Is there any way to assign entire IPv6 ranges to a VM?
I’ve created an IP6_STATIC range with an entire /48 in there, but cannot find any way to assign subnets of this (e.g. a /64) to any VM. When creating a new network interface, I only appear to be able to add individual IPv6 addresses in the network overrides section:
It looks like OpenNebula seems to base a lot of IPv6 things around MAC addresses, which I fully understand. However, our use case for these large ranges just has the one MAC address/interface which serves lots of statically configured IPv6 addresses.
Apologies for not being able to help you earlier with this, but is not so simple (as you might guess).
From what I can comment from the Documentation, OpenNebula doesn’t offer a built-in feature to allocate entire IPv6 subnets to individual VMs automatically, so it has to be planned in advance and requires manual configuration.
The platform primarily manages individual IP addresses rather than subnet allocations. In scenarios where a VM requires control over a larger IPv6 subnet, such as a /64, a potential approach would be to assign a single IPv6 address from the desired subnet to the VM and then configure the VM’s internal networking to manage the rest of the subnet.
I can’t help you more on this, so if you need more support, let us know if you managed to follow the documentation and need more support on the manual configuration.
I think half the confusion comes from the Virtual Network Template page having PREFIX_LENGTH. I think this has made a few of us assume that OpenNebula would allocate a subnet of this size to VMs, especially as the SIZE argument also talks about using PREFIX_LENGTH.
Personally, I think this is quite an important omission especially as many home internet providers even allocate a /64 (so “servers” really should do this). However, I appreciate we’re in feature request territory, not bug territory (apart from possibly a bug because of potentially misleading documentation).
The problem with your suggestion is that firewall rules almost certainly won’t be created properly. I imagine they’ll allow the one IPv6 address through the host’s firewall, not the whole range.
In my ideal world, we would have:
Another type of IPv6 address range, e.g. IP6_SUBNETS. This would be necessary to ensure existing installs behave as expected.
SIZE being based on the number of PREFIX_LENGTHs, e.g. it would be 16 if you had a /60 you wanted to split into /64s. Maybe even SIZE being the exponent in the 2^x calculation, e.g. 4 in the above example.
The full subnet being allocated to the VM (shown correctly in the UI, and with firewall rules created).
The VM’s interfaces being correctly configured, at least with maybe the :: address or similar set up.