From 3f479c751e2d2b5ed8242e40061d37e9b6c912d1 Mon Sep 17 00:00:00 2001 From: i759715 Date: Wed, 9 Jul 2025 17:24:07 +0300 Subject: [PATCH 1/2] Add security group for handling ipv6 traffic --- cf-deployment.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cf-deployment.yml b/cf-deployment.yml index 574904f4e..e18952308 100644 --- a/cf-deployment.yml +++ b/cf-deployment.yml @@ -886,9 +886,11 @@ instance_groups: default_running_security_groups: - public_networks - dns + - ipv6_public_networks default_staging_security_groups: - public_networks - dns + - ipv6_public_networks security_groups: enable_comma_delimited_destinations: true security_group_definitions: @@ -912,6 +914,10 @@ instance_groups: - destination: 0.0.0.0/0 ports: '53' protocol: udp + - name: ipv6_public_networks + rules: + - destination: 2000::-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + protocol: all install_buildpacks: ## Order is important here - name: staticfile_buildpack From 29cfe1d2138ce15fdaff6a0c6e015cc9184f6a70 Mon Sep 17 00:00:00 2001 From: i759715 Date: Fri, 11 Jul 2025 11:47:11 +0300 Subject: [PATCH 2/2] Add changes in ops file related to the IPv6 security group --- cf-deployment.yml | 6 ----- .../experimental/enable-ipv6-egress.yml | 27 +++++++++++++++++++ 2 files changed, 27 insertions(+), 6 deletions(-) create mode 100755 operations/experimental/enable-ipv6-egress.yml diff --git a/cf-deployment.yml b/cf-deployment.yml index e18952308..574904f4e 100644 --- a/cf-deployment.yml +++ b/cf-deployment.yml @@ -886,11 +886,9 @@ instance_groups: default_running_security_groups: - public_networks - dns - - ipv6_public_networks default_staging_security_groups: - public_networks - dns - - ipv6_public_networks security_groups: enable_comma_delimited_destinations: true security_group_definitions: @@ -914,10 +912,6 @@ instance_groups: - destination: 0.0.0.0/0 ports: '53' protocol: udp - - name: ipv6_public_networks - rules: - - destination: 2000::-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff - protocol: all install_buildpacks: ## Order is important here - name: staticfile_buildpack diff --git a/operations/experimental/enable-ipv6-egress.yml b/operations/experimental/enable-ipv6-egress.yml new file mode 100755 index 000000000..f6a202d2f --- /dev/null +++ b/operations/experimental/enable-ipv6-egress.yml @@ -0,0 +1,27 @@ +--- +- type: replace + path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/enable_ipv6? + value: true + +# --- Add IPv6 Security Groups --- +- type: replace + path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_running_security_groups + value: + - public_networks + - dns + - ipv6_public_networks + +- type: replace + path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/default_staging_security_groups + value: + - public_networks + - dns + - ipv6_public_networks + +- type: replace + path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_group_definitions/- + value: + name: ipv6_public_networks + rules: + - destination: 2000::-3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff + protocol: all \ No newline at end of file