In general, we will use IPv4 CIDR range for networking
mostly and VCNs will be configured with IPv4. VMs will be created with IPv4 IP
Address.
OCI VCN also supports IPv6 CIDR ranges. In this blog we will
explore how to enable IPv6 to VCN and VM instances and then how to connect two
instances through IPv6.
IPv6 is 128bit address, whereas IPv4 is 32bit address.
IPv6 will have 32 hex digits and each hex digit is 4 bits,
hence IPv6 is 128bit address.
Example:
2603:c020:4012:3a01:0:792b:d3de:1f01
The above address is a IPv6 address and it has 32 hex digits
and created as 8 groups (separated by colons) with each group having 4 hex
digits (consider the fifth group as 0000).
32 hex digits = 128bits (32*4)
Let’s interpret this address.
|
Block |
Meaning |
|
2603 |
Region
allocation block |
|
c020 |
Identifies
OCI cloud network |
|
4012 |
VCN
identifier |
|
3a01 |
Subnet
Identifier |
|
0 |
Reserved |
|
792b:d3de:1f01 |
Host portion |
Let’s consider another example: 2603:c020:4012:3a01:0:14cf:1bd1:6801
|
Block |
Meaning |
|
2603 |
Region
allocation block |
|
c020 |
Identifies
OCI cloud network |
|
4012 |
VCN
identifier |
|
3a01 |
Subnet
Identifier |
|
0 |
Reserved |
|
14cf:1bd1:6801 |
Host portion |
We could see the first 5 blocks are similar for example 1 &
2. It means the resource exists in the same vcn, subnet.
IPv6 can be enabled to VCN at the time of creation or after
creation. While creating new VCN we could see option to enable IPv6 prefixes.
Enable IPv6 by clicking “Assign an Oracle allocated IPv6 /56
prefix”. It also has option for BYOL.
To enable IPv6 in
existing VCN which was created with IPv4, go to VCN details page.
Click on IP Administration page, we can find Add CIDR Block/IPv6
Prefix button. Click on that.
Click on Assign an Oracle allocated IPv6/56 prefix. It will
enable IPv6 prefixes to existing vcn.
Let’s create two VMs on this VCN and try to make connection
between them through IPv6. The VM creation steps for as usual, the only additional
step required is to enable IPv6 in the network section.
Consider two VMs(vm1, vm2) are created with IPv6 Prefix in the same public
subnet.
VM1 Network settings
VM2 Network settings
Let’s connect with vm1 via ssh protocol and try to ping vm2.
ICMP protocol is allowed in the security list ingress traffic.
Though ICMP protocol is allowed in the Ingress traffic, the ping
command is not working.
For IPv6, the usual ICMP protocol is not enough. We need to explicitly
add security rule for IPv6-ICMP.
Here the Source CIDR is Subnet’s IPv6 Prefix.
Now lets try to ping between VMs.
No comments:
Post a Comment