Three ways to enable IPv6 on Tencent cloud

Deployed from traditional binary Nginx, To cloud native deployment K8S、Istio, Introduce the website startup respectively IPv6 In three ways .

1.Nginx How to open IPv6

precondition

• Server turned on IPv6

1.1 Start listening IPv6 Address of the Nginx

Default Nginx Configuration file for （/etc/nginx/nginx.conf） Already open IPv6 visit , start-up Nginx.

    server {
        listen       80;
        listen       [::]:80;  ##  monitor  IPv6  Of  80  port 
        ...
    }    

You can see Ngnix Simultaneous monitoring IPv4 and IPv6 Address .

# netstat -ntlp | grep nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      138362/nginx: maste
tcp6       0      0 :::80                   :::*                    LISTEN      138362/nginx: maste

1.2 Server authentication IPv6 visit

On the server through curl The command can verify IPv6 On visit

# curl -g http://[2402:4e00:1013:e500:0:940e:29d7:3443] -I
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sat, 04 Dec 2021 13:58:37 GMT
Content-Type: text/html
Content-Length: 4833
Last-Modified: Fri, 16 May 2014 15:12:48 GMT
Connection: keep-alive
ETag: "53762af0-12e1"
Accept-Ranges: bytes

1.3 Security pairing IPv6 The source address authorizes access

The next in Security group Chinese vs Monitor in IPv6 The address on the 80 Port authorization access .

1.4 Local computer verification IPv6 visit

If The local network is turned on IPv6 visit , Next reference Browser access IPv6 Address , It can be verified by browser on the local computer IPv6 visit .

1.5 Domain name add IPv6 Address resolution

Add... To the domain name IPv6 Parsing records （AAAA）, After adding, you can use IPv6 Online domain name resolution tool Parse and verify it .

The same host name can be resolved at the same time IPv4（A Record ） and IPv6（AAAA Record ), Local browsers are generally IPv6 Priority access to .

1.6 IPv6 Website open verification

adopt Website IPv6 Open the validation tool To verify IPv6 Open successfully or not .

2. K8S How to open IPv6

stay K8S Chinese vs Web For service , Usually by Ingress Provide traffic access to users , therefore K8S In the open IPv6, Namely Ingress Support IPv6.

Here to Take Tencent cloud container service as an example , How to turn on IPv6.

With reference to article Tencent cloud cvm Turn on IPv6 , Submit IPv6 Internal test application .

2.1 establish IPv6 NAT64 Version of Ingress

establish IPv6 NAT64 Version of Ingress.

IPv6 NAT64： Users and IPv6 NAT64 Of LB Between IPv6 visit ,IPv6 NAT64 Of LB With the back end Service、Pod Communication is IPv4. advantage ： Business processes do not need to transform the network , Can support IPv6 Network access . shortcoming ： Unable to get the client real IPv6 Address .

Next, refer to the above , For the Ingress Behind the load balancer add to the source IPv6 Security group policy for address access .

2.2 verification IPv6 Whether the website is open or not

The verification method is the same as above , No more details here .

3. Istio How to start the service grid IPv6

Service Grid istio, Than K8S Native Ingress It is more convenient to manage traffic , If you use a service grid , You don't need to be right K8S Of ingress Turn on IPv6 visit , Open directly in the service grid IPv6 visit .

3.1 establish IPv6 Edge proxy gateway

When creating an edge proxy gateway , Select Create in advance IPv6 LB.

3.2 establish IPv6 Gateway

establish IPv6 Gateway when , Association just created IPv6 Edge proxy gateway .

If open HTTPS visit , Then add the certificate .

3.3 establish IPv6 Virtual Service

establish IPv6 Virtual Service, Mount the... Created above IPv6 Gateway.

3.4 verification IPv6 Whether the website is open or not

The verification method is the same as above , No more details here .

IPv6 The trend of The Times , The stationmaster hurry to act .

Reference article

• Website open IPv6 In three ways