metal-stack · majst01 · Jul 4, 2024 · Jul 4, 2024 · Jul 4, 2024 · Jul 19, 2024
@@ -97,6 +97,9 @@ external_network:
 			--driver=bridge \
 			--gateway=203.0.113.1 \
 			--subnet=203.0.113.0/24 \
+			--ipv6 \
+			--gateway=2001:db8:1::1 \
+			--subnet=2001:db8:1::/64 \
 			--opt "com.docker.network.driver.mtu=9000" \
 			--opt "com.docker.network.bridge.name=mini_lab_ext" \
 			--opt "com.docker.network.bridge.enable_ip_masquerade=true" && \
@@ -122,6 +125,7 @@ cleanup-partition:
 	sudo --preserve-env $(CONTAINERLAB) destroy --topo mini-lab.sonic.yaml
 	docker network rm --force mini_lab_ext
 
+# IPv4
 .PHONY: _privatenet
 _privatenet: env
 	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network | grep user-private-network || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000001 --name user-private-network
@@ -133,11 +137,25 @@ _public_ips: env
 
 .PHONY: machine
 machine: _privatenet _public_ips
-	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --ips 203.0.113.130 --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test --name test --hostname test --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --userdata "@/tmp/ignition.json" --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
 
 .PHONY: firewall
 firewall: _privatenet _public_ips
-	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --ips 203.0.113.129 --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000001 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --userdata "@/tmp/ignition.json" --firewall-rules-file=/tmp/rules.yaml --networks internet-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network -o template --template '{{ .id }}')
+
+# IPv6
+.PHONY: _privatenet6
+_privatenet6: env
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 | grep user-private-network-6 || docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network allocate --partition mini-lab --project 00000000-0000-0000-0000-000000000000 --name user-private-network-6 --addressfamily ipv6
+
+.PHONY: machine6
+machine6: _privatenet6
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl machine create --description test6 --name test6 --hostname test6 --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image $(MACHINE_OS) --size v1-small-x86 --networks $(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')
+
+.PHONY: firewall6
+firewall6: _ips _privatenet6
+	docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl firewall create --description fw --name fw --hostname fw --project 00000000-0000-0000-0000-000000000000 --partition mini-lab --image firewall-ubuntu-3.0 --size v1-small-x86 --networks internet-ipv6-mini-lab,$(shell docker compose run $(DOCKER_COMPOSE_TTY_ARG) metalctl network list --name user-private-network-6 -o template --template '{{ .id }}')
+
 
 .PHONY: ls
 ls: env
@@ -258,6 +276,47 @@ connect-to-www:
 		fi; \
 	done
 
+.PHONY: connect-to-www-ipv6
+connect-to-www-ipv6:
+	@echo "Attempting to connect to container www..."
+	@for i in $$(seq 1 $(MAX_RETRIES)); do \
+		if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent http://[2001:db8:1::3]" > /dev/null 2>&1; then \
+			echo "Connected successfully"; \
+			exit 0; \
+		else \
+			echo "Connection failed"; \
+			if [ $$i -lt $(MAX_RETRIES) ]; then \
+				echo "Retrying in 2 seconds..."; \
+				sleep 2; \
+			else \
+				echo "Max retries reached"; \
+				exit 1; \
+			fi; \
+		fi; \
+	done
+
+FWIP := $(shell metalctl network ip list --name fw --network $(shell metalctl network list --name user-private-network -o template --template '{{ .id }}') -o template --template "{{ .ipaddress }}" --addressfamily IPv6 )
+
+.PHONY: connect-to-node-exporter-on-firewall
+connect-to-node-exporter-on-firewall:
+	@echo "Attempting to connect to node exporter on the firewall"
+	echo "Firewall IP: $(FWIP)"
+	@for i in $$(seq 1 $(MAX_RETRIES)); do \
+		if $(MAKE) ssh-machine COMMAND="sudo curl --connect-timeout 1 --fail --silent http://[$(FWIP)]:9100/metrics" > /dev/null 2>&1; then \
+			echo "Connected successfully"; \
+			exit 0; \
+		else \
+			echo "Connection failed"; \
+			if [ $$i -lt $(MAX_RETRIES) ]; then \
+				echo "Retrying in 2 seconds..."; \
+				sleep 2; \
+			else \
+				echo "Max retries reached"; \
+				exit 1; \
+			fi; \
+		fi; \
+	done
+
 ## DEV TARGETS ##
 
 .PHONY: dev-env

@@ -30,6 +30,8 @@ The mini-lab is a small, virtual setup to locally run the metal-stack. It deploy
 Here is some code that should help you to set up most of the requirements:
 
  ```bash
+# systemctl restart docker if changes where made to this file
+
 # If UFW enabled.
 # Disable the firewall or allow traffic through Docker network IP range.
 sudo ufw status

@@ -1,11 +1,12 @@
 frr defaults datacenter
 hostname inet
-!
 log syslog informational
+ipv6 forwarding
 !
 vrf vrfInternet
  vni 104009
  ip route 0.0.0.0/0 203.0.113.1
+ ipv6 route ::/0 2001:db8:1::1
 exit-vrf
 !
 interface eth1
@@ -18,6 +19,7 @@ interface eth2
 !
 interface ext
  ip address 203.0.113.2/24
+ ipv6 address 2001:db8:1::2/64
 !
 interface lo
  ip address 10.0.0.21/32
@@ -35,6 +37,10 @@ router bgp 4200000021
   redistribute connected route-map LOOPBACKS
  exit-address-family
  !
+ address-family ipv6 unicast
+  redistribute connected route-map LOOPBACKS
+ exit-address-family
+ !
  address-family l2vpn evpn
   advertise-all-vni
   neighbor FABRIC activate
@@ -49,12 +55,15 @@ router bgp 4200000021 vrf vrfInternet
   redistribute static
  exit-address-family
  !
+ address-family ipv6 unicast
+  redistribute static
+ exit-address-family
+ !
  address-family l2vpn evpn
   advertise ipv4 unicast
+  advertise ipv6 unicast
  exit-address-family
 !
 route-map LOOPBACKS permit 10
-  match interface lo
-!
-line vty
+ match interface lo
 !
@@ -17,6 +17,7 @@ bridge vlan del vid 1 dev bridge self
 bridge vlan add vid 1000 dev bridge self
 ip link set dev vlanInternet up
 
+
 ip link add vniInternet type vxlan id 104009 dstport 4789 local 10.0.0.21 nolearning
 ip link set dev vniInternet mtu 9000
 ip link set dev vniInternet master bridge

@@ -6,6 +6,12 @@ egress:
     protocol: TCP
     to:
       - 0.0.0.0/0
+  - comment: allow outgoing http
+    ports:
+      - 80
+    protocol: TCP
+    to:
+      - ::/0
   - comment: allow outgoing https
     ports:
       - 443

@@ -7,9 +7,9 @@ metal_stack_release_version: develop
 
 # metal_hammer_image_url: https://images.metal-stack.io/metal-hammer/pull-requests/<pr-number-and-title>/metal-hammer-initrd.img.lz4
 # metal_api_image_name:
-# metal_api_image_tag:
+metal_api_image_tag: dualstack-support
 # metal_metalctl_image_name:
-# metal_metalctl_image_tag:
+metal_metalctl_image_tag: 256-dualstack-support
 # metal_masterdata_api_image_name:
 # metal_masterdata_api_image_tag:
 # metal_console_image_name:
@@ -19,6 +19,7 @@ metal_stack_release_version: develop
 # further overrides can be looked up in the metal-role projects where the mapping is defined:
 # https://github.com/metal-stack/metal-roles/blob/master/defaults/main.yaml
 
+metal_core_image_tag: ipv6-support
 ##
 ## for ansible roles
 ##

@@ -17,7 +17,9 @@ metal_api_images:
 - id: firewall-ubuntu-3.0
   name: Firewall 3 Ubuntu
   description: Firewall 3 Ubuntu Latest Release
-  url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4
+  # url: https://images.metal-stack.io/metal-os/{{ metal_api_latest_os_image_release_name }}/firewall/3.0-ubuntu/img.tar.lz4
+  url: https://images.metal-stack.io/metal-os/pull_requests/252-allow-ipv6-firewall-rules/firewall/3.0-ubuntu/img.tar.lz4
+  # url: https://images.metal-stack.io/metal-os/stable/firewall/3.0-ubuntu/img.tar.lz4
   features:
     - firewall
 - id: ubuntu-24.04
@@ -56,13 +58,18 @@ metal_api_networks:
 - id: tenant-super-network-mini-lab
   name: "Project Super Network"
   description: "Super network of all project networks"
+  # must be inherited to child networks
   nat: false
   privatesuper: true
   underlay: false
   destinationprefixes: []
   partitionid: mini-lab
+  defaultchildprefixlength:
+    IPv4: 22
+    IPv6: 64
   prefixes:
   - 10.0.0.0/16
+  - 2001:db8:2::/48
 - id: internet-mini-lab
   name: "Virtual Internet Network"
   description: "Virtual Internet Network for mini-lab"
@@ -71,10 +78,12 @@ metal_api_networks:
   underlay: false
   destinationprefixes:
     - 0.0.0.0/0
+    - ::/0
   partitionid: "mini-lab"
   vrf: 104009
   prefixes:
   - 203.0.113.128/25
+  - 2001:db8:1:1::/80
   labels:
     network.metal-stack.io/default: ""
     network.metal-stack.io/default-external: ""

@@ -33,6 +33,7 @@ topology:
         - files/inet/vtysh.conf:/etc/frr/vtysh.conf
         - files/inet/network.sh:/root/network.sh
       exec:
+        - apk add iptables
         - sh /root/network.sh
     vms:
       kind: linux
@@ -47,6 +48,9 @@ topology:
       exec:
         - ip addr add 203.0.113.3/24 dev ext
         - ip route add 203.0.113.128/25 via 203.0.113.2 dev ext
+        - ip -6 addr add 2001:db8:1::3/64 dev ext
+        - ip -6 route add 2001:db8:2::/64 via 2001:db8:1::2 dev ext
+        - ip -6 route add 2001:db8:1:1::/64 via  2001:db8:1::2 dev ext
   links:
     - endpoints: ["inet:ext", "mini_lab_ext:inet"]
       mtu: 9000

@@ -45,6 +45,9 @@ echo "$phoned/$minPhoned machines have phoned home"
 echo "Test connectivity to outside"
 make connect-to-www
 
+echo "Test connectivity to outside ipv6"
+make connect-to-www-ipv6
+
 echo "Test connectivity from outside"
 ssh -o StrictHostKeyChecking=no -o "PubkeyAcceptedKeyTypes +ssh-rsa" -i files/ssh/id_rsa [email protected] -C exit