Page MenuHomePhabricator
Create Task
Maniphest T379283

IPv6 support in cloud-private
Closed, ResolvedPublic
Actions

Description

To make T379282: IPv6 for cloud-realm services happen we need a possibility to add IPv6 connectivity to the cloud-private networks. I think we can slowly add actual addresses and DNS records for hosts as we need them for some service or refresh hosts instead of doing everything at once.

Details

Other Assignee
cmooney
Related Changes in Gerrit:
Show related patches Customize query in gerrit

Related Objects
Search...

Event Timeline

taavi created this task.Nov 7 2024, 4:58 PM
taavi moved this task from Unsorted to Network on the Cloud-VPS board.
taavi added a project: IPv6.
taavi added subscribers: cmooney, aborrero.Nov 7 2024, 5:05 PM

Hi @cmooney (and cc @aborrero) - For this and the parent task I need v6 subnets for the following:

I skimmed through T187929: Cloud IPv6 subnets but couldn't see these mentioned specifically. Did you plan something for these already or do we need to figure them out here?

gerritbot added a comment.Nov 7 2024, 5:16 PM

Change #1088341 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:wmcs::cloud_private_subnet: Add IPv6 support

https://gerrit.wikimedia.org/r/1088341

gerritbot added a project: Patch-For-Review.Nov 7 2024, 5:16 PM
aborrero triaged this task as Medium priority.Nov 8 2024, 10:47 AM
aborrero added a project: User-aborrero.
gerritbot added a comment.Nov 8 2024, 10:48 AM

Change #1088341 merged by Arturo Borrero Gonzalez:

[operations/puppet@production] P:wmcs::cloud_private_subnet: Add IPv6 support

https://gerrit.wikimedia.org/r/1088341

aborrero moved this task from Backlog to Radar/observer on the User-aborrero board.Nov 8 2024, 10:54 AM
aborrero added a comment.Nov 8 2024, 10:59 AM

My feeling is that https://netbox.wikimedia.org/ipam/prefixes/1089/ 2a02:ec80:a100:200::/56 which is wmcs cloud-private codfw (non-openstack) was allocated for this.

But I'm a bit lost in the sea of the new prefixes, and a confirmation by @cmooney should be needed here.

For eqiad, I don't think we have allocated that just yet.

Maintenance_bot removed a project: Patch-For-Review.Nov 8 2024, 11:30 AM
cmooney added a comment.EditedNov 13 2024, 12:52 PM
In T379283#10300633, @taavi wrote:

I skimmed through T187929: Cloud IPv6 subnets but couldn't see these mentioned specifically. Did you plan something for these already or do we need to figure them out here?

Apologies for the delay guys. Yes @aborrero that /56 was allocated for this purpose. I would suggest we allocate the per-rack subnets as follows, attached to the vlans and site in the same way as the v4 subnets:

VlanVlan nameIPv4 SubnetNew IPv6 Subnet
1151cloud-private-c8-eqiad172.20.1.0/242a02:ec80:a000:0201::/64
1152cloud-private-d5-eqiad172.20.2.0/242a02:ec80:a000:0202::/64
1153cloud-private-e4-eqiad172.20.3.0/242a02:ec80:a000:0203::/64
1154cloud-private-f4-eqiad172.20.4.0/242a02:ec80:a000:0204::/64

And for codfw:

VlanVlan nameIPv4 SubnetNew IPv6 Subnet
2151cloud-private-b1-codfw172.20.5.0/242a02:ec80:a100:205::/64

The hosts will need routes for new aggregate ranges, via the '::1' IP on their local subnet (i.e. same as they route 172.20.0.0/16 via 172.20.x.1).

eqiad: 2a02:ec80:a000:200::/56
codfw: 2a02:ec80:a100:200::/56

While we don't currently have a path between the networks in either site it's probably no harm to add both routes to all hosts, and if we do that in future (via GRE or IPsec or otherwise - indeed plain routing here may be an option) we won't have to revisit.

We may also eventually need to allocate some public IPv6 addressing, for similar use to 185.15.56.160/28 in v4, but I think we can probably deal with that later?

Are you ok to add these or should I? I will need to allocate an IP for the switch on each vlan anyway, and then look at updating the routing config on the cloud switches to enable BGP for IPv6.

aborrero added a comment.Nov 14 2024, 9:23 AM

Thanks for working on this @cmooney. I agree with the allocations.

I would appreciate if you can add the netbox objects yourself. Otherwise I will try to do it myself next week.

taavi added a comment.Nov 15 2024, 7:22 AM

The allocations SGTM too, thanks!

In T379283#10316397, @cmooney wrote:

We may also eventually need to allocate some public IPv6 addressing, for similar use to 185.15.56.160/28 in v4, but I think we can probably deal with that later?

I'd like to get that done sooner than later :-) although that probably should be discussed in T379282: IPv6 for cloud-realm services if we're doing that separately.

gerritbot added a comment.Jan 10 2025, 3:41 PM

Change #1109732 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/dns@master] DNS Template include statements for new WMCS IPv6 ranges

https://gerrit.wikimedia.org/r/1109732

gerritbot added a project: Patch-For-Review.Jan 10 2025, 3:41 PM
gerritbot added a comment.Jan 10 2025, 4:54 PM

Change #1109732 merged by Cathal Mooney:

[operations/dns@master] DNS Template include statements for new WMCS IPv6 ranges

https://gerrit.wikimedia.org/r/1109732

Maintenance_bot removed a project: Patch-For-Review.Jan 10 2025, 5:30 PM
gerritbot added a comment.Jan 11 2025, 10:58 AM

Change #1109983 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] hieradata: Add cloud-private v6 supernets

https://gerrit.wikimedia.org/r/1109983

gerritbot added a project: Patch-For-Review.Jan 11 2025, 10:58 AM
gerritbot added a comment.Jan 13 2025, 4:27 PM

Change #1109983 merged by Majavah:

[operations/puppet@production] hieradata: Add cloud-private v6 supernets

https://gerrit.wikimedia.org/r/1109983

Maintenance_bot removed a project: Patch-For-Review.Jan 13 2025, 4:31 PM
gerritbot added a comment.Mar 10 2025, 1:01 PM

Change #1126035 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] Add cloud IPv6 ranges to Capirca IP block definitions

https://gerrit.wikimedia.org/r/1126035

gerritbot added a project: Patch-For-Review.Mar 10 2025, 1:01 PM
gerritbot added a comment.Mar 13 2025, 12:59 PM

Change #1126035 merged by jenkins-bot:

[operations/homer/public@master] Add cloud IPv6 ranges to Capirca IP block definitions

https://gerrit.wikimedia.org/r/1126035

Maintenance_bot removed a project: Patch-For-Review.Mar 13 2025, 1:30 PM
gerritbot added a comment.Mar 13 2025, 1:34 PM

Change #1127526 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] Cloud-in: Add specific term allowing ICMPv6 from cloud-transports

https://gerrit.wikimedia.org/r/1127526

gerritbot added a project: Patch-For-Review.Mar 13 2025, 1:34 PM
gerritbot added a comment.Mar 13 2025, 4:29 PM

Change #1127526 merged by jenkins-bot:

[operations/homer/public@master] Cloud-in: Add specific term allowing ICMPv6 from cloud-transports

https://gerrit.wikimedia.org/r/1127526

Maintenance_bot removed a project: Patch-For-Review.Mar 13 2025, 4:33 PM
gerritbot added a comment.Mar 21 2025, 3:29 PM

Change #1130143 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/dns@master] Add include statement for WMCS Eqiad reverse IPv6 snippet

https://gerrit.wikimedia.org/r/1130143

gerritbot added a project: Patch-For-Review.Mar 21 2025, 3:29 PM
gerritbot added a comment.Mar 21 2025, 3:35 PM

Change #1130143 merged by Cathal Mooney:

[operations/dns@master] Add include statement for WMCS Eqiad reverse IPv6 snippet

https://gerrit.wikimedia.org/r/1130143

Maintenance_bot removed a project: Patch-For-Review.Mar 21 2025, 4:31 PM
gerritbot added a comment.Mar 21 2025, 5:17 PM

Change #1130159 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/dns@master] Add reverse zone for 172.31.0.0/16

https://gerrit.wikimedia.org/r/1130159

gerritbot added a project: Patch-For-Review.Mar 21 2025, 5:17 PM
gerritbot added a comment.Mar 21 2025, 5:31 PM

Change #1130159 merged by Cathal Mooney:

[operations/dns@master] Add reverse zone for 172.31.0.0/16

https://gerrit.wikimedia.org/r/1130159

Maintenance_bot removed a project: Patch-For-Review.Mar 21 2025, 6:30 PM
cmooney added a comment.Mar 21 2025, 7:03 PM

@aborrero I made some progress on this today, but we're not quite there.

Unfortunately when I enabled OSPF on the cloud switches it caused some problems - see https://phabricator.wikimedia.org/T389672#10663716

So I'll need to go back and try to piece all that together before we can proceed here.

gerritbot added a comment.Apr 7 2025, 1:24 PM

Change #1134694 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] network: Add v6 cloud-private addresses

https://gerrit.wikimedia.org/r/1134694

gerritbot added a project: Patch-For-Review.Apr 7 2025, 1:24 PM
gerritbot added a comment.Apr 7 2025, 1:49 PM

Change #1134694 merged by Majavah:

[operations/puppet@production] network: Add v6 cloud-private addresses

https://gerrit.wikimedia.org/r/1134694

Maintenance_bot removed a project: Patch-For-Review.Apr 7 2025, 2:31 PM
gerritbot added a comment.Apr 16 2025, 12:18 PM

Change #1136995 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] WMCS: Remove static routes for cloudsw2-d5-eqiad loopbacks

https://gerrit.wikimedia.org/r/1136995

gerritbot added a project: Patch-For-Review.Apr 16 2025, 12:18 PM
gerritbot added a comment.Apr 16 2025, 12:21 PM

Change #1136995 merged by jenkins-bot:

[operations/homer/public@master] WMCS: Remove static routes for cloudsw2-d5-eqiad loopbacks

https://gerrit.wikimedia.org/r/1136995

gerritbot added a comment.Apr 16 2025, 12:23 PM

Change #1136996 had a related patch set uploaded (by Cathal Mooney; author: Cathal Mooney):

[operations/homer/public@master] WMCS: Change ASN for cloudsw1-e4/f4

https://gerrit.wikimedia.org/r/1136996

gerritbot added a comment.Apr 16 2025, 12:27 PM

Change #1136996 merged by jenkins-bot:

[operations/homer/public@master] WMCS: Change ASN for cloudsw1-e4/f4

https://gerrit.wikimedia.org/r/1136996

Maintenance_bot removed a project: Patch-For-Review.Apr 16 2025, 12:31 PM
gerritbot added a comment.May 13 2025, 8:03 AM

Change #1145093 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:openstack: keystone: Update ACLs for cloud-private v6

https://gerrit.wikimedia.org/r/1145093

gerritbot added a project: Patch-For-Review.May 13 2025, 8:03 AM

Change #1145094 had a related patch set uploaded (by Majavah; author: Majavah):

[operations/puppet@production] P:openstack: rabbitmq: Add cloud-private v6 nets to firewall

https://gerrit.wikimedia.org/r/1145094

gerritbot added a comment.May 15 2025, 10:35 AM

Change #1145093 merged by Majavah:

[operations/puppet@production] P:openstack: keystone: Update ACLs for cloud-private v6

https://gerrit.wikimedia.org/r/1145093

gerritbot added a comment.May 15 2025, 10:36 AM

Change #1145094 merged by Majavah:

[operations/puppet@production] P:openstack: rabbitmq: Add cloud-private v6 nets to firewall

https://gerrit.wikimedia.org/r/1145094

Maintenance_bot removed a project: Patch-For-Review.May 15 2025, 11:31 AM
Stashbot added a comment.Jun 10 2025, 10:16 AM

Mentioned in SAL (#wikimedia-cloud) [2025-06-10T10:16:23Z] <taavi> add cloud-private addresses to eqiad hosts T379283

taavi closed this task as Resolved.Jun 10 2025, 10:46 AM
taavi claimed this task.
taavi updated Other Assignee, added: cmooney.
taavi mentioned this in T379175: Enable IPv6 for the Cloud VPS web proxy.Jun 10 2025, 12:17 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits