![]() ![]() Your infrastructure runs on either an IPv4 network or an IPv6 network. The IPv4 and IPv6 protocols aren't compatible. It's estimated that more than 50 percent of traffic in the United States is over IPv6. Scenario detailsĭue to IPv4 address exhaustion, IPv6 was introduced in 1995 and became an internet standard in 2017. When AKS can fully support dual-stack deployment at the service layer, you can remap only IPv6 ingress in the main approach while the alternative approach needs more maintenance. The main approach can distribute the performance hit by using persistent connections. However, if you use this approach in a microservice architecture with lots of services, it doesn't support good code maintenance because each service is duplicated. This approach seems more like a natural Kubernetes approach that offers better performance. ![]() This approach helps avoid a NAT64 hop for IPv6 traffic and vice versa. There's one AKS service listening for IPv6 ingress and one AKS service listening for IPv4 ingress. Both IPv4 and IPv6 clients can connect to the same domain name without noticing any difference.Īzure Load Balancer and Azure network interface are automatically created by AKS after Kubernetes's ingresses are deployed.Īzure Container Registry stores private container images that can be run in the AKS cluster.Īzure Key Vault stores and manages security keys for AKS services.Īnother approach is to separate each functional service. Enable IPv6 during the deployment process.Īzure Network Security Group filters traffic between Azure resources in an Azure virtual network.Īzure DNS zones provide domain name resolution service for clients. By default, Azure Virtual Network supports IPv4 only. Dual-stack AKS needs to run on a dual-stack Azure Virtual Network.ĭual-stack Azure Virtual Network provides highly secure virtual network environments on Azure infrastructure. Azure manages the Kubernetes API service. ![]() The example consists of the following components:ĭual-stack Azure Kubernetes Service is a managed Kubernetes cluster hosted in the Azure cloud. The dataflow from 2 to 6 is the same as in the IPv4 dataflow.Īlternatively, AKS main traffic can run on top of IPv6, and IPv4 ingress serves as the NAT46 proxy. It's now IPv4 traffic with more metadata, which includes the IPv6 source address.Ģ-6. The IPv6 ingress directs traffic to IPv4 addresses. You can use a server like Nginx for this translation.ġc. The load balancer forwards traffic to the IPv6 ingress where a NAT64 proxy translates its address. IPv6 reaches the IPv6 option on Load Balancer.ġb. ![]() IPv6 traffic (orange line): Load Balancer directs IPv6 traffic as follows:ġa. Azure Container Registry can quickly and securely deliver application images. Applications can securely store and retrieve data to and from Azure storage services in the Azure infrastructure.Ħ. Each Kubernetes service distributes traffic to its application.ĥ. The AKS ingress acts as a reverse proxy to direct traffic to a Kubernetes service.Ĥ. The load balancer forwards traffic to the AKS ingress dedicated for IPv4 traffic.ģ. Traffic from the public internet or external network reaches IPv4 on Azure Load Balancer.Ģ. IPv4 traffic (black line): Azure Load Balancer directs IPv4 traffic to the corresponding services in the virtual network as follows:ġ. There are two options in this example architecture: For clients inside an Azure virtual network with a custom DNS resolution rule, the closest server can be an Azure private DNS server. The closest DNS server can be a global DNS server for clients from the internet. They get the IPv6 value from the AAAA record and the IPv4 value from the A record of the domain name. When clients establish connections to the service, they get service IP addresses from the closest DNS server. It can be added to or removed from an existing infrastructure with minimal changes. This example uses a NAT64 proxy for the ingress controller to translate external traffic to either IPv4 or IPv6. Architectureĭownload a Visio file of this architecture. This example baseline infrastructure deploys an Azure Kubernetes Service (AKS) cluster to multiple regions on a dual-stack network by using both IPv4 and IPv6 addresses. ![]()
0 Comments
Leave a Reply. |