Senior Staff Technical Marketing Engineer, Isovalent at Cisco | Chief DEI Officer at OpenUK | Blogger | Book Author | Network | Cloud | Kubernetes
The more I learn about IPv6, the less I know. I've been working on creating Kubernetes on IPv6 content and the IPv6 landscape is...interesting to say the least. To keep it short, here are 10 main observations: 1. There's been lots of progress around IPv6 and Dual Stack support on Kubernetes, with IPv6-only available since 1.18 and Dual Stack GA since 1.23. 2. The hyper-scalers have also made some progress integrating IPv6 into their services, although most of it is dual-stack. Single-stack IPv6-only service availability is nowhere near as prominent as I expected. 3. Their managed K8S offerings (AKS, EKS and GKE) all offer various levels of IPv6 support: AKS (Dual Stack in Preview), GKE (Dual Stack) and EKS (Single Stack). There's been some significant progress on that front in the past 12 months. 4. The user experience still needs some work though - it should really be as simple as turning on an IPv6 flag. It is not. 5. If you want an IPv6-only Kubernetes cluster, expect a lot of pain. And it's not just because of Kubernetes. 6. The ecosystem hasn't really caught up. Worst culprit: GitHub. It's still not IPv6-capable so if you want to clone a repo, you've got to go via a proxy or via DNS64/NAT64 (more on that later). Come on GitHub - it's 2022. 7. Downloading images from the Docker Hub didn't work for me until I discovered there's beta IPv6 support for Docker Hub Registry. 8. So what can you do when you've got a single-stack IPv6 machine ready for connection and want to access an IPv4-only network? Two things: NAT64 and DNS64. 9. DNS64 returns AAAA records with synthetic IPv6 addresses for IPv4-only destinations (with A but not AAAA records in the DNS). Google has public DNS64 servers you can use. Or you can use CoreDNS's dns64 plugin. 10. Once you get an AAAA record from the DNS64 server, you need a NAT64 gateway to translate traffic to the synthetic IPv6 address to the real IPv4 address. Which brings me back to my current project - playing with Cilium's NAT46 and NAT64 integration. 🤓
Amit Gupta
1y
IPv6 isn't that tough to develop, not that tough to test either but even then no wants to implement it....(speaking on this as have been there and done that) 😊
Abdul Basit
1y
I can feel you, jool is my saviour for testing.
Really excellent observations Nicolas ... a bit desolating for a protocol that was initially released 27 years ago.
Tzahi Ben David 😉
Cloud Platform Automation | Business Development | Distinguished Speaker @ Cisco Live
1yThis was my experience with running an “IPv6 only” automation environment for a large POC. The main challenges: lack of single stack or even dual stack products. Poor SLAAC/DHCPv6 documentation and inconsistent implementation. Constant requirement to interact with v4 only services. And with Dual stack or NAT64: lots of debugging needed to see how the traffic is actually flowing. In an enterprise environment the effort isnt currently worth the reward.