OVN_Kubernetes IPv6 support

Signed-off-by: Aswin Suryanarayanan <[email protected]>
submariner-io · Jan 7, 2025 · 112f51a · 112f51a
1 parent 7b2b505
commit 112f51a
Showing 1 changed file with 103 additions and 0 deletions.
diff --git a/submariner/IPV6-OVN.md b/submariner/IPV6-OVN.md
@@ -0,0 +1,103 @@
+# **Submariner OVN CNI Enhancement for IPv6 Support**
+
+## **Summary**
+
+This proposal outlines the changes required in Submariner for  OVN Kubernetes
+CNI to enable IPv6 support, ensuring seamless connectivity between clusters
+using Submariner. The main proposal has the full design
+[IPv6 Datapath Enhancements](https://github.com/submariner-io/enhancements/blob/devel/submariner/IPV6-datapath.md)
+This covers only the OVN CNI part of it.
+
+---
+
+## Design Details
+
+The OVNKubernetes handler programs network policies and routes to direct traffic from
+the gateway and non-gateway nodes to direct the traffic to the remote cluster.
+At present the routes are only programmed for IPv4 for addresses. We need to enhance
+this to support IPV6 addresses as well.
+
+The handler for creating the Gateway and NonGateway routes needs to be enhanced.
+
+### GatewayRoute CRD
+
+The GatewayRoute will now create a new CR for with  the IPV6 next hops and
+IPV6 remote CIDRs for a dual-stack environment along with the existing IPv4 CIDR.
+For Ipv6 only there will be only the IPV6 CR
+
+The next hop will be the interface IP of ovn-k8s-mp0 interface, which is expected
+to have both IPv4 and IPV6 IPs in the case of dual-stack environments.
+
+```yaml
+apiVersion: submariner.io/v1alpha1
+kind: GatewayRoute
+metadata:
+  name: remote-cluster-route
+spec:
+  nextHops:
+    - "fd00:abcd::1"
+  remoteCIDRs:
+    - "fd00:4321::/64"
+```
+
+### NonGatewayRoute CRD
+
+The NonGatewayRoute will follow the same pattern as GatewayRoute and will create a new CR 
+for IPV6. The nexthops will be the transit switch IP of the gateway node.
+
+#### **NonGatewayRoute CRD Example**
+
+```yaml
+apiVersion: submariner.io/v1alpha1
+kind: NonGatewayRoute
+metadata:
+  name: non-gw-route
+spec:
+  nextHops:
+    - "fd00:cafe::1"
+  remoteCIDRs:
+    - "fd00:5678::/64"
+```
+
+### GatewayRoute Handler
+
+The GatewayRoute Handler should be aware of the IPV6 address that can be present in the CR
+and program the logical router policy and the logical route accordingly.
+
+The below is the logical router policy to reroute the submariner traffic to ovn-k8s-mp0.
+
+```plaintext
+match: "ip6.dst==fd00:5678::/64"
+action: reroute
+nexthops: ["fd00:abcd::1"]
+priority: 20000
+```
+The below is the logical route to accept the traffic coming from non-gateway nodes.
+
+```plaintext
+destination: "fd00:1234::/64"
+nexthop: "fd00:cafe::1"
+priority: 200
+```
+
+### NonGatewayRoute Handler
+
+The NonGatewayRoute Handler should be aware of the IPV6 address that can be present in the CR
+and program the logical router policy accordingly.
+
+The below is the logical router policy to reroute the submariner traffic to transit switch
+connecting to the gateway node.
+
+```plaintext
+match: "ip6.dst==fd00:5678::/64"
+action: reroute
+nexthops: ["fd00:abcd::1"]
+priority: 20000
+```
+### TODO
+
+* Enhance GatewayRoute controller and NonGatewayRoute controller to support IPV6
+* Ensure that GatewayRoute Handler and NonGatewayRoute Handler are programming the 
+required routes, if not make the required changes.
+
+---