Support for IPv6 and Dual Stack in
AKO

AKO

provides end-to-end support for IPv6 for Layer 7. This topic provides detailed explanation on the use cases, supportability, and configuration for IPv6.

Use Cases

AKO

supports IPv6 as well as dual stack. The different use cases with details about dual stack support are as listed below:

Use Case	Dual Stack Support	Description
Frontend (VIPs)	IPv4 only, IPv6 only, and Dual Stack	User can choose to have either v6 only or dual VIPs (v4 and v6) for the virtual services. IPv6 VIP for LoadBalancer type service is supported (L4Policy set supports IPv6 on Avi Load Balancer ). AKO uses relevant cidrs provided to configure VIPs for Kubernetes LB type and Ingress type objects.
Kubernetes Cluster/Nodes	IPv4 only, IPv6 only, and Dual Stack	AKO configures routes to the pod IPs through Node IP. AKO chooses either a v4 or a v6 IP based on the ipFamily attribute in AKO config. For NodePort mode, AKO will choose either v4 or v6 IPs of Nodes based on the ipFamily attribute in AKO config. AKO defaults to the type of cluster but can be restricted using ipFamily. See the later sections for further details.
Avi Load Balancer Controller Host IP	IPv4/IPv6	AKO only accepts a single IP because the controller currently only supports either v4 or v6 IP.
Kubernetes API Server	IPv4 or IPv6	Kubernetes does not support dual stack on the Kube API server.
CNIs	Calico, Antrea	AKO uses annotations added by CNI to add static routes.
Backend (services)	IPv4 only, IPv6 only, and Dual Stack	AKO read the ipFamilyPolicy in the service specification to determine ipFamily for the backend.
Gateway API	Not Supported	AKO currently does not support gateway API with dual stack/IPV6.
Platform	Kubernetes	Support is restricted to Kubernetes only.
Kubernetes Objects Supported	Ingress and LB type	IPv4, IPv6, or dual stack end-to-end support is provided for Ingress and LB type services.

Supportability Matrix

Case	Support
Cloud	vCenter
CNI	Calico, Antrea
Kubernetes	Supported
OpenShift	Not Supported
NodeportLocal	Not Supported

Configuring Frontend Support for IPv6

Under

NetworkSettings.vipNetworklist

in values.yaml, specify v6cidr for networks.

NetworkSettings:
...
  vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud.
  # vipNetworkList:
  #  - networkName: net1
  #    cidr: 100.1.1.0/24
  #    v6cidr: 2002::1234:abcd:ffff:c0a8:101/64
...

v6cidr is an optional field and can be specified independent of cidr. When v6cidr is specified,

AKO

will enable auto allocation for IPv6 IPs for VIP.

AKO

allows VIPs to have both v4 and v6 IPs.

Configuring Backend Support for IPv6

The ipFamily field,

ipFamily (values: V4, V6; default: V4)

, in values.yaml determines whether

AKO

will choose IPv6 or IPv4 IPs for pool servers. To change ipFamily,

AKO

must reboot.

When the ipFamily is v6,

AKO

looks for an IPv6 address for nodes to add to static routes.For Calico CNI,

AKO

will read node IP from internal IP or node annotation projectcalico.org/IPv6Address.

For Antrea CNI,

AKO

will read node IP from internal IP or node annotation node.antrea.io/transport-addresses, if transport interface is specified in the Antrea configuration.

Configurations

This section defines

AKO

configmap/value.yaml settings required to enable IPV6/dual stack support.

AKOsettings.ipFamily: This flag defines the type of static route entries in VRF and server entries in each pool. Starting with the
AKO
version 1.12.1, this flag’s behaviour is changed.

ipFamily Flag Value

AKO
Behaviour

Default Value (Y/N)

Comment

““ (Empty)

If both v4 and v6 node IPs are available,
AKO
will add them to the static routes based on whether the Kubernetes cluster is a dual-stack or single-stack.
AKO
will use
ipFamilyPolicy
of service to add IPV4/IPV6 pool servers.

Yes

“V4”

AKO
will add v4 node IPs to static routes.
AKO
will add v4 pool servers.

No

Setting v4 in v6 Kubernetes cluster will not work.

“V6”

AKO
will add v6 node IPs to static routes.
AKO
will add v6 pool servers.

No

Setting v6 in v4 Kubernetes cluster will not work.
NetworkSettings.vipNetworklist: By configuring NetworkSettings.vipNetworklist present in values.yaml, the user can configure IPVv4 only, IPv6 only, or both to VS VIP.

NetworkSettings: ... vipNetworkList: [] # Network information of the VIP network. Multiple networks allowed only for AWS Cloud. # vipNetworkList: # - networkName: net1 # cidr: 100.1.1.0/24 # v6cidr: 2002::1234:abcd:ffff:c0a8:101/64 ...

v6cidr
is an optional field and can be specified independently of cidr. When
v6cidr
is specified,
AKO
will enable auto allocation for IPv6 IPs for VIP.
AKO
allows VIPs to have both v4 and v6 IPs.

ipFamily Flag Value	AKO Behaviour	Default Value (Y/N)	Comment
““ (Empty)	If both v4 and v6 node IPs are available, AKO will add them to the static routes based on whether the Kubernetes cluster is a dual-stack or single-stack. AKO will use ipFamilyPolicy of service to add IPV4/IPV6 pool servers.	Yes
“V4”	AKO will add v4 node IPs to static routes. AKO will add v4 pool servers.	No	Setting v4 in v6 Kubernetes cluster will not work.
“V6”	AKO will add v6 node IPs to static routes. AKO will add v6 pool servers.	No	Setting v6 in v4 Kubernetes cluster will not work.

Kubernetes Resource Status

AKO

will now update both the IPv4 and IPv6 IPs to the ingress when allocated instead of prioritizing one over the other. The status will, however, be overwritten by the public IP if enabled and allocated.

Avi Kubernetes Operator 1.13

Avi Kubernetes Operator 1.12

Avi Kubernetes Operator 1.11

Content feedback and comments

Avi Kubernetes Operator All Versions

Support for IPv6 and Dual Stack in AKO