-
-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add IPAM IPv6 support #718
feat: Add IPAM IPv6 support #718
Conversation
This PR has been automatically marked as stale because it has been open 30 days |
This PR was automatically closed because of stale in 10 days |
@bryantbiggs What would be needed to get this PR reopened / discussed properly? |
7c307a7
to
2295081
Compare
examples/ipam-vpc/main.tf
Outdated
|
||
use_ipam_pool = true | ||
ipv6_ipam_pool_id = aws_vpc_ipam_pool.ipv6.id | ||
ipv6_netmask_length = 56 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@drewmullen do you know whats up with this - if I set a netmask length of 56 I get
│ Error: error creating EC2 VPC: InvalidParameterValue: The allocation size is too big for the pool.
│ status code: 400, request id: be5c7702-a7f7-40ef-a6a8-25a2523a7fb6
│
│ with module.vpc_ipv6_ipam_set_netmask.aws_vpc.this[0],
│ on ../../main.tf line 20, in resource "aws_vpc" "this":
│ 20: resource "aws_vpc" "this" {
And if I set anything other than a netmask length of 56 I get
│ Error: expected ipv6_netmask_length to be one of [56], got 60
│
│ with module.vpc_ipv6_ipam_set_netmask.aws_vpc.this[0],
│ on ../../main.tf line 30, in resource "aws_vpc" "this":
│ 30: ipv6_netmask_length = var.ipv6_netmask_length
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You have to provision an IPv6 into the pool using aws_vpc_ipam_pool_cidr
for it to have a prefix to allocate. ipam ipv6 is similar to how byoip worked prior to the service. Heres some test examples in the terraform acceptance tests.
As you can see, those tests dont normally run during TF builds unless the account has a IP it is authorized to assume control of. You only run the tests if you have set variables: IPAM_BYOIP_IPV6_MESSAGE
, IPAM_BYOIP_IPV6_SIGNATURE
, IPAM_BYOIP_IPV6_PROVISIONED_CIDR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm dumb, I thought I read aws_vpc_ipam_pool_cidr
was only valid for IPv4
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For now I have just commented out the IPv6 bits since they aren't valid in the example unless you have those 3 pieces of information. For some reason, I thought I had read that IPAM would vend you a /56 CIDR from the global pool when requested (similar to how VPC works with assigning an IPv6 CIDR when enabled).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks again @drewmullen - @antonbabenko your thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
## [3.16.0](v3.15.0...v3.16.0) (2022-09-26) ### Features * Add IPAM IPv6 support ([#718](#718)) ([4fe7745](4fe7745))
This PR is included in version 3.16.0 🎉 |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
closes: #717
requires: #716 to be merged prior to merge
Description
add ability to specify ipam parameters for allocating public ipv6 cidrs to VPCs. i chose not to include logic to
aws_vpc_ipv6_cidr_block_association
because currently you can only have 1 ipv6 cidr and that is solved by the new parameters included onaws_vpc
.Motivation and Context
AWS IPAM was released at re:invent 2021
How Has This Been Tested?
examples/*
projects