New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node: Remove the IPv6 prefix /96 constraint #9777
Conversation
test-me-please |
Previously, the DSR for IPv6 (aka the "--lb" feature) required the "--ipv6-range" to be /96. This was because the 113-128 bits of an IPv6 addr were used to store a global reverse NAT ID. As the "--lb" feature was removed, the constraint is no longer needed, thus it can be removed. Signed-off-by: Martynas Pumputis <m@lambda.lt>
3578324
to
abb8e33
Compare
Neither Node or Endpoint IDs are stored in an IPv6 address. Signed-off-by: Martynas Pumputis <m@lambda.lt>
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we still have (and use) IPv6NodePrefixLen
then I'm assuming that the prefix must still be /96
or shorter?
cilium/pkg/node/node_address.go
Lines 125 to 129 in 131fb89
// The IPv6 allocation should be derived from the IPv4 allocation. | |
ip := ipv4AllocRange.IP | |
v6range := fmt.Sprintf("%s%02x%02x:%02x%02x:0:0/%d", | |
option.Config.IPv6ClusterAllocCIDRBase, ip[0], ip[1], ip[2], ip[3], | |
defaults.IPv6NodePrefixLen) |
test-me-please |
@joestringer Good question. This is for a different case when an IPv6 alloc range is derived from I'm going to remove |
Remove the "IPv6NodePrefixLen" const (=96), as from now we can allocate IPv6 addrs from any size CIDR. The const is only used by a case when an IPv6 allocation range is derived from "ipv6-cluster-alloc-cidr" and "ipv4-range" Signed-off-by: Martynas Pumputis <m@lambda.lt>
test-me-please |
This PR removes the IPv6
/96
prefix constraint which allows cilium to be used with k8s in the dual-stack mode.Previously, the DSR for IPv6 (aka the
--lb
feature) required the--ipv6-range
to be /96. This was because the 113-128 bits of an IPv6 addr were used to store a global reverse NAT ID, and the rest was a unique Pod IPv6 addr.As the
--lb
feature was removed, the constraint is no longer needed (the new DSR implementation leverages IPv6 extension field to store a SVC IP addr and port).Tested manually with kubeadm (
kubeadm init --skip-phases=addon/kube-proxy --pod-network-cidr=10.217.0.0/16,fc22::/48 --service-cidr=10.96.0.0/16,fc44::/112 --feature-gates IPv6DualStack=true --apiserver-advertise-address=192.168.34.11
).This change is