►
From YouTube: Antrea LIVE: Episode 14 (IPv6 on Tanzu with Antrea CNI)
Description
Join aiden obley this week to learn about IPv6 on the new VMWare Tanzu support for IPv6, and learn about how CPI node IP management and K8s ipv6 services route traffic to pods!
TKG_IP_FAMILY: "ipv6"
VSPHERE_CONTROL_PLANE_ENDPOINT: "2001:1900:2200:5f75::aaa0"
CLUSTER_CIDR: "fd00:100:96::/48"
SERVICE_CIDR: "fd00:100:64::/108"
A
A
C
A
D
A
So
yeah
so
so
aiden
my
fate,
so
aidan
is
on
this
team
called
the
cacone
team
and
they
named
themselves
after
a
dog
and
then
after
they
named
themselves
after
a
dog.
Our
team
named
ourselves
after
a
dog
alpine,
which
is
the
kind
of
dog
like
a
magical
dog,
and
then
so
they
got
this.
They
started
this
thing
where
we
all
started
naming
ourselves
after
dogs.
So
all
our
teams
are
dogs
now
for
anything
vaguely
related
to
networking
at
vmware,
so
first
thing
and
then
I
think
we
can
sort
of
get
into.
A
We
can
sort
of
start
getting
into
the
the
ipv6
stuff,
because
I
think
aidan's
gonna
have
a
lot
of
really
interesting
stuff
to
show
us
is.
There
was
like
one
really
interesting,
ipv6
question
that
was
asked
recently
on
k8
slack,
so
like
so
aiden,
usually
we
do
a
random
news
thing,
but
it's
like.
So
this
is
the
question
that
was
asked
and
since
ricardo's
here
and
he's
really
good
at
ipvs,
I
figured
we'd
put
him
on
the
spot.
A
A
A
D
So
I
I'm
trying
to
remember,
but
as
far
as
I
remember,
you
need
an
interface
to
assign
the
ip
for
ipvs.
Otherwise,
your
services
won't
know
how
to
reach
that
ap
right.
So
if
you
don't,
if
you
don't
have
any
any,
if
you
don't
have
any
any
interface
with
that
ip,
your
machine
is
just
not
gonna
know
like
your
workloads.
They
are
not
just
not
gonna
know
that
they
own
that
that
ip
address
right.
D
So
in
past,
when
you
created
some
load
balancers
and
you
as
an
example,
you
you
cr,
you
created
load
balancers
and
you
added
some
workload
and
you
needed
that
you,
you,
usually
you
usually
needed
to
add
the
ip
address
of
the
load,
balancer,
the
vip
yeah,
otherwise,
otherwise
the
machine
wouldn't
understand
so
and
if
it
receives
the
packet,
it
would
just
drop
because
the
ip
is
not
for
that
machine
right.
So
in
ipvs,
as
far
as
I
remember
was
the
same
reason
that
was
like
seven
or
ten
months
ago.
Okay,.
C
A
A
It
was
climate
42.
and
I
see
marion
oakley's.
Here
too,
we
have
all
these
new
people.
I
think
I
know
who
marian
oakley
is,
but
this
is
great.
So
if
you
all
want
to,
let
us
know
where
you're
from
that's
great,
otherwise
aiden
I
mean
I
have
no
other
news.
Unless
ricardo
you've
got
news,
we
could
just
or
june
jen,
you
have
any
announcements
on
the
entrance
side.
We
could
just
get
straight
into
ipv6
on
tanzu
translation,
okay,.
C
A
C
A
A
C
C
C
A
C
A
C
C
C
A
B
Yeah,
so
we've
we've
got
the
ipv6
stuff
pretty
well
situated
at
this
point
in
tanzu,
and
I
kind
of
just
wanted
to
show
a
little
bit
of
a
demo
what
we've
been
working
on
and
and
how
you
can
get
set
up
to
to
try
this
stuff
out.
If
you've
got
some
time,
maybe
look
around
at
some
of
the
code
and
you
know
have
it
get
a
better
idea
of
like
how
these
addresses
are
getting
assigned,
how
they're
getting
set
up.
B
I
first
wanted
to
kind
of
call
out
andrea's
done
a
really
great
job
of
making
it
easy
to
get
with
ipv6
on
a
kind
cluster.
It's
they've
got
these
nice
handy
scripts
that
will
go
ahead
and
set
up
your
kind.
Cluster
they've
got
a
readme
in
their
docs
folder
for
kind
specifically
that
talks
through.
You
know
how
to
do
this
manually
or
how
to
go
through
and
do
this
with
their
scripts,
so
we're
gonna.
So.
A
B
A
B
A
B
B
A
B
B
So
there
are
some
things:
the
reason
why
these
convenience
scripts
are
really
helpful.
There's
a
bunch
of
things
you
would
need
to
do
to
your
network
devices,
which
can
be
kind
of
complicated,
so
just
using
these
scripts
does
all
that
stuff
automatically
for
you,
so
you
don't
have
to
make
mistakes.
I've
done
that
enough
and
made
enough
mistakes.
A
B
A
A
B
A
A
A
C
B
A
B
B
A
B
A
B
A
B
B
B
A
B
A
I
try
to
play
with
this
this
sunday
because
they're
trying
to
we're
starting
to
test
this
in
kaping
and
like
nobody
can
people
are
like
posting
like
how
do
I
do
this?
How
do
I
do
that,
and
I
see
shirat
is
here
and
shirat
you
know
like
so
now.
We've
got
a
good
way
to
spin
up
ipv6
clusters
for
kp
g,
which
is
cool.
We
can.
A
We
can
start
to
do
use
this
as
a
workflow,
but,
like
you
can't
go
to
google
cloud
and
like
spin
up
a
you,
can't
click
a
button
and
get
a
dual
stack
or
ipv6
cluster
on
there.
I
don't
know,
maybe
you
could
do
it
on
amazon,
but
it
seems
like
it
seems,
like
tanza's
gonna,
be
one
of
the
really
cool
ways
to
like
actually
play
with
this
stuff.
I
think
I
don't
know
I
mean
yeah
like,
but
I
I
thought
it
would
be
like
once
I
was
playing
with
it.
A
B
B
B
B
A
B
B
B
B
A
B
All
right,
so,
if
you
haven't
seen
too
much
of
tanza
before
I'm
just
saying,
I
want
a
new
management
cluster,
a
management
cluster
will
allow
us
to
deploy
many
workload
clusters.
I
like
high
verbosity,
I
like
to
see
what
the
command's
doing
and
then
I'm
providing
it
this
file.
I
just
showed
you,
I
don't
want
to
be
prompted
and
again
I
don't
want
to
be
prompted
by
any
of
the
vsphere
stuff.
That's
me
just
saying
yes
to
all
of
the
prompts
automatically.
B
B
B
B
Well,
thank
you.
Thank
you.
So
if
I
take
a
look
at
this
kind
cluster
or
the
sorry,
this
control
point
node
and
I
once
again
look
at
the
status
here.
We
can
see
that
it
has
an
internal
and
an
external
ipv6
address.
So
that
means
like
for
readability
purposes,
and
we
see
that
it
has
a
podsider
range
that
is
equivalent
to
what
we
have
set
in
the
cluster
cider
range.
A
B
A
B
Well,
essentially,
the
interesting
part
is
like
that
that
cpi
behavior
is
what's
responsible
for
setting
up
these
ip
addresses
and
making
it
possible
for
a
lot
of
this
communication
to
start
working.
There's.
Also,
of
course,
the
cni
andrea
is
there
andrea
is
the
one
who's
responsible
for
setting
up
a
lot
of
like
the
pod
ip
stuff,
a
lot
of
the
actual
networking
of
it?
Okay,
the
cpi
is
more,
I
guess,
communicating
with
the
vsphere
and
getting
the
the
state
of
that
world,
so
it
can
be
reflected
accurately
in
kubernetes.
A
Yeah,
so
does
that
vm
under
the
hood
in
vsphere
like
have
an
ipv4
address
and
it's
just
not
being
exposed
to
kubernetes
at
all,
so
that
the
node
ip
as
far
as
it's
like?
Are
we
shielding
some
in
some
fundamental
information
about
the
vm
from
the
k8
api,
so
that
the
primary
ip
of
the
node
is
ipv6
or
is
some
other
thing
happening.
B
A
B
B
That's
impressive,
okay,
so
I
guess
similarly
to
what
we
looked
at
on
the
the
kind
cluster.
We
can
look
at
something
that's
running
on
another
pod,
that's
running
on
vsphere
or
on
our
vcr
cluster,
and
we
can
look
at
the
mod
ips.
So
we
see
once
again
that
the
only
pod
ips
it
has
is
an
ipv6,
and
this
is
also
falls
within
the
range
that
we
defined
in
our
in
our
ammo
here
and
when
we
created
these
clusters
originally.
But.
A
B
A
B
A
C
A
C
A
A
C
A
C
C
It
yeah
and
then
from
from
from
that
point
finally,
there's
a
node
ipam
controller
in
kubernetes,
it's
made
by
controller
manager.
I
think
control
might
have
some
mechanism
to
pass
the
data
to
load,
ipam,
controller,
okay
and
then
load
the
ipad
controller,
where
I
located
one
subnet
from
the
port
data
to
I
reload
in
the
cluster,
okay
and
finally,
that
I
think
it's
called
port
setter
that
will
be
a
parameter
of
the
load
resource
for
analog
resource.
You
can
see
that
that
field
and
then
for
both
entry
and
the
conical.
A
A
A
B
A
D
A
B
A
A
B
B
A
A
What's
the
point
of
doing
ipam
into
ipv6,
aren't
there
like
one
million
trillion
like
gazillion
ip
addresses
so
like
what,
when
you
do
ipm
for
ipv6?
What
are
you
ipaming?
I
get
it
with
ipv4.
You
need
to
be
really
careful
about
things,
but
with
ipv6
is
that
is
the
only
ipam
you're
doing
like
suffixing
the
new
ip
addresses,
so
they
all
have
the
same
prefix
or
something.
C
Yeah,
I
think,
finally,
no
matter
ipv6
or
ipv4
finally,
you're
using
you
need
to
a
way
to
allocate
the
ip
as
well
as
individual
ipswich
to
I
report
right,
so
it's
ipam
is
menu
to
allocate
ip,
but
by
default
I
I
think,
especially
in
the
case
of
tkg.
We
still
leverage
kubernetes
node
ipad
and
that
one
will
just
allocate
one
subnet
per
node
for
both
ipv4
and
ipv6.
C
A
C
C
A
A
C
A
C
In
that
case
thing
I
can
only
have
to
handle
those
traffic,
folding
and
routing
inside
the
cluster
between
nodes.
If
you
want
to
make
the
eyepiece
outable
outside
the
cluster,
you
need
some
support
by
the
underlying
network.
For
example,
it
can
be
any
vpc
network.
You
just
allocate
some
sublets
from
the
vpc
network
in
public
cloud.
Then
the
ip
can
be
reached
by
any
other
entities
inside
the
vpc
or
maybe
right.
Then
you
need
to.
A
Figure,
why
would
anybody
use
kubernetes
if
they
had
routable
ipv6
pods?
I
would
just
use
nomad
at
that
point.
Are
we
all
out
of
a
job
at
that
point
like,
I
think,
that's.
The
only
reason
anybody
ever
wanted
to
use
kubernetes
is
because
we
didn't
have
like
there
was
no
easy
way
to
run
a
bunch
of
processes
with
separate
ip
addresses
and
route
them
to
each
other
right.
Yeah.
C
I
think
that's
one
functionality
of
seeing
eye
to
to
is
overly
network,
so
you
don't
need
to
configure
anything.
You
know
physical
network,
only
network
cloud
network,
you
can
just
enable
traffic
inside
the
cluster
and
then
for
outside
traffic.
We
do
either
snap
or
for
ingress.
You
go
through
balancer
right,
that's
a
typical
pattern,
but
I
I
believe
for
some
use
cases,
especially
in
public
cloud,
that
people
do
use
multiple
ip
and
you
know
even
for
tkg,
we
do
multiple
ipo
with
anterior
and
nst.
D
C
C
A
C
A
B
B
A
C
B
B
B
A
A
A
B
A
D
A
B
B
Yeah,
I
guess
the
only
the
only
other
thing
I've
got
is
pretty
much
in
the
same
way
you
set
up
this
management
cluster
because
tanzania
works
on
this.
You
know
the
management
cluster
with
many
workload
clusters
you
would
actually
assign
out
to
development
teams.
It's
pretty
much
just
as
easy.
We
have
a
very
similar
looking
mvar
as
to
what
we
had
before.
B
We've
also
got
the
ipv6
family.
We've
got
the
same
cluster
and
service
cider
set
up
where
we're
specifying
you
don't
need
to
specify
tanzucli
is
smart
enough
to
go
and
assign
you
some
default
values,
but
you
know
we're
just
choosing
to
do
that
here
to
show
off
that
configuration
and
we
have
a.
We
have
a
different
endpoint
here,
so
it
won't
collide
with
the
management
clusters
endpoint
and
then
it's
kind
of
the
same
thing.
We
just
write
a
cluster
create
command
to
give
it
a
name
and
we're
off
and
running.
B
There'd
be
there
would
be
something
what
yeah
you
have
to
go
through
installing
kubevip,
thankfully
at
least
at
least
thankfully,
we've
automated
that
set
up
an
installation
of
cube
fit.
So
I
haven't
really
thought
about
it
in
a
while,
but
yeah
you
would
need
to
to
do
some
configuration.
I
know
that
we've
got
some
good
docs
on
that
I've
seen
before.
A
A
B
B
A
It
does
fail,
in
which
scenario
scott
yeah
that's
a
good
one.
I
don't
think
I
had
ever
had
a
question
that
was
clear
enough
to
have
an
answer
like
that.
Okay,
now
I'm
really
scott,
I
I
just
now
I'm
really
wondering
what
I
wonder:
I'm
wondering
what
you
did
to
make
it
fail.
It
fails
before
creation
via
ytt.
B
A
A
A
A
B
A
Alb
cluster
vip,
I
haven't
checked
if
it
worked
there
vip
of
ipv4
on
ip6
luster
cool
okay.
What
would
we
do
without
scott?
I
have,
I
don't
know
every
show
he
like
tells
like
we
do
some.
We
don't
know
something
and
he
tells
it.
I
have
seen
checks
in
ytt's
fight,
okay,
everybody's!
You
all
are
popular
everybody's
like
if
we
did
a
windows
episode,
nobody
would
know
anything.
A
B
Yeah
I
mean
all
of
the
stuff
is:
is:
is
in
the
open
source,
you
know
tantu
framework
community
edition,
andrea
vsphere
or
what
is
what
they
call
it.
The
cloud
provider
vsphere,
I
think,
is
the
repo
name
in
kubernetes.
So
a
lot
of
a
lot
of
this
ipv6
work
has
all
been
happening
in
in
the
open
okay,
so
people
wanted
to
look
back
at
our
commits
and
things
you
can
judge
us.
A
B
B
Which
this
might
not
make
it
in
time,
but
it
is
considerably
faster,
since
it
doesn't
need
to
do
the
cappy
behavior,
okay,
but
it's
you
know,
it'll,
do
the
same
things
you
saw
on
the
management
cluster.
Everything
will
be
configured
for
you
and
pretty
much
ready
to
go
ready
to
start
deploying
your
ipv6
services.
Okay,.
A
A
A
And
so
I'm
running
ovs
and
now
I
now
have
a
question
just
drawing
this
right,
because
andrea
is
installing
ovs
right
on
my
kernel
right
june
jen.
So
when
that
happens,
is
there
special
stuff
related
to
ipv6?
That
has
to
happen?
Does
andrea,
look
at
the
like
does
ovs
have
to
do
something
special
when
it
is
installed
on
something
that
is
like
what
does
ovs
have
to
do
when
it
attaches
to
this.
A
C
A
A
A
A
Either
one
so
you
support
ipv6
and
ipv4
routing
on
android
proxy.
That's
right,
okay,
cool,
but
these
are
using
regular
coupe
proxy
sure.
So
you've
got
the
coupe
proxy
on
these.
So
if
I
make
a
v6
service
on
this
on
here
and
then
I'm
trying
to
access
that
service-
let's
say
I'm
in
this
pod
and
I'm
trying
to
access
this
service.
A
B
B
C
A
B
A
A
B
A
A
C
A
A
A
Yeah,
it's
gonna
find
its
way
home:
okay,
yeah
all
right
everybody.
This
is
great,
so
huge
thanks
to
the
koconi
team
for,
for
you
know,
they
bring
a
lot
of
positive
energy
to
the
whole
tkg
program
and
they're,
a
lot
of
fun
to
work
with,
and
so
in
general
and
huge
thanks
to
aiden
for
getting
on
here
and
letting
us
harass
him
for
an
hour.
Yeah
well,.