metal-stack · majst01 · Jul 4, 2024 · Jul 4, 2024 · Jul 4, 2024 · Jul 19, 2024
@@ -122,6 +122,7 @@ cleanup-partition:
  sudo --preserve-env $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml
  docker network rm --force mini_lab_ext
 
+# IPv4
 .PHONY: _privatenet
 _privatenet: env
  docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000001 --name user-private-network
@@ -139,6 +140,20 @@ machine: _privatenet _public_ips
 firewall: _privatenet _public_ips
  docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --ips 203.0.113.129 --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
+# IPv6
+.PHONY: _privatenet6
+_privatenet6: env
+ docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6
+
+.PHONY: machine6
+machine6: _privatenet6
+ docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')
+
+.PHONY: firewall6
+firewall6: _ips _privatenet6
+ docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')
+
+
 .PHONY: ls
 ls: env
  docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine ls

@@ -30,6 +30,14 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy
 Here is some code that should help you to set up most of the requirements:
 
  ```bash
+# Enable IPv6 for docker
+# cat /etc/docker/daemon.json 
+{
+ "ipv6": true,
+ "fixed-cidr-v6": "2001:db8:1::/64"
+}
+# systemctl restart docker if changes where made to this file
+
 # If UFW enabled.
 # Disable the firewall or allow traffic through Docker network IP range.
 sudo ufw status

@@ -1,13 +1,18 @@
 frr defaults datacenter
 hostname inet
-!
 log syslog informational
+ipv6 forwarding
 !
 vrf vrfInternet
  vni 104009
  ip route 0.0.0.0/0 203.0.113.1
 exit-vrf
 !
+vrf vrfInternet6
+ vni 106009
+ ipv6 route ::/0 2001:db8:1::1
+exit-vrf
+!
 interface eth1
  ipv6 nd ra-interval 6
  no ipv6 nd suppress-ra
@@ -35,6 +40,10 @@ router bgp 4200000021
  redistribute connected route-map LOOPBACKS
  exit-address-family
  !
+ address-family ipv6 unicast
+ redistribute connected route-map LOOPBACKS
+ exit-address-family
+ !
  address-family l2vpn evpn
  advertise-all-vni
  neighbor FABRIC activate
@@ -54,7 +63,21 @@ router bgp 4200000021 vrf vrfInternet
  exit-address-family
 !
 route-map LOOPBACKS permit 10
- match interface lo
+ match interface lo
+!
+
+router bgp 4200000021 vrf vrfInternet6
+ bgp router-id 10.0.0.21
+ bgp bestpath as-path multipath-relax
+ !
+ address-family ipv6 unicast
+ redistribute static
+ exit-address-family
+ !
+ address-family l2vpn evpn
+ advertise ipv6 unicast
+ exit-address-family
 !
-line vty
+route-map LOOPBACKS permit 10
+ match interface lo
 !
@@ -5,6 +5,11 @@ ip link add vrfInternet type vrf table 1000
 ip link set dev vrfInternet up
 ip link set dev ext master vrfInternet
 
+# IPv6
+ip link add vrfInternet6 type vrf table 1006
+ip link set dev vrfInternet6 up
+ip link set dev eth0 master vrfInternet6
+
 ip link add name bridge type bridge stp_state 0
 ip link set dev bridge type bridge vlan_filtering 1
 ip link set dev bridge mtu 9000
@@ -17,6 +22,13 @@ bridge vlan del vid 1 dev bridge self
 bridge vlan add vid 1000 dev bridge self
 ip link set dev vlanInternet up
 
+# IPv6
+ip link add link bridge up name vlanInternet6 type vlan id 1006
+ip link set dev vlanInternet6 mtu 9000
+ip link set dev vlanInternet6 master vrfInternet6
+bridge vlan add vid 1006 dev bridge self
+ip link set dev vlanInternet6 up
+
 ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning
 ip link set dev vniInternet mtu 9000
 ip link set dev vniInternet master bridge
@@ -25,3 +37,18 @@ bridge vlan del vid 1 untagged pvid dev vniInternet
 bridge vlan add vid 1000 dev vniInternet
 bridge vlan add vid 1000 untagged pvid dev vniInternet
 ip link set up dev vniInternet
+
+# IPv6
+ip link add vniInternet6 type vxlan id 106009 dstport 4789 local 10.0.0.21 nolearning
+ip link set dev vlanInternet6 mtu 9000
+ip link set dev vniInternet6 master bridge
+bridge vlan del vid 1 dev vniInternet6
+bridge vlan del vid 1 untagged pvid dev vniInternet6
+bridge vlan add vid 1006 dev vniInternet6
+bridge vlan add vid 1006 untagged pvid dev vniInternet6
+ip link set up dev vniInternet6
+
+# Does not have a ipv6 address on eth0 on startup, fix this
+ip ad add 2001:db8:1::42/64 dev eth0
+
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
@@ -7,9 +7,9 @@ metal_stack_release_version: develop
 
 # metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests/<pr-number-and-title>/metal-hammer-initrd.img.lz4
 # metal_api_image_name:
-# metal_api_image_tag:
+metal_api_image_tag: dualstack-support
 # metal_metalctl_image_name:
-# metal_metalctl_image_tag:
+metal_metalctl_image_tag: 256-dualstack-support
 # metal_masterdata_api_image_name:
 # metal_masterdata_api_image_tag:
 # metal_console_image_name:
@@ -19,6 +19,7 @@ metal_stack_release_version: develop
 # further overrides can be looked up in the metal-role projects where the mapping is defined:
 # https://github.com/metal-stack/metal-roles/blob/master/defaults/main.yaml
 
+metal_core_image_tag: ipv6-support
 ##
 ## for ansible roles
 ##

@@ -17,7 +17,8 @@ metal_api_images:
 - id: firewall-ubuntu-3.0
  name: Firewall 3 Ubuntu
  description: Firewall 3 Ubuntu Latest Release
- url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4
+ # url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4
+ url: https://images.metal-stack.io/metal-os/pull_requests/247-ipv6-support/firewall/3.0-ubuntu/img.tar.lz4
  features:
  - firewall
 - id: ubuntu-24.04
@@ -56,13 +57,18 @@ metal_api_networks:
 - id: tenant-super-network-mini-lab
  name: "Project Super Network"
  description: "Super network of all project networks"
+ # must be inherited to child networks
  nat: false
  privatesuper: true
  underlay: false
  destinationprefixes: []
  partitionid: mini-lab
+ defaultchildprefixlength:
+ IPv4: 22
+ IPv6: 64
  prefixes:
  - 10.0.0.0/16
+ - 2001:db8:2::/48
 - id: internet-mini-lab
  name: "Virtual Internet Network"
  description: "Virtual Internet Network for mini-lab"
@@ -71,10 +77,12 @@ metal_api_networks:
  underlay: false
  destinationprefixes:
  - 0.0.0.0/0
+ - ::/0
  partitionid: "mini-lab"
  vrf: 104009
  prefixes:
  - 203.0.113.128/25
+ - 2001:db8:3::/48
  labels:
  network.metal-stack.io/default: ""
  network.metal-stack.io/default-external: ""

@@ -33,6 +33,7 @@ topology:
  - files/inet/vtysh.conf:/etc/frr/vtysh.conf
  - files/inet/network.sh:/root/network.sh
  exec:
+ - apk add iptables
  - sh /root/network.sh
  vms:
  kind: linux