Skip to content

Commit

Permalink
OVN_Kubernetes IPv6 support
Browse files Browse the repository at this point in the history 
Signed-off-by: Aswin Suryanarayanan <[email protected]>
  • Loading branch information
@aswinsuryan
aswinsuryan committed Jan 21, 2025
1 parent 8d733aa commit 4b34cbb
Showing 1 changed file with 105 additions and 0 deletions.
105 changes: 105 additions & 0 deletions submariner/IPV6-OVN.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
# **Submariner OVN CNI Enhancement for IPv6 Support**

## **Summary**

This proposal outlines the changes required in Submariner for OVN Kubernetes
CNI to enable IPv6 support, ensuring seamless connectivity between clusters
using Submariner. The main proposal has the full design
[IPv6 Datapath Enhancements](IPV6-datapath.md)
This covers only the OVN CNI part of it.

---

## Design Details

The OVNKubernetes driver programs network policies and routes to direct traffic from
the gateway and non-gateway nodes to the remote cluster.
At present the routes are only programmed for IPv4 for addresses. We need to enhance
this to support IPV6 addresses as well.

The handler for creating the Gateway and NonGateway routes needs to be enhanced.

### GatewayRoute CRD

A GatewayRoute CR will be created for each address family supported by the local cluster.
In the case of a dual-stack environment a CR will be create for both IPv4 and Ipv6 addresses.
For IPv6, only an IPV6 GatewayRoute will be created.

The next hop will be the interface IP of ovn-k8s-mp0 interface, which is expected
to have both IPv4 and IPV6 IPs in the case of dual-stack environments.

```yaml
apiVersion: submariner.io/v1alpha1
kind: GatewayRoute
metadata:
name: remote-cluster-route
spec:
nextHops:
- "fd00:abcd::1"
remoteCIDRs:
- "fd00:4321::/64"
```
### NonGatewayRoute CRD
The NonGatewayRoute will follow the same pattern as GatewayRoute with the creation of a new CR
for IPV6. The nexthops will be the transit switch IP of the gateway node.
#### **NonGatewayRoute CRD Example**
```yaml
apiVersion: submariner.io/v1alpha1
kind: NonGatewayRoute
metadata:
name: non-gw-route
spec:
nextHops:
- "fd00:cafe::1"
remoteCIDRs:
- "fd00:5678::/64"
```
### GatewayRoute Handler
The GatewayRoute Handler should be aware of the IPV6 address that can be present in the CR
and program the logical router policy and the logical route accordingly.
The below is the logical router policy to reroute the submariner traffic to ovn-k8s-mp0.
```plaintext
match: "ip6.dst==fd00:5678::/64"
action: reroute
nexthops: ["fd00:abcd::1"]
priority: 20000
```
The below is the logical route to accept the traffic coming from non-gateway nodes.
```plaintext
destination: "fd00:1234::/64"
nexthop: "fd00:cafe::1"
priority: 200
```
### NonGatewayRoute Handler
The NonGatewayRoute Handler should be aware of the IPV6 address that can be present in the CR
and program the logical router policy accordingly.
The below is the logical router policy to reroute the submariner traffic to transit switch
connecting to the gateway node.
```plaintext
match: "ip6.dst==fd00:5678::/64"
action: reroute
nexthops: ["fd00:abcd::1"]
priority: 20000
```
### TODO
* Enhance GatewayRoute controller and NonGatewayRoute controller to support IPV6
* Ensure that GatewayRoute Handler and NonGatewayRoute Handler are programming the
required routes, if not make the required changes.
---

0 comments on commit 4b34cbb

Please sign in to comment.