0

We are currently evaluating a K8S (version 1.17 using CRI-0 version 1.17 & Calico CNI) installation using Istio 1.5.0. All nodes have a valid and reachable IPv4 and IPv6 (ubuntu server 18.04 - on premise deployment) configured.

Using a test deployment shows functional IPv4 routing:

user http request :80 -> ingress gateway -> gateway -> virtual service -> service -> pod

(using curl -vvv -I -4 xxx.xxx.xx)

IPv6 fails (connects but without any response). Is dual stack support inside the k8s cluster mandatory to enable incoming IPv6 request? If so why? Or is there any hidden istio configuration to enable listening for IPv6 ingress?

chrstnwhlrt
  • 325
  • 6
  • 15

1 Answers1

0

Take into consideration ipv6 is in alpha and might not work.

Based on this this github issue

Istio doesn't officially support IPv6, since we have no tests for it.

Things I found you could check

Check if dual stack in Calico is enabled.

Check if IPv6 works without IPv4, few months ago istio didn't support dual stack.

I couldn't find informations if it works now or not.

There is a whole github issue about ipv6 for istio.

Hope this help somehow but as I said, it's in alpha for now and I coulnd't find any specific informations how to make it work.

There is github issue called "Need tests that exercise IPv6", without any results for now.

Jakub
  • 375
  • 1
  • 9
  • Does K8S have to use IPv6 (/Dual Stack) *internally* to respond to IPv6 ingress requests? As everything get proxied by istio / envoy, I would like to keep the cluster with IPv4 only but respond to IPv4 and IPv6 ingress (as any simple NGINX proxy could). – chrstnwhlrt Mar 09 '20 at 15:48
  • Based on my knowledge I would say yes, k8s have to use it to respond to the ingress requests. About second question, the real question is if istio actually can do it now? If it's not supporting dual stack yet then you could have a problem with responds to both of them. – Jakub Mar 09 '20 at 16:05
  • As kubernetes as well as istio has quite the reach and seems to be accepted within the industry I suppose the support for IPv6 Ingress (not within the cluster) should be implemented. Otherwise there would be no IPv6 support for most major services online. – chrstnwhlrt Mar 09 '20 at 16:10