Anyone self-hosters using IPv6 internally with k8s/k3s?
Just wondering how many of us use ipv6 for our local hosts, as with my router upgrade, my ISP only allows me to have 253 IP ipv4 addresses (and I don't want to have to buy a new router/gateway, a 10gbe router/gateway is expensive).
Anyway, do you guys use statically assigned ULA addresses? Statically assigned global addresses? DHCPv6? SLAAC? What do you guys do for DNS resolution, avahi/mdns everywhere (given that ipv6 addresses seem to change all the time).
I've currently mostly gotten ipv6 working (dual stack) on machines I touch, my my k3s cluster is out of commission until I can figure out a way to not have them consume any precious ipv4 addresses.
I might sound naive, but are you talking about a homelab that is running more than 253 separetly networked machines, virtual or otherwise? I personally am only running a dozen or so with all my Pis and VMs as everything else is just port forwarded containers on those hosts. My understanding was that ipv6 was for better public facing IPs, since on LAN ipv4 offers a few thousand IPs for private use.
A lot of the IPs are virtual, e.g. services on metallb, and my home is littered with wi-fi smart-home devices, each requiring their own ipv4.
Before all this I had my own router which allowed me to change the subnet, but after "upgrading" my router, it hard-codes the subnet it dishes out to be a /24. So on my LAN, with my current router, I can only feasibly support a /24 subnet on ipv4.
The real kicker is if I could disable the DHCP server, I could run my own, but my ISP's router software does not have that setting.
Residential ISP routers are almost universally trash because most people just want to receive media streams on at most a few devices at a time.
You might be able to set static routes in the ISP router so you can run your own router with its own subnet and have all your addresses routable within your home network anyway. If you have your network on 10.0.0.0/8 and your router is 192.168.0.2 on your ISP's network in your house, then you tell the ISP's router that 10.0.0.0/8 is reachable via 192.168.0.2 and cross your fingers that it can route IP correctly. Unless the ISP's router advertises that static route via DHCP, other devices on the ISP's network in your house will likely need to be told about your network's routing in order to be able to communicate with devices on your network. MDNS name resolution is unlikely to work across the two networks. Some other features, such as automatic port forwarding, may not work, but may be possible if you tell the ISP router to forward all ports to your router by default.
In my network I run DNS so everything is resolvable by name. Most of the time the names are filled in my autoconfiguration. Some K8S services are connected to the rest of the house by Multus so they have their own IP addresses.
Na IPv6 goes back to what ipv4 was when there isn't a public and private range. Private ranges were due to ip exhaustion. NAT is then used.
With ipv6 you subnet your Lan with ipv6 delegate range from your ISP. Basically it's like subnetting your lan with a public ipv4 range. No nat required. As a firewall is used to stop packets not NAT.
Also ipv4 RFC1918 doesn't provide a few thousand for private, it provides 17 million.
You really want to avoid NAT64 if possible. This thing is a nightmare to get working, and open source options to do it are not plentyful.
I remember that a few years back (2018 maybe ?), the FOSDEM team built an IPv6 only network for the attendees, and the NAT64 part was handled by proprietary devices because they couldn't get it to work with FOSS software.
Does your ISP provides IPv6 ? If so, you might want to use that as it'll be easier to setup than running your own dhcpv6 server or router.
Also, you gotta keep in mind that the world is not ready for full IPv6 yet, so you need to consider wether or not your cluster require ipv4 access or not.
If it does, your best bet is to go with a dual stack, but it doesn't solve your /24 limitation problem. The other solution is NAT64, but this techno is not quite ready in terms of FOSS solutions IMO, and it requires a separate router to do the NAT part for your, which you want to avoid apparently. So yeah, not many options here ^^