use metalctl also from pr

Makefile

@@ -116,6 +116,7 @@ cleanup-partition:
 	sudo $(CONTAINERLAB) destroy --topo mini-lab.cumulus.yaml
 	sudo $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml
 
+# IPv4
 .PHONY: _privatenet
 _privatenet: env
 	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network
@@ -128,6 +129,20 @@ machine: _privatenet
 firewall: _ips _privatenet
 	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
+# IPv6
+.PHONY: _privatenet6
+_privatenet6: env
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6
+
+.PHONY: machine6
+machine6: _privatenet6
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')
+
+.PHONY: firewall6
+firewall6: _ips _privatenet6
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')
+
+
 .PHONY: ls
 ls: env
 	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine ls

files/inet/frr.conf

@@ -1,13 +1,18 @@
 frr defaults datacenter
 hostname inet
-!
 log syslog informational
+ipv6 forwarding
 !
 vrf vrfInternet
  vni 104009
  ip route 0.0.0.0/0 172.17.0.1
 exit-vrf
 !
+vrf vrfInternet6
+ vni 106009
+ ipv6 route ::/0 2001:db8:1::1
+exit-vrf
+!
 interface eth2
  ipv6 nd ra-interval 6
  no ipv6 nd suppress-ra
@@ -32,6 +37,10 @@ router bgp 4200000021
   redistribute connected route-map LOOPBACKS
  exit-address-family
  !
+ address-family ipv6 unicast
+  redistribute connected route-map LOOPBACKS
+ exit-address-family
+ !
  address-family l2vpn evpn
   advertise-all-vni
   neighbor FABRIC activate
@@ -51,7 +60,21 @@ router bgp 4200000021 vrf vrfInternet
  exit-address-family
 !
 route-map LOOPBACKS permit 10
-  match interface lo
+ match interface lo
+!
+
+router bgp 4200000021 vrf vrfInternet6
+ bgp router-id 10.0.0.21
+ bgp bestpath as-path multipath-relax
+ !
+ address-family ipv6 unicast
+  redistribute static
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  advertise ipv6 unicast
+ exit-address-family
 !
-line vty
+route-map LOOPBACKS permit 10
+ match interface lo
 !

files/inet/network.sh

@@ -5,6 +5,11 @@ ip link add vrfInternet type vrf table 1000
 ip link set dev vrfInternet up
 ip link set dev eth0 master vrfInternet
 
+# IPv6
+ip link add vrfInternet6 type vrf table 1006
+ip link set dev vrfInternet6 up
+ip link set dev eth0 master vrfInternet6
+
 ip link add name bridge type bridge stp_state 0
 ip link set dev bridge type bridge vlan_filtering 1
 ip link set dev bridge mtu 9000
@@ -17,6 +22,13 @@ bridge vlan del vid 1 dev bridge self
 bridge vlan add vid 1000 dev bridge self
 ip link set dev vlanInternet up
 
+# IPv6
+ip link add link bridge up name vlanInternet6 type vlan id 1006
+ip link set dev vlanInternet6 mtu 9000
+ip link set dev vlanInternet6 master vrfInternet6
+bridge vlan add vid 1006 dev bridge self
+ip link set dev vlanInternet6 up
+
 ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning
 ip link set dev vlanInternet mtu 9000
 ip link set dev vniInternet master bridge
@@ -26,4 +38,14 @@ bridge vlan add vid 1000 dev vniInternet
 bridge vlan add vid 1000 untagged pvid dev vniInternet
 ip link set up dev vniInternet
 
+# IPv6
+ip link add vniInternet6 type vxlan id 106009 dstport 4789 local 10.0.0.21 nolearning
+ip link set dev vlanInternet6 mtu 9000
+ip link set dev vniInternet6 master bridge
+bridge vlan del vid 1 dev vniInternet6
+bridge vlan del vid 1 untagged pvid dev vniInternet6
+bridge vlan add vid 1006 dev vniInternet6
+bridge vlan add vid 1006 untagged pvid dev vniInternet6
+ip link set up dev vniInternet6
+
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

inventories/group_vars/all/images.yaml

@@ -9,7 +9,7 @@ metal_stack_release_version: develop
 # metal_api_image_name:
 metal_api_image_tag: ipv6-support
 # metal_metalctl_image_name:
-# metal_metalctl_image_tag:
+metal_metalctl_image_tag: 252-ipv6-support
 # metal_masterdata_api_image_name:
 # metal_masterdata_api_image_tag:
 # metal_console_image_name:
@@ -19,6 +19,7 @@ metal_api_image_tag: ipv6-support
 # further overrides can be looked up in the metal-role projects where the mapping is defined:
 # https://github.com/metal-stack/metal-roles/blob/master/defaults/main.yaml
 
+metal_core_image_tag: ipv6-support
 ##
 ## for ansible roles
 ##

inventories/group_vars/control-plane/metal.yml

@@ -56,12 +56,13 @@ metal_api_networks:
 - id: tenant-super-network-mini-lab
   name: "Project Super Network"
   description: "Super network of all project networks"
+  # must be inherited to child networks
   nat: false
   privatesuper: true
   underlay: false
   destinationprefixes: []
   partitionid: mini-lab
-  childprefixlength: 22
+  defaultchildprefixlength: 22
   prefixes:
   - 10.0.0.0/16
 - id: tenant-super-network-ipv6-mini-lab
@@ -72,9 +73,11 @@ metal_api_networks:
   underlay: false
   destinationprefixes: []
   partitionid: mini-lab
-  childprefixlength: 64
+  defaultchildprefixlength: 64
   prefixes:
-  - fd00:000a::/48
+  # Check https://en.wikipedia.org/wiki/Reserved_IP_addresses#IPv6
+  # and use a subnet below 2001:db8::/32	
+  - 2001:000a::/48
 - id: internet-mini-lab
   name: "Virtual Internet Network"
   description: "Virtual Internet Network for mini-lab"
@@ -101,7 +104,7 @@ metal_api_networks:
   partitionid: "mini-lab"
   vrf: 106009
   prefixes:
-  - fd00:000b::/48
+  - 2002:000b::/48
 - id: underlay-mini-lab
   name: "Underlay Network"
   description: "Underlay Network for mini-lab"

mini-lab.sonic.yaml

@@ -31,6 +31,7 @@ topology:
         - files/inet/vtysh.conf:/etc/frr/vtysh.conf
         - files/inet/network.sh:/root/network.sh
       exec:
+        - apk add iptables
         - sh /root/network.sh
     vms:
       kind: linux

roles/cumulus/files/frr.tpl

@@ -14,6 +14,10 @@ vrf vrfInternet
  vni 104009
  ip route 0.0.0.0/0 172.17.0.1 nexthop-vrf mgmt
 exit-vrf
+vrf vrfInternet6
+ vni 106009
+ ip route ::/0 2001:db8:1::1 nexthop-vrf mgmt
+exit-vrf
 {{- range $vrf, $t := .Ports.Vrfs }}
 !
 vrf vrf{{ $t.VNI }}
@@ -65,6 +69,15 @@ router bgp {{ $ASN }}
   {{- end }}
  exit-address-family
  !
+ address-family ipv6 unicast
+  redistribute connected route-map LOOPBACKS
+  neighbor FIREWALL allowas-in 2
+  neighbor FIREWALL activate
+  {{- range $k, $f := .Ports.Firewalls }}
+  neighbor {{ $f.Port }} route-map fw-{{ $k }}-in in
+  {{- end }}
+ exit-address-family
+ !
  address-family l2vpn evpn
   advertise-all-vni
   neighbor FABRIC activate
@@ -112,6 +125,15 @@ router bgp {{ $ASN }} vrf {{ $vrf }}
   {{- end }}
  exit-address-family
  !
+ address-family ipv6 unicast
+  redistribute connected
+  neighbor MACHINE maximum-prefix 24000
+  neighbor MACHINE activate
+  {{- if gt (len $t.IPPrefixLists) 0 }}
+  neighbor MACHINE route-map {{ $vrf }}-in6 in
+  {{- end }}
+ exit-address-family
+ !
  address-family l2vpn evpn
   advertise ipv4 unicast
  exit-address-family
@@ -138,6 +160,11 @@ router bgp {{ $ASN }} vrf vrfInternet
   network 0.0.0.0/0
  exit-address-family
  !
+ address-family ipv6 unicast
+  import vrf mgmt
+  network ::/0
+ exit-address-family
+ !
  address-family l2vpn evpn
   advertise ipv4 unicast
  exit-address-family