XCP-ng DevBlog - IPv6 support

IPv6 support already exists for your virtual machines. But it wasn't possible to have your host (aka dom0) with an IPv6 address, despite years of community requests in XenServer (now Citrix Hypervisor).

That's why we decided to roll up our sleeves and make it real in XCP-ng. Discover now what it brings and the amount of work we had to do!

IPv6 context

Despite being an IETF draft since 1998, it was ratified as an Internet Standard only in 2017. It's the most recent version of the Internet Protocol (IP), and solves the issue of IPv4 address exhaustion and many other less than ideal IPv4 behaviors.
If you want to learn more about IPv6, take a look at the Wikipedia article, which is a good introduction!

The feature

IPv6 support allows you to have fully functioning XCP-ng pools in IPv6 only networks (so you aren't required to use an IPv4 address for your host).

Included:

  • Connecting to XO (or any xapi client) with the host IPv6 address
  • Live migration between 2 hosts on an IPv6 network
  • Import/export of VMs/VDIs with IPv6
  • and much more!

Benefits

There's many benefits with IPv6 usage. Obviously, the first one is not consuming an IPv4 address just for managing your host/dom0. As IPv4 becomes less and less available, it's logical to use them only when it matters (your VMs!).

Outside the pure "XCP-ng" use case, there's obviously nice improvements over IPv4:

  • Many public IPs available
  • More efficient routing
  • More efficient packet processing
  • Directed data flows
  • Simplified network configuration
  • IPSec compatibility

The development

Most of the work has been to debug where IPv6 would cause issues in a host.
Mainly, storing IPv6 strings in the XAPI DB and how URLs are created from an IPv6 address were the 2 most notable differences. Also every call to POSIX' gethostbynameand gethostbyaddress had to be replaced by calls to getaddrinfo because they did not support IPv6 (and are obsolete and not reentrant as well!).

This development has been a very fruitful collaboration between Vates and Citrix through many PR reviews on several repos.

It took us around 4 months in total to integrate and build a test ISO that's IPv6 compatible, give or take a few limitations.

More than the duration, in terms of pull requests:

  • Almost 10x PRs in xen-api repo
  • 2x PRs in xcp-networkd
  • 1x PR in vhd-tool
  • 1x PR in xcp-idl
  • 1x PR in xen-api-client

That's close to 15x PRs in total (6 not merged yet). As you can see, most of the changes had to be done in XAPI directly, but a lot of fixes had to be made in various other repositories. In the end, achieving this in only 4 months is a pretty good thing!

How to test it

In order to test it easily from the installation, we built a specific ISO with all IPv6 patches integrated, including a modified installation menu to choose IPv6 only or dual stack.

ISO

The IPv6 ISO can be downloaded here.
Here's the SHA256 sum: 177eade2efa8b6c989847c970e5cab3e6eb24de5a2eef153a0fc422071f9234b.

This a test ISO for the IPv6 feature!
Do NOT use this in production or with sensitive data!

Any security update will override the modifieds RPMs for IPv6, meaning one can't update their IPv6 test hosts as long as one wants access to the feature.

Reporting issues

As said above, this is a test ISO so any feedback would be very welcomed.
A dedicated forum thread has been opened for the users to report all that works and all that doesn't.

This thread will also be the place to find updates about these ISOs and IPv6 fixes and added features.

Known limitations

This is still a work in progress, here are some rough edges we are working on:

  • IPv6 only shared storage (NFS/iSCSI) isn't available yet (we need to modify a bit the storage API (SMAPIv1) to allow connecting an iSCSI target or an NFS share in IPv6 only. However, local SR will work, and all SRs in dual stack (v4/v6).
  • IPv6 configuration can only be done statically for an XCP-ng host.
  • When in dual stack (using both IPv4 and IPv6 on the management interface), the primary address type is IPv4. It means everything XAPI related will use the IPv4 of the host.
  • When in dual stack, the IPv4 address must be statically configured as well otherwise the static IPv6 DNS will be overriden by the IPv4 DHCP provided one.

What's next

Development is still currently ongoing.
We are working to add support for:

  • DHCPv6
  • Shared storage in IPv6 (NFS, iSCSI, etc)
  • Better handling of DNS when in dual stack

However, the current state might be enough for a first use. Please test and report!

Acknowledgements

We'd like to give a big thanks to the XAPI dev team: despite the high number of pull requests we had to create, they were quick to review and merge them. Real teamwork!