Skip to content

Support IPv6 VPC-private addresses for network interfaces #9269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 23, 2025
Merged

Support IPv6 VPC-private addresses for network interfaces #9269

merged 2 commits into from
Oct 23, 2025

Conversation

@bnaecker
Copy link
Collaborator

  • Make more explicit how we assign IP addresses for NICs, by adding a full configuration type. That includes details of whether an address is auto assigned or explicitly requested, and the corresponding transit IPs. Also adds the notion of single-stack IPv4 or IPv6 NICs, or explicitly dual-stack.
  • Restructure some of the internals of the network interface InsertQuery to more clearly generate SQL based on the assignment preferences
  • Add NextIpv6Address type (needs tests)
  • Rework callers of IncompleteNetworkInterface to use new assignment-request enum

@bnaecker bnaecker marked this pull request as draft October 22, 2025 03:01
@bnaecker bnaecker force-pushed the vpc-private-ipv6-address-queries branch 2 times, most recently from 4222a41 to 189254f Compare October 22, 2025 17:16
@bnaecker
Support IPv6 VPC-private addresses for network interfaces
d1f5170 
- Make more explicit how we assign IP addresses for NICs, by adding a
  full configuration type. That includes details of whether an address
  is auto assigned or explicitly requested, and the corresponding
  transit IPs. Also adds the notion of single-stack IPv4 or IPv6 NICs,
  or explicitly dual-stack.
- Restructure some of the internals of the network interface
  `InsertQuery` to more clearly generate SQL based on the assignment
  preferences
- Add `NextIpv6Address` type and use it internally to create VPC-private
  IPv6 addresses for interfaces. Add a few basic tests for the new
  behavior.
- Rework callers of `IncompleteNetworkInterface` to use new IP
  configuration enum.
- Closes #9243
- Closes #9244
@bnaecker bnaecker force-pushed the vpc-private-ipv6-address-queries branch from 189254f to d1f5170 Compare October 22, 2025 17:17
@bnaecker bnaecker changed the title WIP: Support IPv6 VPC-private addresses for network interfaces Support IPv6 VPC-private addresses for network interfaces Oct 22, 2025
@bnaecker bnaecker marked this pull request as ready for review October 22, 2025 17:17
rcgoodfellow
rcgoodfellow reviewed Oct 23, 2025
View reviewed changes
Copy link
Contributor

@rcgoodfellow rcgoodfellow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @bnaecker. Comments follow

nexus/db-queries/src/db/datastore/probe.rs
),
},
None, //Request IP address assignment
IpConfig::auto_ipv4(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not for this PR but a general thought on this. I think what we'll want as a default is an IpConfig::auto_dual_stack()? Same for instances.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that sounds reasonable to me. There's no real reason to prevent VPC-private IPv6 addressing, since the address space is so huge.

nexus/db-queries/src/db/queries/network_interface.rs
InsertError::IpAddressNotAvailable(ip)
let Some(ipv4) = interface.ip_config.ipv4_addr() else {
let err = Error::internal_error(&format!(
"Violated constraint that ensures unique \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this mean auto assignment failed?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite, or at least that's not what I was going for. This means someone tried to insert an explicit IPv4 address, we filtered it out because it's already been used, and so we tried to insert NULL for both the IPv4 and IPv6 addresses.

So it's really "you requested a specific address, but it was already used".

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To put a finer point on it, this could be an assert. We made a programming error somewhere.

@bnaecker
Review feedback
9178a43 
- IP-version specific first / last address functions
- Fixup some names and typos
- Allow transit IPs on an instance NIC
- Add default dual-stack constructor
@bnaecker bnaecker requested a review from rcgoodfellow October 23, 2025 02:51
rcgoodfellow
rcgoodfellow approved these changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@rcgoodfellow rcgoodfellow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@bnaecker bnaecker enabled auto-merge (squash) October 23, 2025 03:29
@bnaecker bnaecker merged commit 926bdd2 into main Oct 23, 2025
16 checks passed
@bnaecker bnaecker deleted the vpc-private-ipv6-address-queries branch October 23, 2025 04:55
This was referenced Oct 23, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rcgoodfellow rcgoodfellow rcgoodfellow approved these changes

@smklein smklein Awaiting requested review from smklein

@internet-diglett internet-diglett Awaiting requested review from internet-diglett

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bnaecker @rcgoodfellow