Author: Amadeus Podvratnik (pod@de.ibm.com)

IPv6 addresses have several advantages compared to IPv4. A cleaner design, easier troubleshooting, “unlimited” free addresses, VNFs, and mobile networking are only few of them.  Even if up to 99% of all users would like to have IPv6 only, a small group requires still IPv4. With the IPv6 dual-stack support it is possible to get IPv4 and IPv6 address for containers. 

Overview

IPv6 addresses provide advantages compared to IPv4, such as “unlimited” free addresses, a cleaner design, easier troubleshooting, VNFs, and mobile networking to name a few. Since some installations still require IPv4, IPv4/IPv6 dual-stack support was introduced in Red Hat OpenShift 4.8 (k8s 1.21). The dual-stack support was enabled for Kubernetes OVN network provider.

With the dual-stack support every deployed pod will get both an IPv4 address and an IPv6 address. In addition, services are enabled for IPv4 and IPv6 addresses (services can use IPv4, IPv6, or both) and the egress routing (e.g., the internet) is possible for IPv4 and IPv6 interfaces.

This blog post describes the enablement of dual-stack for an IBM z/VM / KVM based Red Hat OpenShift cluster.

IPv4 / IPv6 dual-stack support

To be able to convert a Red Hat OpenShift installation to dual-stack networking several prerequisites are necessary, while there is no additional hardware dependency.

• Every node requires a proper IPv6 address. For z/VM the setup of the networking is being reflected within the network scripts and the parm files for booting the nodes.

The possible z/VM parm file for a dual-stack network configuration would look like:

rd.neednet=1 console=ttysclp0  coreos.inst.install_dev=sda coreos.live.rootfs_url=http://172.23.143.25/redhat/ocp/rhcos-412.86.202209072117-0/rhcos-412.86.202209072117-0-live-rootfs.s390x.img coreos.inst.ignition_url=http://bastion.boea3e06.lnxero1.boe:8080/ignition/master.ign ip=10.14.6.3::10.14.6.1:255.255.255.0::encbdd0:none nameserver=10.14.6.1 ip=[fd00::3]::[fd00::1]:64::encbdd0:none nameserver=[fd00::1] zfcp.allow_lun_scan=0 rd.znet=qeth,0.0.bdd0,0.0.bdd1,0.0.bdd2,layer2=1 rd.zfcp=0.0.8002,0x500507630400d1e3,0x4000404600000000 rd.zfcp=0.0.8102,0x50050763040851e3,0x4000404600000000

The settings in bold are the IPv6 configuration parameters.

• On KVM, DHCP can be used to assign a proper IPv6 address. DHCP can be configure in various ways and the following definition is based on default network definition for KVM.

The easiest way for dual-stack support is a fresh installation of Red Hat OpenShift because of the necessary IPv6 addresses and default routes for given nodes.

• To verify that the node has a proper IPv4 and IPv6 check the IP addresses and if a default route exists (you need to connect to the node to check). E.g.,:

If the nodes have all a proper IPv6 address assigned, the enablement of dual-stack support on an existing Red Hat OpenShift installation is a straightforward task:

• Create a ipv6 network config yaml (e.g., ipv6-network.yaml):
  

• Patch network config operator:

• Wait until network config operator is being restarted.

After restart of the network config operator every new deployed pod will receive an ipv4 and ipv6 address.

Conclusion

Dual-stack support for Red Hat OpenShift is easy to achieve and in action does not put any additional performance latency on top. For production environments there is no reason not to use a dual-stack enabled Red Hat OpenShift installation.

References

• https://docs.openshift.com/container-platform/4.13/networking/ovn_kubernetes_network_provider/converting-to-dual-stack.html
• https://www.ipv6council.be/wp-content/uploads/2022/04/IPv6-Kubernetes-OpenShift.pdf
• https://kubernetes.io/docs/concepts/services-networking/dual-stack/
• https://github.com/kubernetes-sigs/ip-masq-agent