Enable dual-stack networking#

Overview#

When to follow these instructions#

Follow the instructions below only as part of a single-stack-to-dual-stack upgrade and only when other instructions tell you to do so. Perform the tasks in order.

Enable dual-stack networking for Aspen Mesh intracluster communication#

Update your Aspen Mesh override values file to enable dual-stack networking for Aspen Mesh intracluster communication#

Open your Aspen Mesh override values file (for example, aspen-mesh-override-values.yaml) in a text editor.
Make sure the file contains the following information related to dual-stack networking:
```
global:
  dualStack: true
```
Save and close the file.

Update your Aspen Mesh override values file to enable dual-stack Packet Inspector 1 (if you’re using Packet Inspector 1)#

Important

Perform this task only if you’re using Packet Inspector 1.

Open your Aspen Mesh override values file (for example, aspen-mesh-override-values.yaml) in a text editor.

Make sure the file contains the following information related to dual-stack Packet Inspector 1:

aspen-mesh-packet-inspector:
  service:
    ipFamilyPolicy: RequireDualStack
    ipFamilies:
    - IPv4
    - IPv6

Save and close the file.

Perform another upgrade#

Now that you’ve enabled dual-stack networking for Aspen Mesh intracluster communication, perform an upgrade of Aspen Mesh from the current version to the same version (perform only the tasks in that section).

Enable dual-stack networking for your cluster and restart pods with sidecars#

Enable dual-stack networking for your cluster#

Enable dual-stack networking for your cluster.

Verify that dual-stack networking is enabled for your cluster.

For example, in OpenShift, use the following command:

$ oc describe network

If dual-stack networking is enabled for your cluster, the output of this command will include both IPv4 and IPv6 addresses in the Cluster Network and Service Network sections, as in this example:

Status:
  Cluster Network:
    Cidr:               10.128.0.0/14
    Host Prefix:        23
    Cidr:               fd00:abcd:102::/48
    Host Prefix:        64
  Cluster Network MTU:  8901
  Network Type:         OVNKubernetes
  Service Network:
    172.30.0.0/16
    fd00:abcd:2:122::/112

Restart pods with sidecars#

In each namespace in which sidecar injection (either automatic or manual) should occur, restart all pods with sidecars so the cluster can assign both IPv4 and IPv6 addresses to them:
```
$ kubectl delete pods --namespace <namespaceName> --selector security.istio.io/tlsMode=istio
```
Your pods with sidecars are now prepared to use dual-stack networking in your service mesh, even though the traffic’s IP family has not yet changed.

Enable dual-stack networking for the Aspen Mesh ingress gateway#

Update your Aspen Mesh override values file to enable dual-stack networking for the Aspen Mesh ingress gateway#

Open your Aspen Mesh override values file (for example, aspen-mesh-override-values.yaml) in a text editor.
Make sure the file contains the following information related to dual-stack networking:
```
global:
  ingressGatewayDualStack: true
```
Save and close the file.

Perform another upgrade#

Now that you’ve enabled dual-stack networking for the Aspen Mesh ingress gateway, perform an upgrade of Aspen Mesh from the current version to the same version (perform only the tasks in that section).