Skip to main content
Calico Enterprise 3.19 (latest) documentation

Configure dual stack

Big picture

Configure Calico Enterprise IP address allocation to use dual stack for workload communications.

Value

In addition to IPv4, IPv6 is increasingly desirable for Workload communication. Calico Enterprise supports:

  • IPv4 only (default)

    Each workload gets an IPv4 address, and can communicate over IPv4.

  • Dual stack

    Each workload gets an IPv4 and an IPv6 address, and can communicate over IPv4 or IPv6.

Before you begin

Unsupported

  • IPv6 only
  • AKS
  • AWS/kOps
  • EKS
  • GKE
  • RKE
  • RKE2

Calico Enterprise requirements

  • Calico Enterprise IPAM
  • OpenShift
    • Requires 4.8 for IPv6/IPv4 dual-stack and IPv6 single stack support
    • Requires 3.11 and later using Calico Enterprise 3.4 and later for IPv6 support

Kubernetes version requirements

  • For dual stack, 1.20 and later
  • For one IP stack at a time (IPv4 or IPv6), any Kubernetes version

Kubernetes IPv6 host requirements

  • An IPv6 address that is reachable from the other hosts
  • The sysctl setting, net.ipv6.conf.all.forwarding, is set to 1. This ensures both Kubernetes service traffic and Calico Enterprise traffic is forwarded appropriately.
  • A default IPv6 route

Kubernetes IPv4 host requirements

  • An IPv4 address that is reachable from the other hosts
  • The sysctl setting, net.ipv4.conf.all.forwarding, is set to 1. This ensures both Kubernetes service traffic and Calico Enterprise traffic is forwarded appropriately.
  • A default IPv4 route

How to

note

The following task is only for new clusters.

Enable dual stack

  1. Set up a new cluster following the Kubernetes prerequisites and enablement steps.

To configure dual-stack cluster using the operator, edit your default Installation at install time to include both an IPv4 and IPv6 pool. For example:

apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
# Configures Calico networking.
calicoNetwork:
# Note: The ipPools section cannot be modified post-install.
ipPools:
- blockSize: 26
cidr: 10.48.0.0/21
encapsulation: IPIP
natOutgoing: Enabled
nodeSelector: all()
- blockSize: 122
cidr: 2001::00/64
encapsulation: None
natOutgoing: Enabled
nodeSelector: all()