Creating physical compute networks
Physical networks can host multiple IPv4, IPv6, and dual-stack subnets. IPv6 subnets support three IP address assignment modes: Stateless Address Autoconfiguration (SLAAC), DHCPv6 stateless, and DHCPv6 stateful. The modes are explained in the following table:
IPv6 address mode | VM address assignment | External router configuration | DHCP server configuration |
---|---|---|---|
SLAAC | A VM obtains an IPv6 address, the default gateway, and the subnet prefix via Router Advertisements (RA) from an external router. DNS servers and a hostname are not automatically configured. | An external router should send RA messages without the M (Managed address configuration) and O (Other configuration) flags. | The built-in DHCPv6 server is automatically disabled. |
DHCPv6 stateless | A VM obtains an IPv6 address and the default gateway via RA messages from an external router and other information (the subnet prefix, DNS servers, a hostname) from the built-in DHCPv6 server. | An external router should send RA messages with the O flag. | The built-in DHCPv6 server is automatically enabled. |
DHCPv6 stateful | A VM obtains an IPv6 address and other information (the subnet prefix, DNS servers, a hostname) from the built-in DHCPv6 server. The default gateway is received via RA messages from an external router. | An external router should send RA messages with the M flag. | The built-in DHCPv6 server is automatically enabled. |
IPv6 address assignment inside a virtual machine also depends on the network settings of a guest operating system.
Limitations
- You can create only one untagged physical network over an infrastructure network.
- When providing network access to an entire domain, it is configured only for the existing projects within this domain. Newly created projects will not have access to the network.
- You cannot connect IPv6 subnets to routers. Therefore, floating IPv6 addresses are not supported.
- IPv6 addresses are not supported for load balancers and Kubernetes clusters.
- A VM that is connected to a dual-stack network always receives an IPv6 address, if the IPv6 subnet is in the SLAAC or DHCPv6 stateless mode.
- To be able to work in a SLAAC-enabled IPv6 subnet by using cloud-init, a VM guest operating system must have cloud-init version 19.4 or newer.
Prerequisites
- A clear understanding of the compute architecture, which is explained in Compute network architecture.
- For VLAN-based networks, a virtual switch is connected to the trunk network interface, as described in Connecting virtual switches to trunk interfaces.
To add a physical compute network
Admin panel
- On the Compute > Network > Networks tab, click Create network.
-
On the Network configuration step:
-
Enable or disable IP address management:
- With IP address management enabled, VMs connected to the network will automatically be assigned IP addresses from allocation pools by the built-in DHCP server and use custom DNS servers. Additionally, spoofing protection will be enabled for all VM network ports by default. Each VM network interface will be able to accept and send IP packets only if it has IP and MAC addresses assigned. You can disable spoofing protection manually for a VM interface, if required.
- With IP address management disabled, VMs connected to the network will obtain IP addresses from the DHCP servers in that network, if any. Also, spoofing protection will be disabled for all VM network ports, and you cannot enable it manually. This means that each VM network interface, with or without assigned IP and MAC addresses, will be able to accept and send IP packets.
In any case, you will be able to manually assign static IP addresses from inside the VMs.
- Select the Physical network type.
-
Specify a network name, and then select an infrastructure network with the VM public traffic type.
- To create a VLAN-based network, select VLAN and specify a VLAN ID. To create a flat physical network, select Untagged.
- Click Next.
-
-
If you enabled IP address management, you will move on to the IP address management step, where you can add IPv4 and IPv6 subnets:
-
To add an IPv4 subnet
- In the Subnets section, click Add and select IPv4 subnet.
- In the Add IPv4 subnet window, specify the network’s IPv4 address range and, optionally, specify a gateway. If you leave the Gateway field blank, the gateway will be omitted from network settings.
-
Enable or disable the built-in DHCP server:
- With the DHCP server enabled, VM network interfaces will automatically be assigned IP addresses: either from allocation pools or, if there are no pools, from the network’s entire IP range.
- With the DHCP server disabled, VM network interfaces will still get IP addresses, but you will have to manually assign them inside VMs.
The virtual DHCP service will work only within the current network and will not be exposed to other networks.
- Specify one or more allocation pools (ranges of IP addresses that will be automatically assigned to VMs).
- Specify DNS servers that will be used by virtual machines. These servers can be delivered to VMs via the built-in DHCP server or by using the cloud-init network configuration (if cloud-init is installed in the VM).
- Click Add.
-
To add an IPv6 subnet
- In the Subnets section, click Add and select IPv6 subnet.
- In the Add IPv6 subnet window, specify the network’s IPv6 address range and, optionally, specify a gateway. If you leave the Gateway field blank, the gateway will be omitted from network settings.
- Select the desired IPv6 address mode, referring to the table above.
-
If you have selected the IPv6 address mode None, enable or disable the built-in DHCP server:
- With the DHCP server enabled, a VM will automatically obtain an IPv6 address.
- With the DHCP server disabled, you will need to assign an IPv6 address for a VM manually.
- Specify one or more allocation pools (ranges of IP addresses that will be automatically assigned to VMs).
- If you have selected the IPv6 address mode DHCPv6 stateless or DHCPv6 stateful, specify DNS servers that will be send to virtual machines via the built-in DHCP server.
- Click Add.
-
-
On the Network access step, you can configure the network access:
-
Select projects to provide network access to:
- If you want the network to be accessed from all existing and new projects, select All projects.
- If you want the network to be accessed from all existing projects within a domain, select Select projects, and then select the check box next to the required domain.
- If you want the network to be accessed from a particular project within a domain, select Select projects, click the domain name, and then select the required project.
- If you do not want to share the network, skip this step by clicking Next.
-
Select the access type:
- By providing full access, you allow virtual machines in the selected projects to communicate with this network either directly or via virtual routers.
- By providing routed access, you allow virtual machines in the selected projects to communicate with this network only via virtual routers.
You can also provide direct access, which implies a direct connection of virtual machines within projects to a physical network. Direct access can be granted only via the
vinfra
tool by specifyingdirect
in the--rbac-policies
option. You cannot configure this access type in the admin panel. - Click Next.
-
-
On the Summary step, review the configuration, and then click Add network.