FloatingIP/DNAT for IPv6 Addresses
SUMMARY Juniper Cloud-Native Contrail release 23.1 supports FloatingIP, or Dynamic Network
Address Translation (DNAT), for dual stack-enabled services (ClusterIP). This
article provides information about how this feature works in CN2.
Prerequisites
This feature requires the following:- An environment running CN2 release 23.1 or later
- A Kubeadm or Kubespray Kubernetes cluster with dual-stack
featureGateenabled. For more information, see IPv4 and IPv6 Dual-Stack Networking. - Kubernetes nodes configured with dual stack network interfaces
FloatingIP/DNAT Overview
In CN2, a FloatingIP implements ClusterIP functionality. After you create a service, a FloatingIP is allocated to that service from the service subnet and associated to all the back-end pod VMIs in the cluster. The vRouter performs DNAT for the back-end pods. This process comprises Equal-Cost Multi-Path Routing (ECMP) load balancing, where the back-end pod VMIs act as ECMP paths.DNAT for IPv6 Overview
CN2 release 23.1 supports DNAT (FloatingIP) for IPv4 and IPv6 addresses for the CN2 ClusterIP service. DNAT for IPv6 functions the same as DNAT for IPv4; create a service (ClusterIP), specifyPreferDualStack for the
ipFamilyPolicy, and an IPv6 FloatingIP is allocated to that service. The
vRouter performs DNAT and routes traffic to the next hop, or the translated destination
address (back end pod VMI). from external networks to your back-end pod VMIs.Deploy FloatingIP/DNAT
Complete the following steps to deploy this feature.
-
Configure and install a
Deployment. TheDeploymentobject creates the back-end pods for the ClusterIP service. The following is an exampleDeployment. ThisDeploymentcreates a pod namednginxwith a mountednginx-xconfconfig.apiVersion: apps/v1 kind: Deployment metadata: name: nginx namespace: example-clusterip6 spec: selector: matchLabels: app: nginx replicas: 1 template: metadata: labels: app: nginx spec: tolerations: - key: "node.kubernetes.io/unreachable" operator: "Exists" effect: "NoExecute" tolerationSeconds: 2 - key: "node.kubernetes.io/not-ready" operator: "Exists" effect: "NoExecute" tolerationSeconds: 2 containers: - name: nginx image: <repository>:<tag> ports: - containerPort: 8080 volumeMounts: - name: nginx-conf mountPath: /etc/nginx/nginx.conf subPath: nginx.conf readOnly: true volumes: - name: nginx-conf configMap: name: nginx-conf items: - key: nginx.conf path: nginx.conf -
Create a ClusterIP service. The following is an example service.
apiVersion: v1 kind: Service metadata: name: nginx namespace: clusterip6 labels: app: nginx spec: ports: - name: http port: 8080 protocol: TCP targetPort: 8080 selector: app: nginx ipFamilies: - "IPv6"Note the following fields:
-
labels: Identifies back-end pods with theapp: nginxlabel. -
selector: Instructs the service to select VMIs belonging to back-end pods the withapp: nginxlabel. -
ipFamilies: Specifies the IP family the ClusterIP service uses. The default is IPv4. To use both IP families, use the valueIpFamilyPolicy: PreferDualStack.
-