IPv6 Management Plane Support

Overview

NSX Advanced Load Balancer supports IPv6 and IPv4 network infrastructure for data plane while the management plane was still dependent on IPv4 network infrastructure. With increased adoption of IPv6 in traditional networks and modern infrastructure, enterprises are moving to hybrid (IPv4 + IPv6) layer3 networks.

With version 22.1.3, NSX Advanced Load Balancer supports IPv6 configuration for its Controllers and connectivity between Controllers to Service Engines. This support enables the IPv6 communication between control plane and data plane as an option.

Prior to version 22.1.3, NSX Advanced Load Balancer supported configuring secondary interfaces and static routes on the Controller at the cluster level, and moving HSM connections to the secondary interface using a configurable label.

Starting with version 22.1.3, a SE_SECURE_CHANNEL label can be attached to the secondary interface of Avi Controllers for SEs to connect to the Controllers. This secondary interface can be IPv6 and the SE can connect to the interface using its IPv6 management address. The following features are supported on the Controller and Service Engine side of NSX Advanced Load Balancer version 22.1.3:

  • Service Engine to Controller communication over IPv6

  • Service Engine to Service Engine communication over IPv6 for internal applications

  • Service Engine to log-streaming servers over IPv6

  • DNS resolution on Service Engine over IPv6

Note: This feature is currently under Tech Preview.

Considerations

  • This feature is only supported in VMware ecosystems with No-access and Write-access vCenter Cloud type

  • Only Static IP mode is supported for the IPv6 interface on the Controller

  • You can configure either IPv4 or IPv6 address for the secondary interface on the controller. Caveats.

  • The Access Controls are applied only to the primary interface. It is recommended to continue to use external firewall settings to restrict access, for instance, inbound SSH to the additional interface.

Enabling the System to Utilize IPv6 for Management Plane

To enable the system to utilize IPv6 for management plane, follow the steps below:

Caveats

  • You can configure either IPv4 or IPv6 address for the secondary interface on the controller. Dual stack mode is currently not supported in NSX Advanced Load Balancer for Controller’s management IP configuration.

  • IPv6 Management plane support is not available in FIPS mode with 22.1.3 release.