diff --git a/Makefile b/Makefile index ef8b0dee..6c3523fb 100644 --- a/Makefile +++ b/Makefile @@ -116,6 +116,7 @@ cleanup-partition: sudo $(CONTAINERLAB) destroy --topo mini-lab.cumulus.yaml sudo $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml +# IPv4 .PHONY: _privatenet _privatenet: env docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network @@ -128,6 +129,20 @@ machine: _privatenet firewall: _ips _privatenet docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}') +# IPv6 +.PHONY: _privatenet6 +_privatenet6: env + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6 + +.PHONY: machine6 +machine6: _privatenet6 + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}') + +.PHONY: firewall6 +firewall6: _ips _privatenet6 + docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}') + + .PHONY: ls ls: env docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine ls diff --git a/files/inet/frr.conf b/files/inet/frr.conf index 0e32b873..b51717c2 100644 --- a/files/inet/frr.conf +++ b/files/inet/frr.conf @@ -1,11 +1,12 @@ frr defaults datacenter hostname inet -! log syslog informational +ipv6 forwarding ! vrf vrfInternet vni 104009 ip route 0.0.0.0/0 172.17.0.1 + ipv6 route ::/0 2001:db8:1::1 exit-vrf ! interface eth2 @@ -32,6 +33,10 @@ router bgp 4200000021 redistribute connected route-map LOOPBACKS exit-address-family ! + address-family ipv6 unicast + redistribute connected route-map LOOPBACKS + exit-address-family + ! address-family l2vpn evpn advertise-all-vni neighbor FABRIC activate @@ -46,12 +51,14 @@ router bgp 4200000021 vrf vrfInternet redistribute static exit-address-family ! + address-family ipv6 unicast + redistribute static + exit-address-family + ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ! route-map LOOPBACKS permit 10 - match interface lo -! -line vty + match interface lo ! \ No newline at end of file diff --git a/inventories/group_vars/all/images.yaml b/inventories/group_vars/all/images.yaml index 2b754015..7801fc8d 100644 --- a/inventories/group_vars/all/images.yaml +++ b/inventories/group_vars/all/images.yaml @@ -9,7 +9,7 @@ metal_stack_release_version: develop # metal_api_image_name: metal_api_image_tag: ipv6-support # metal_metalctl_image_name: -# metal_metalctl_image_tag: +metal_metalctl_image_tag: 252-ipv6-support # metal_masterdata_api_image_name: # metal_masterdata_api_image_tag: # metal_console_image_name: @@ -19,6 +19,7 @@ metal_api_image_tag: ipv6-support # further overrides can be looked up in the metal-role projects where the mapping is defined: # https://github.com/metal-stack/metal-roles/blob/master/defaults/main.yaml +metal_core_image_tag: ipv6-support ## ## for ansible roles ## diff --git a/inventories/group_vars/control-plane/metal.yml b/inventories/group_vars/control-plane/metal.yml index 53a2c1a7..18e8c6fe 100644 --- a/inventories/group_vars/control-plane/metal.yml +++ b/inventories/group_vars/control-plane/metal.yml @@ -74,7 +74,7 @@ metal_api_networks: partitionid: mini-lab childprefixlength: 64 prefixes: - - fd00:000a::/48 + - 2001:000a::/48 - id: internet-mini-lab name: "Virtual Internet Network" description: "Virtual Internet Network for mini-lab" @@ -101,7 +101,7 @@ metal_api_networks: partitionid: "mini-lab" vrf: 106009 prefixes: - - fd00:000b::/48 + - 2002:000b::/48 - id: underlay-mini-lab name: "Underlay Network" description: "Underlay Network for mini-lab" diff --git a/roles/cumulus/files/frr.tpl b/roles/cumulus/files/frr.tpl index 1dfef936..42c64a69 100644 --- a/roles/cumulus/files/frr.tpl +++ b/roles/cumulus/files/frr.tpl @@ -65,6 +65,15 @@ router bgp {{ $ASN }} {{- end }} exit-address-family ! + address-family ipv6 unicast + redistribute connected route-map LOOPBACKS + neighbor FIREWALL allowas-in 2 + neighbor FIREWALL activate + {{- range $k, $f := .Ports.Firewalls }} + neighbor {{ $f.Port }} route-map fw-{{ $k }}-in in + {{- end }} + exit-address-family + ! address-family l2vpn evpn advertise-all-vni neighbor FABRIC activate @@ -112,6 +121,15 @@ router bgp {{ $ASN }} vrf {{ $vrf }} {{- end }} exit-address-family ! + address-family ipv6 unicast + redistribute connected + neighbor MACHINE maximum-prefix 24000 + neighbor MACHINE activate + {{- if gt (len $t.IPPrefixLists) 0 }} + neighbor MACHINE route-map {{ $vrf }}-in6 in + {{- end }} + exit-address-family + ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family @@ -138,6 +156,11 @@ router bgp {{ $ASN }} vrf vrfInternet network 0.0.0.0/0 exit-address-family ! + address-family ipv6 unicast + import vrf mgmt + network ::/0 + exit-address-family + ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family