ + echo "Connection failed"; \ + if [ $$i -lt $(MAX_RETRIES) ]; then \ + echo "Retrying in 2 seconds..."; \ + sleep 2; \ + else \ + echo "Max retries reached"; \ + exit 1; \ + fi; \ + fi; \ + done + +FWIP := $(shell metalctl network ip list --name fw --network $(shell metalctl network list --name user-private-network -o template --template '{{ .id }}') -o template --template "{{ .ipaddress }}" --addressfamily IPv6 ) + +.PHONY: connect-to-node-exporter-on-firewall +connect-to-node-exporter-on-firewall: + @echo "Attempting to connect to node exporter on the firewall" + echo "Firewall IP: $(FWIP)" + @for i in $$(seq 1 $(MAX_RETRIES)); do \ + if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent http://[$(FWIP)]:9100/metrics" > /dev/null 2>&1; then \ + echo "Connected successfully"; \ + exit 0; \ + else \ + echo "Connection failed"; \ + if [ $$i -lt $(MAX_RETRIES) ]; then \ + echo "Retrying in 2 seconds..."; \ + sleep 2; \ + else \ + echo "Max retries reached"; \ + exit 1; \ + fi; \ + fi; \ + done + ## DEV TARGETS ## .PHONY: dev-env diff --git a/README.md b/README.md index cf1ce255..94f5c627 100644 --- a/README.md +++ b/README.md @@ -30,12 +30,6 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy Here is some code that should help you to set up most of the requirements: ```bash -# Enable IPv6 for docker -# cat /etc/docker/daemon.json -{ - "ipv6": true, - "fixed-cidr-v6": "2001:db8:1::/64" -} # systemctl restart docker if changes where made to this file # If UFW enabled. diff --git a/files/inet/frr.conf b/files/inet/frr.conf index fd5a1eb3..b69f4cd9 100644 --- a/files/inet/frr.conf +++ b/files/inet/frr.conf @@ -6,7 +6,7 @@ ipv6 forwarding vrf vrfInternet vni 104009 ip route 0.0.0.0/0 203.0.113.1 - ipv6 route ::/0 2001:db8:1::42 + ipv6 route ::/0 2001:db8:1::1 exit-vrf ! interface eth1 @@ -19,6 +19,7 @@ interface eth2 ! interface ext ip address 203.0.113.2/24 + ipv6 address 2001:db8:1::2/64 ! interface lo ip address 10.0.0.21/32 diff --git a/files/inet/network.sh b/files/inet/network.sh index 54265bb8..f71ff751 100644 --- a/files/inet/network.sh +++ b/files/inet/network.sh @@ -26,6 +26,3 @@ bridge vlan del vid 1 untagged pvid dev vniInternet bridge vlan add vid 1000 dev vniInternet bridge vlan add vid 1000 untagged pvid dev vniInternet ip link set up dev vniInternet - -# Does not have a ipv6 address on eth0 on startup, fix this -ip ad add 2001:db8:1::42/64 dev eth0 \ No newline at end of file diff --git a/files/rules.yaml b/files/rules.yaml index 55f7595e..4b97f8d4 100644 --- a/files/rules.yaml +++ b/files/rules.yaml @@ -6,6 +6,12 @@ egress: protocol: TCP to: - 0.0.0.0/0 + - comment: allow outgoing http + ports: + - 80 + protocol: TCP + to: + - ::/0 - comment: allow outgoing https ports: - 443 diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index 344603e8..eb5520c7 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -18,7 +18,8 @@ metal_api_images: name: Firewall 3 Ubuntu description: Firewall 3 Ubuntu Latest Release # url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4 - url: https://images.metal-stack.io/metal-os/pull_requests/247-ipv6-support/firewall/3.0-ubuntu/img.tar.lz4 + url: https://images.metal-stack.io/metal-os/pull_requests/252-allow-ipv6-firewall-rules/firewall/3.0-ubuntu/img.tar.lz4 + # url: https://images.metal-stack.io/metal-os/stable/firewall/3.0-ubuntu/img.tar.lz4 features: - firewall - id: ubuntu-24.04 @@ -82,7 +83,7 @@ metal_api_networks: vrf: 104009 prefixes: - 203.0.113.128/25 - - 2001:db8:3::/48 + - 2001:db8:1:1::/80 labels: network.metal-stack.io/default: "" network.metal-stack.io/default-external: "" diff --git a/mini-lab.sonic.yaml b/mini-lab.sonic.yaml index 4e2e82df..73c6863e 100644 --- a/mini-lab.sonic.yaml +++ b/mini-lab.sonic.yaml @@ -48,6 +48,9 @@ topology: exec: - ip addr add 203.0.113.3/24 dev ext - ip route add 203.0.113.128/25 via 203.0.113.2 dev ext + - ip -6 addr add 2001:db8:1::3/64 dev ext + - ip -6 route add 2001:db8:2::/64 via 2001:db8:1::2 dev ext + - ip -6 route add 2001:db8:1:1::/64 via 2001:db8:1::2 dev ext links: - endpoints: ["inet:ext", "mini_lab_ext:inet"] mtu: 9000 diff --git a/test/integration.sh b/test/integration.sh index 543583e7..91964db7 100755 --- a/test/integration.sh +++ b/test/integration.sh @@ -45,6 +45,9 @@ echo "$phoned/$minPhoned machines have phoned home" echo "Test connectivity to outside" make connect-to-www +echo "Test connectivity to outside ipv6" +make connect-to-www-ipv6 + echo "Test connectivity from outside" ssh -o StrictHostKeyChecking=no -o "PubkeyAcceptedKeyTypes +ssh-rsa" -i files/ssh/id_rsa metal@203.0.113.130 -C exit