Support for IPIP encapsulation for IPv6 pools

[lixj1103]

Expected Behavior

My environment is that IPv6 nodes are distributed in different VLANs,I need cross-subnet.

Current Behavior

I found the code

	if cidr.Version() == 6 && new.Spec.IPIPMode != apiv3.IPIPModeNever {
		errFields = append(errFields, cerrors.ErroredField{
			Name:   "IPPool.Spec.IPIPMode",
			Reason: "IPIP is not supported on an IPv6 IP pool",
			Value:  new.Spec.IPIPMode,
		})
	}

Your Environment

• libcalico-go version: calico v3.3
• Operating System and version: centos 7.4
• Link to your project (optional): kubernetes 1.13

[lyyao09]

Any updates? Same problem for me.

[caseydavenport]

VXLAN should be possible, but we haven't implemented it. We expect that in most IPv6 scenarios, encap is not desired, since the primary reason for using IPv6 is extended address range support.

Copied from the other post ^

[lyyao09]

@caseydavenport For k8s cluster node in multi subnet/zone with ipv6, if there is no vxlan that supports ipv6, how to use calico to ensure pods communication between different subnet/zone?

[NeilW]

I've just tripped across this while trying to get k8s Dual Stack working on the Brightbox Cloud.

Obviously there is no ability to peer BGP with the fabric network, and Brightbox Servers have isolated L3 iPv6 networks. The servers do not share a Layer 2. That means the BGP route we get injected into a k8s node by Calico appears pointless, since it just mirrors the default route.

$ ip -6 route
2a02:1348:17c:7367::/64 dev ens3 proto ra metric 100 pref medium
fd00:c0a8:0:be33:f057:7a8f:7825:fe00/122 via fe80::cc5d:47ff:fe58:6012 dev ens3 proto bird metric 1024 pref medium
fd00:c0a8:0:c792:24e0:ce8d:ea66:7940 dev calibe5721c5051 metric 1024 pref medium
blackhole fd00:c0a8:0:c792:24e0:ce8d:ea66:7940/122 dev lo proto bird metric 1024 error -22 pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
fe80::/64 dev calibe5721c5051 proto kernel metric 256 pref medium
default via fe80::cc5d:47ff:fe58:6012 dev ens3 proto ra metric 100 mtu 1500 pref medium

(fd00:c0a8::/48 is the cluster CIDR)

It doesn't mention in the Calico IPv6 documentation (https://docs.projectcalico.org/networking/ipv6#using-only-ipv6) that the nodes really need to be peering with the fabric to get the routing to work properly.

From what I can tell allocating disparate IPv6 networks per node using the k8s tools would be problematic. k8s seems to want to see a 'cluster CIDR' and a 'service CIDR' that acts like an overlay network. To do that without VXLAN would require the ability to inject routes into the cloud fabric and that isn't usually available on clouds.

VXLAN is definitely needed if you want to span the Cluster network across multiple clouds.

[caseydavenport]

Update here - v3.23.0 introduces support for IPv6 VXLAN.

IPIP is still IPv4 only.

[JoshuaAndrew]

@caseydavenport
Are there plans to support IPv6 IPIP ?

[caseydavenport]

At the moment we don't have immediate plans for that - I'd expect most users who need a v6 encap to just use VXLAN, but happy to hear arguments for upping the priority on v6 IPIP :)