![Page 1: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/1.jpg)
Nicolas Leiva (@nleiv4)Solutions Architect
Why & How
Running IPv6-enabled Containers in the cloud
April 30, 2019
![Page 2: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/2.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda
![Page 3: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/3.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Agenda
• Intro
• Container networking basics• How can IPv6 help
• What can we do today in the cloud with IPv6
• Conclusion & Links
![Page 4: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/4.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Container Networking basics
![Page 5: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/5.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Container Networking IPv4
• Linux Bridge
• Private IP address space
• Network Address Translation
![Page 6: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/6.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Container Networking IPv4
• Linux Bridge
• Private IP address space
• Network Address Translation
![Page 7: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/7.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Container Networking IPv4
• Linux Bridge
• Private IP address space
• Network Address Translation
![Page 8: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/8.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Connecting a Container
• Container• namespace: Isolate system resources• cgroup: Limits the resource usage
![Page 9: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/9.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multiple Containers per node
• You can run as many as you want depending on the resources in the host• Specify resource constraints!
packet
![Page 10: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/10.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Multiple Containers
• Pool of machines (cluster)
• Orchestrator • Service lifecycle• Monitoring• Handle failure scenarios
• Kubernetes, Docker Swarm, Cloud Foundry, Nomad, Mesos, Nomad…
packet
![Page 11: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/11.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Kubernetes
• Most popular open-source container orchestration system
• What about networking?. A Big LAN?
![Page 12: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/12.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Kubernetes Networking
• All containers can communicate with all other containers without NAT
• All nodes can communicate with all containers (and vice-versa) without NAT
• The IP that a container sees itself as is the same IP that others see it as
![Page 13: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/13.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Where do you run a Kubernetes Cluster?
• On-prem, Cloud Provider, etc.
• One environment is not too hard to master, however in distributed architectures the interconnection or the network becomes crucial (a pain point).
![Page 14: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/14.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Interconnecting two clusters
• Interconnect private IPv4 islands between two different Cloud Providers over the Internet
packet
![Page 15: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/15.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Interconnecting two clusters
• Interconnect private IPv4 islands between two different Cloud Providers over a private network
packet
![Page 16: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/16.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Interconnecting two clusters
• Consider failure scenarios, add redundancy, bandwidth requirements.
![Page 17: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/17.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Interconnecting three clusters
• If we add another cluster
![Page 18: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/18.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Interconnecting four clusters
• And another.. Hub & Spoke
![Page 19: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/19.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Interconnecting four clusters
• Or Full mesh -> N*(N-1)/2 -> (4 * 3)/2 = 6 links
![Page 20: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/20.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
How can IPv6 help
![Page 21: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/21.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPv4 intro
• The Internet protocol (IP) was defined in 1981• Internet addresses -> fixed length of four octets (32 bits)• Fourth version of the protocol -> IP version 4 (IPv4)
• In 1992, it became evident that we would eventually run out of IPv4 addresses• 1994: Re-usable private IP addresses • Network Address Translation (NAT): Translate private to a—public—IP address that is globally
unique
203.0.113.1/24
![Page 22: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/22.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPv4 in numbers
• The total number of public IPv4 addresses is ~3.7 billion• That less than the world population (~7.7 billion)• ~3.2 billion people will be online by the end of 2019
• The price of each IPv4 address is exceeding $20 nowadays
![Page 23: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/23.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPv6 intro
• In 1995, a new version of the Internet Protocol came out (expanded addressing capabilities)• IPv6 increases the IP address size from 32 bits to 128 bits• Lots of available public IPv6 address
• The problem? IPv6 is not backwards compatible with IPv4. Really slow transition• Over 20 years now with a current adoption of ~28% (*)
2001:db8::f00d/24
(*) https://www.google.com/intl/en/ipv6/statistics.html
![Page 24: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/24.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPv6 in numbers
• The total number of global IPv6 addresses is 2^125 • 42,535,295,865,117,307,932,921,825,928,971,026,432
• We could assign a—public—IPv6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still have enough addresses left to do another 100+ earths (*)
billion
(*) https://itknowledgeexchange.techtarget.com/whatis/ipv6-addresses-how-many-is-that-in-numbers/
![Page 25: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/25.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Kubernetes multi-cluster Networking, IPv6
• If we had infinite global IP addresses, we could forget about VPN’s (you can still do it at host level)
![Page 26: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/26.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Security concerns?
• NAT does not block packets. • It does however hide internal addressing at the cost of keeping the state of the translation
somewhere else.
![Page 27: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/27.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPv6 Subnetting
• A Cloud Provider will assign you a /56 IPv6 prefix per VPC• You can breakdown this into smaller prefixes• -> 256 /64 networks
2001:db8:f00d:aa00::/56
2001:db8:f00d:aa00::/64
2001:db8:f00d:aa01::/64
2001:db8:f00d:aaff:/64
2001:db8:f00d:aa02::/64
2001:db8:f00d:aa03::/64
…
1
2
3
4
…
256
![Page 28: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/28.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Addressing schema in a VPC
2001:db8:f00d:aa00::/56
2001:db8:f00d:aa00::/64
2001:db8:f00d:aa01::/64
2001:db8:f00d:aa02:/64
2001:db8:f00d:aa03::/64
2001:db8:f00d:aa04::/64
2001:db8:f00d:aa05::/64
![Page 29: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/29.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What can we do today in the cloud with IPv6
![Page 30: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/30.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
IPv6 infrastructure support
Assign one or more global IPv6 addresses to an instance
Apply IPv6 Security policies
However, NO IPv6 Subnet Routing to an Instance (subnetting)• Alternative?: AWS Elastic Network Interfaces• Not exactly what I want, but is as good as it gets
![Page 31: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/31.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
VM
AWS: Step by Step
1. Design an IPv6 address plan
2. Create an Elastic Network Interface (ENI)
3. Create an EC2 instances with an ENI attached to it
4. Re-configure IPv6 addressing on the instance
5. Check we can reach the Internet over IPv6
6. Upgrade OS packages
7. Install Docker
8. Configure Docker to allocate IPv6 addresses
9. Run a couple of Containers using only IPv6
10. Test connectivity between containers
ENI
2600:1f18:47b::8/126
Container Container
![Page 32: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/32.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1. Design an IPv6 addressing plan
• 1 IPv6 address for the node
• 4 IPv6 addresses for container allocation2600:1f18:47b::1:1
2600:1f18:47b::82600:1f18:47b::92600:1f18:47b::a2600:1f18:47b::b
2600:1f18:47b::8/126
![Page 33: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/33.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
2. Create an Elastic Network Interface (ENI)
• An ENI represents a virtual network card2600:1f18:47b::1:1
2600:1f18:47b::82600:1f18:47b::92600:1f18:47b::a2600:1f18:47b::b
ENI
![Page 34: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/34.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
2. Create an Elastic Network Interface (ENI)
• An ENI represents a virtual network card
eni1=`aws ec2 create-network-interface \--subnet-id $subnetId \--description "My IPv6 ENI 1" \--groups $sgId \--ipv6-addresses \Ipv6Address=2600:1f18:47b::1:1 \Ipv6Address=2600:1f18:47b::8 \Ipv6Address=2600:1f18:47b::9 \Ipv6Address=2600:1f18:47b::a \Ipv6Address=2600:1f18:47b::b \--query 'NetworkInterface.NetworkInterfaceId' \--output text`
![Page 35: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/35.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
3. Create an EC2 instances with an ENI attached
• Addresses are automagically routed to your instance
• The number of IP addresses you can assign to an instance is restricted by its type (max 50)
![Page 36: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/36.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
3. Create an EC2 instances with an ENI attached
• Attach the ENI we previously created, whose ID was stored in $eni1. • We keep the instance ID we receive back from AWS in $vm1
vm1=`aws ec2 run-instances \--key-name $AWS_SSH_KEY \--image-id ami-0ac019f4fcb7cb7e6 \--instance-type r5d.large \--network-interfaces DeviceIndex=0,NetworkInterfaceId=$eni1 \--query 'Instances[0].InstanceId' \--output text`
![Page 37: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/37.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
4. Re-configure IPv6 addressing on the instance
• Use Netplan if using Ubuntu 18.04• Netplan is a YAML network configuration abstraction.
network:version: 2ethernets:
ens5:dhcp6: noaccept-ra: noaddresses:- 2600:1f18:47b::1:1/64gateway6: fe80::1066:30ff:feb8:c008
$ sudo netplan --debug apply
/etc/netplan/50-cloud-init.yaml
![Page 38: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/38.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
5. Check we can reach the Internet over IPv6
• Inside the container• ping6 2600 ::• ping6 ipv6-test.com -c 1• ...
Full Outputs
root@d7c9480161f9:/# ping6 ipv6-test.com -c 1
PING ipv6-test.com(agaric.t0x.net (2001:41d0:8:e8ad::1)) 56 data bytes
64 bytes from agaric.t0x.net (2001:41d0:8:e8ad::1): icmp_seq=1 ttl=46 time=78.7 ms
--- ipv6-test.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 78.788/78.788/78.788/0.000 ms
![Page 39: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/39.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
6. Upgrade OS packages
• IPv6-only environment• Default package repository is not IPv6 friendly• To update packages modify your sources.list file
$ sudo apt-get -o Acquire::ForceIPv6=true updateGet:1 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [83.2 kB]...Get:40 http://archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [1604 B]Fetched 28.4 MB in 5s (5363 kB/s)Reading package lists... Done
us-east-1.ec2.archive.ubuntu.com
us-east-1.ec2.archive.ubuntu.com
![Page 40: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/40.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
7. Install Docker
• IPv6-only environment
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"$ sudo apt-get -o Acquire::ForceIPv6=true install –y docker-ce
download.docker.com
![Page 41: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/41.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
8. Configure Docker to allocate IPv6 addresses
• Configure IPv6 address allocation on Docker’s bridge (docker0)
{"ipv6": true,"fixed-cidr-v6": "2600:1f18:47b:ca03::8/126"
}
$ sudo systemctl restart docker
/etc/docker/daemon.json
![Page 42: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/42.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
registry-1.docker.io
9. Run a couple of Containers using only IPv6
• Making the instances IPv6-friendly• Container registry: Google Container Registry
$ docker run -it --rm gcr.io/gcp-runtimes/ubuntu_18_0_4:latest bashlatest: Pulling from gcp-runtimes/ubuntu_18_0_4deabf7bad5e7: Pull complete…Digest: sha256:af51882c2cb15cb3ed133ac62debb744057e02d6dee8db25a54caac158be2a3cStatus: Downloaded newer image for gcr.io/gcp-runtimes/ubuntu_18_0_4:latestroot@bf2f00033d64:/#
hub.docker.com
$ docker run ubuntu
![Page 43: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/43.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
10. Test connectivity between containers
• Ping6 between containers
Full Outputs
![Page 44: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/44.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Conclusion & Links
![Page 45: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/45.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Blog posts
• Kubernetes Networking: Behind the sceneshttps://itnext.io/kubernetes-networking-behind-the-scenes-39a1ab1792bb
• Kubernetes multi-cluster networking made simple https://itnext.io/kubernetes-multi-cluster-networking-made-simple-c8f26827813
• How to run IPv6-enabled Docker containers on AWS https://medium.freecodecamp.org/how-to-run-ipv6-enabled-docker-containers-on-aws-87e090ab0397
![Page 46: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/46.jpg)
![Page 47: OIS2019 IPv6 Docker€¦ · AWS: Step by Step 1. Design an IPv6 address plan 2. Create an Elastic Network Interface (ENI) 3. Create an EC2 instances with an ENI attached to it 4](https://reader033.vdocument.in/reader033/viewer/2022042322/5f0cfaed7e708231d438153e/html5/thumbnails/47.jpg)
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Docker caveats
• Still need to plug this to Kubernetes
• IPv6 is disabled on containers in some Docker versions
• “The subnet for Docker containers should at least have a size of /80, so that an IPv6 address can end with the container’s MAC address and you prevent NDP neighbor cache invalidation issues in the Docker layer”
• …