server: support isolated networks with NATTED ipv4 and dynamic routed IPv6#12811
server: support isolated networks with NATTED ipv4 and dynamic routed IPv6#12811weizhouapache wants to merge 4 commits into
Conversation
|
@blueorangutan package |
There was a problem hiding this comment.
Pull request overview
Enables BGP peer configuration/visibility for isolated networks (and VPCs) when dynamic routing is used with IPv6 (including DualStack offerings), addressing #11584.
Changes:
- UI: show BGP Peers tab/actions when IPv4 or IPv6 routing is dynamic.
- Server: treat DualStack + Dynamic routing as eligible for dynamic routed checks, and apply BGP peers via the correct service provider (Gateway vs SourceNat).
- API/tests: enrich routing/BGP peer data in network/VPC responses and update unit tests for the new offering-mode logic.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| ui/src/views/network/VpcTab.vue | Shows BGP peers tab when either IPv4 or IPv6 dynamic routing is enabled. |
| ui/src/views/infra/zone/BgpPeersTab.vue | Extends routing gating logic to consider IPv6 routing state. |
| ui/src/config/section/network.js | Shows BGP peers section for Admin when IPv4 or IPv6 routing is dynamic. |
| server/src/test/java/com/cloud/network/router/CommandSetupHelperTest.java | Updates mocks to include network mode for command creation paths. |
| server/src/test/java/com/cloud/bgp/BGPServiceImplTest.java | Updates mocks to include offering network mode and correct provider selection. |
| server/src/main/java/org/apache/cloudstack/network/RoutedIpv4ManagerImpl.java | Treats DualStack offerings with Dynamic routing as “dynamic routed”. |
| server/src/main/java/com/cloud/network/router/CommandSetupHelper.java | Filters BGP peer command payload per offering mode; supports IPv6-only peer config for non-routed offerings; skips empty command. |
| server/src/main/java/com/cloud/bgp/BGPServiceImpl.java | Chooses provider service (Gateway vs SourceNat) based on offering network mode for applying peers. |
| server/src/main/java/com/cloud/api/ApiResponseHelper.java | Adjusts routing fields and moves BGP peer population to full-view blocks for network/VPC responses. |
| api/src/main/java/org/apache/cloudstack/api/response/VpcResponse.java | Adds ipv6Routing field to VPC API response. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## 4.22 #12811 +/- ##
=========================================
Coverage 17.68% 17.68%
- Complexity 15792 15793 +1
=========================================
Files 5922 5922
Lines 533087 533119 +32
Branches 65206 65217 +11
=========================================
+ Hits 94269 94280 +11
- Misses 428176 428194 +18
- Partials 10642 10645 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
This PR addresses #11584 by extending dynamic routing (BGP) support so isolated (NATted) networks/VPCs with dynamic IPv6 (dual-stack) can expose/apply BGP peers similarly to routed IPv4 scenarios.
Changes:
- Update routed/dynamic detection to treat dual-stack offerings with
RoutingMode=Dynamicas dynamically routed (even whenNetworkMode != ROUTED). - Adjust BGP peer application logic (provider selection and command construction) to handle IPv6-only advertisements for non-ROUTED offerings.
- Expose/consume IPv6 routing mode and show BGP peers UI where IPv6 dynamic routing is enabled.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| ui/src/views/network/VpcTab.vue | Show BGP peers tab when IPv4 or IPv6 routing is dynamic. |
| ui/src/views/infra/zone/BgpPeersTab.vue | Treat IPv6 routing as enabling “resource-level” BGP peers view/actions. |
| ui/src/config/section/network.js | Show BGP peers tab for guest networks when IPv4 or IPv6 routing is dynamic. |
| server/src/test/java/com/cloud/network/router/CommandSetupHelperTest.java | Update mocks to include offering network mode required by new branching logic. |
| server/src/test/java/com/cloud/bgp/BGPServiceImplTest.java | Add offering mocks and adjust expected provider selection for apply logic. |
| server/src/main/java/org/apache/cloudstack/network/RoutedIpv4ManagerImpl.java | Extend “dynamic routed” predicate to include dual-stack offerings. |
| server/src/main/java/com/cloud/network/router/CommandSetupHelper.java | Build BGP peer TOs with IPv6-only data for non-ROUTED offerings; skip command in some cases. |
| server/src/main/java/com/cloud/bgp/BGPServiceImpl.java | Select BGP service provider based on offering network mode (Gateway vs SourceNat). |
| server/src/main/java/com/cloud/api/ApiResponseHelper.java | Add IPv6 routing mode for networks/VPCs and adjust when BGP peers/routes are included in responses. |
| api/src/main/java/org/apache/cloudstack/api/response/VpcResponse.java | Add ip6routing field to VPC response. |
| api/src/main/java/org/apache/cloudstack/api/response/NetworkResponse.java | Wording tweak in API param descriptions (“type” → “mode”). |
| api/src/main/java/com/cloud/network/Network.java | Error message wording tweak (“type” → “mode”). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
632b038 to
a7f0b65
Compare
| }) | ||
| }, | ||
| isIpRoutingEnabled () { | ||
| return !!(this.resource && (this.resource.ip4routing || this.resource.ip6routing)) |
| NetworkOffering networkOffering = networkOfferingDao.findById(network.getNetworkOfferingId()); | ||
| final String bgpServiceProvider = NetworkOffering.NetworkMode.ROUTED.equals(networkOffering.getNetworkMode()) ? | ||
| ntwkSrvcDao.getProviderForServiceInNetwork(network.getId(), Network.Service.Gateway): | ||
| ntwkSrvcDao.getProviderForServiceInNetwork(network.getId(), Network.Service.SourceNat); |
| final String gatewayProviderStr = vpcServiceMapDao.getProviderForServiceInVpc(vpc.getId(), Network.Service.Gateway); | ||
| if (gatewayProviderStr != null) { | ||
| NetworkElement provider = networkModel.getElementImplementingProvider(gatewayProviderStr); | ||
| VpcOffering vpcOffering = vpcOfferingDao.findById(vpc.getVpcOfferingId()); |
| Map<Long, NetworkOfferingVO> guestNetworkOfferings = new HashMap<>(); | ||
| for (Network guestNetwork : guestNetworks) { | ||
| final NetworkOfferingVO offering = _networkOfferingDao.findByIdIncludingRemoved(guestNetwork.getNetworkOfferingId()); | ||
| guestNetworkOfferings.put(guestNetwork.getId(), offering); | ||
| } | ||
| for (BgpPeer bgpPeer: bgpPeers) { | ||
| Map<BgpPeer.Detail, String> bgpPeerDetails = bgpPeerDetailsDao.getBgpPeerDetails(bgpPeer.getId()); | ||
| for (Network guestNetwork : guestNetworks) { | ||
| bgpPeerTOs.add(new BgpPeerTO(bgpPeer.getId(), bgpPeer.getIp4Address(), bgpPeer.getIp6Address(), bgpPeer.getAsNumber(), bgpPeer.getPassword(), | ||
| guestNetwork.getId(), asNumberVO.getAsNumber(), guestNetwork.getCidr(), guestNetwork.getIp6Cidr(), bgpPeerDetails)); | ||
| final NetworkOfferingVO offering = guestNetworkOfferings.get(guestNetwork.getId()); | ||
| if (NetworkOffering.NetworkMode.ROUTED.equals(offering.getNetworkMode())) { | ||
| bgpPeerTOs.add(new BgpPeerTO(bgpPeer.getId(), bgpPeer.getIp4Address(), bgpPeer.getIp6Address(), bgpPeer.getAsNumber(), bgpPeer.getPassword(), | ||
| guestNetwork.getId(), asNumberVO.getAsNumber(), guestNetwork.getCidr(), guestNetwork.getIp6Cidr(), bgpPeerDetails)); |
|
@blueorangutan package |
|
@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✖️ debian ✔️ suse15. SL-JID 18294 |
kiranchavala
left a comment
There was a problem hiding this comment.
Tested manually by following these steps
- Add IPv6 ip range
Navigate to zone > physical network > public
fc00:2024:9:7::1
fc00:2024:9:7::/64
vlan://566
- Add a ipv6 prefix
Navigate to zone > physical network > guest
- Make sure Zone > Ipv4 Subnet is present
- Make sure zone > As number is present
- Make sure zone > BGP peer is present
- Create a Network offering. Make sure to select
Internet Protocol: Dual stack
Network mode: Natted
Routing Mode : Dynamic
-
Create a Guest network with the above network offering
-
Make sure BGP peer is attached to the network
- Respective Ipv6 firewall rules are opened
-
Deploy a vm using the network in step 7
-
Vm gets both ipv4 address and ipv6 address
-
Login to the virtual router and also upstream bgp router
-
Execute the commands
r-9-VM# show bgp summary
IPv4 Unicast Summary (VRF default):
BGP router identifier 10.200.0.20, local AS number 5049 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 724 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
fc00:2024:9:7::1 4 64999 69 69 0 0 0 01:02:05 NoNeg NoNeg N/A
Total number of neighbors 1
IPv6 Unicast Summary (VRF default):
BGP router identifier 10.200.0.20, local AS number 5049 vrf-id 0
BGP table version 4
RIB entries 7, using 1344 bytes of memory
Peers 1, using 724 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt Desc
fc00:2024:9:7::1 4 64999 69 69 0 0 0 01:02:05 3 4 N/A
Total number of neighbors 1
r-9-VM# show bgp neighbors
BGP neighbor is fc00:2024:9:7::1, remote AS 64999, local AS 5049, external link
Local Role: undefined
Remote Role: undefined
Hostname: bgp-router
BGP version 4, remote router ID 10.200.0.1, local router ID 10.200.0.20
BGP state = Established, up for 01:02:12
Last read 00:00:12, Last write 00:00:12
Hold time is 180 seconds, keepalive interval is 60 seconds
Configured hold time is 180 seconds, keepalive interval is 60 seconds
Configured conditional advertisements interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
Extended Message: advertised and received
AddPath:
IPv4 Unicast: RX advertised
IPv6 Unicast: RX advertised and received
Long-lived Graceful Restart: advertised and received
Address families by peer:
Route refresh: advertised and received(old & new)
Enhanced Route Refresh: advertised and received
Address Family IPv4 Unicast: advertised
Address Family IPv6 Unicast: advertised and received
Hostname Capability: advertised (name: r-9-VM,domain name: n/a) received (name: bgp-router,domain name: n/a)
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
none
Graceful restart information:
End-of-RIB send: IPv6 Unicast
End-of-RIB received: IPv6 Unicast
Local GR Mode: Helper*
Remote GR Mode: Helper
R bit: False
N bit: False
Timers:
Configured Restart Time(sec): 120
Received Restart Time(sec): 120
IPv4 Unicast:
F bit: False
End-of-RIB sent: No
End-of-RIB sent after update: No
End-of-RIB received: No
Timers:
Configured Stale Path Time(sec): 360
IPv6 Unicast:
F bit: False
End-of-RIB sent: Yes
End-of-RIB sent after update: No
End-of-RIB received: Yes
Timers:
Configured Stale Path Time(sec): 360
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 5 5
Keepalives: 63 63
Route Refresh: 0 0
Capability: 0 0
Total: 69 69
Minimum time between advertisement runs is 0 seconds
For address family: IPv4 Unicast
Not part of any update group
Community attribute sent to this neighbor(all)
0 accepted prefixes
For address family: IPv6 Unicast
Update group 1, subgroup 1
Packet Queue length 0
Community attribute sent to this neighbor(all)
3 accepted prefixes
Connections established 1; dropped 0
Last reset 01:02:13, Waiting for peer OPEN
External BGP neighbor may be up to 1 hops away.
Local host: fc00:2024:9:7:1c01:afff:fe00:48, Local port: 52810
Foreign host: fc00:2024:9:7::1, Foreign port: 179
Nexthop: 10.200.0.20
Nexthop global: fc00:2024:9:7:1c01:afff:fe00:48
Nexthop local: fe80::1c01:afff:fe00:48
BGP connection: shared network
BGP Connect Retry Timer in Seconds: 120
Peer Authentication Enabled
Read thread: on Write thread: on FD used: 24
- Login to the Upstream router
Check the connectivity to the ipv6 address
root@bgp-router:~# ping fc00:2024:9:8:1:ff:fecf:1
PING fc00:2024:9:8:1:ff:fecf:1 (fc00:2024:9:8:1:ff:fecf:1) 56 data bytes
64 bytes from fc00:2024:9:8:1:ff:fecf:1: icmp_seq=1 ttl=63 time=1.31 ms
64 bytes from fc00:2024:9:8:1:ff:fecf:1: icmp_seq=2 ttl=63 time=1.41 ms
kiranchavala
left a comment
There was a problem hiding this comment.
@weizhouapache as discussed facing issue vpc isolated dual stack natted networks
Description
This PR fixes #11584
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?