Support IPv6 for SubnetPort

Signed-off-by: Yanjun Zhou <yanjun.zhou@broadcom.com>

Author: yanjunz97

build/yaml/crd/vpc/crd.nsx.vmware.com_subnetports.yaml

@@ -146,6 +146,10 @@ spec:
                     description: DHCPDeactivatedOnSubnet indicates whether DHCP is
                       deactivated on the Subnet.
                     type: boolean
+                  dhcpv6DeactivatedOnSubnet:
+                    description: DHCPv6DeactivatedOnSubnet indicates whether DHCPv6
+                      is deactivated on the Subnet.
+                    type: boolean
                   ipAddresses:
                     items:
                       properties:

docs/ref/apis/vpc.md

@@ -421,6 +421,7 @@ _Appears in:_
 | `ipAddresses` _[NetworkInterfaceIPAddress](#networkinterfaceipaddress) array_ |  |  |  |
 | `macAddress` _string_ | The MAC address. |  |  |
 | `dhcpDeactivatedOnSubnet` _boolean_ | DHCPDeactivatedOnSubnet indicates whether DHCP is deactivated on the Subnet. |  |  |
+| `dhcpv6DeactivatedOnSubnet` _boolean_ | DHCPv6DeactivatedOnSubnet indicates whether DHCPv6 is deactivated on the Subnet. |  |  |
 
 
 #### NetworkInterfaceIPAddress

pkg/apis/vpc/v1alpha1/subnetport_types.go

@@ -70,6 +70,8 @@ type NetworkInterfaceConfig struct {
 	MACAddress string `json:"macAddress,omitempty"`
 	// DHCPDeactivatedOnSubnet indicates whether DHCP is deactivated on the Subnet.
 	DHCPDeactivatedOnSubnet bool `json:"dhcpDeactivatedOnSubnet,omitempty"`
+	// DHCPv6DeactivatedOnSubnet indicates whether DHCPv6 is deactivated on the Subnet.
+	DHCPv6DeactivatedOnSubnet bool `json:"dhcpv6DeactivatedOnSubnet,omitempty"`
 }
 
 type NetworkInterfaceIPAddress struct {

pkg/controllers/common/utils.go

@@ -30,6 +30,7 @@ const (
 	NSXIPAddressTypeIPv4     = "IPV4"
 	NSXIPAddressTypeIPv6     = "IPV6"
 	NSXIPAddressTypeIPv4IPv6 = "IPV4_IPV6"
+	NSXIPAddressTypeNone     = "NONE"
 )
 
 var (
@@ -641,6 +642,25 @@ func ConvertCRIPAddressTypeToNSX(crType v1alpha1.IPAddressType) string {
 	}
 }
 
+// ConvertCRStaticIPAddressTypeToNSX converts CR StaticIPAddressType to NSX API format
+// v1alpha1 format: IPv4, IPv6, IPv4IPv6, None
+// NSX format: IPV4, IPV6, IPV4_IPV6, NONE
+func ConvertCRStaticIPAddressTypeToNSX(crType v1alpha1.StaticIPAllocationType) string {
+	switch crType {
+	case v1alpha1.StaticIPAllocationTypeIPv4:
+		return NSXIPAddressTypeIPv4
+	case v1alpha1.StaticIPAllocationTypeIPv6:
+		return NSXIPAddressTypeIPv6
+	case v1alpha1.StaticIPAllocationTypeIPv4IPv6:
+		return NSXIPAddressTypeIPv4IPv6
+	case v1alpha1.StaticIPAllocationTypeNone:
+		return NSXIPAddressTypeNone
+	default:
+		log.Warn("Unknown IP address type, defaulting to IPv4", "unknownType", string(crType))
+		return NSXIPAddressTypeIPv4
+	}
+}
+
 // ConvertNSXIPAddressTypeToCR converts NSX API IPAddressType to CR format
 // NSX format: IPV4, IPV6, IPV4_IPV6
 // v1alpha1 format: IPV4, IPV6, IPV4IPV6

pkg/controllers/pod/pod_controller.go

@@ -116,7 +116,7 @@ func (r *PodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.R
 			r.StatusUpdater.UpdateFail(ctx, pod, err, "", nil)
 			return common.ResultRequeue, err
 		}
-		nsxSubnetPortState, _, err := r.SubnetPortService.CreateOrUpdateSubnetPort(pod, nsxSubnet, contextID, &pod.ObjectMeta.Labels, false, r.restoreMode)
+		nsxSubnetPortState, err := r.SubnetPortService.CreateOrUpdateSubnetPort(pod, nsxSubnet, contextID, &pod.ObjectMeta.Labels, false, r.restoreMode)
 		if err != nil {
 			r.StatusUpdater.UpdateFail(ctx, pod, err, "", nil)
 			return common.ResultRequeue, err

pkg/controllers/pod/pod_controller_test.go

@@ -223,8 +223,8 @@ func TestPodReconciler_Reconcile(t *testing.T) {
 						return &model.VpcSubnet{}, nil
 					})
 				patches.ApplyFunc((*subnetport.SubnetPortService).CreateOrUpdateSubnetPort,
-					func(r *subnetport.SubnetPortService, obj interface{}, nsxSubnet *model.VpcSubnet, contextID string, tags *map[string]string, isVmSubnetPort bool, restoreMode bool) (*model.SegmentPortState, bool, error) {
-						return nil, false, errors.New("failed to create subnetport")
+					func(r *subnetport.SubnetPortService, obj interface{}, nsxSubnet *model.VpcSubnet, contextID string, tags *map[string]string, isVmSubnetPort bool, restoreMode bool) (*model.SegmentPortState, error) {
+						return nil, errors.New("failed to create subnetport")
 					})
 				return patches
 			},
@@ -256,7 +256,7 @@ func TestPodReconciler_Reconcile(t *testing.T) {
 						return &model.VpcSubnet{}, nil
 					})
 				patches.ApplyFunc((*subnetport.SubnetPortService).CreateOrUpdateSubnetPort,
-					func(s *subnetport.SubnetPortService, obj interface{}, nsxSubnet *model.VpcSubnet, contextID string, tags *map[string]string) (*model.SegmentPortState, bool, error) {
+					func(s *subnetport.SubnetPortService, obj interface{}, nsxSubnet *model.VpcSubnet, contextID string, tags *map[string]string) (*model.SegmentPortState, error) {
 						return &model.SegmentPortState{
 							RealizedBindings: []model.AddressBindingEntry{
 								{
@@ -268,7 +268,7 @@ func TestPodReconciler_Reconcile(t *testing.T) {
 							Attachment: &model.SegmentPortAttachmentState{
 								Id: servicecommon.String("attachment-id"),
 							},
-						}, false, nil
+						}, nil
 					})
 
 				k8sClient.EXPECT().Update(gomock.Any(), gomock.Any()).Return(nil).Do(func(ctx context.Context, obj client.Object, opts ...client.UpdateOption) error {
@@ -306,7 +306,7 @@ func TestPodReconciler_Reconcile(t *testing.T) {
 						return &model.VpcSubnet{}, nil
 					})
 				patches.ApplyFunc((*subnetport.SubnetPortService).CreateOrUpdateSubnetPort,
-					func(s *subnetport.SubnetPortService, obj interface{}, nsxSubnet *model.VpcSubnet, contextID string, tags *map[string]string) (*model.SegmentPortState, bool, error) {
+					func(s *subnetport.SubnetPortService, obj interface{}, nsxSubnet *model.VpcSubnet, contextID string, tags *map[string]string) (*model.SegmentPortState, error) {
 						return &model.SegmentPortState{
 							RealizedBindings: []model.AddressBindingEntry{
 								{
@@ -315,7 +315,7 @@ func TestPodReconciler_Reconcile(t *testing.T) {
 									},
 								},
 							},
-						}, false, nil
+						}, nil
 					})
 				patches.ApplyMethod(reflect.TypeOf(r.SubnetPortService.NSXClient), "NSXCheckVersion", func(_ *nsx.Client, _ int) bool {
 					return false

pkg/controllers/subnetport/subnetport_controller.go

@@ -167,7 +167,7 @@ func (r *SubnetPortReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 			r.StatusUpdater.UpdateFail(ctx, subnetPort, err, "Failed to create NSX IPAddressAllocation for AddressBinding restore", setSubnetPortReadyStatusFalse, r.SubnetPortService, r.restoreMode)
 			return common.ResultRequeue, err
 		}
-		nsxSubnetPortState, enableDHCP, err := r.SubnetPortService.CreateOrUpdateSubnetPort(subnetPort, nsxSubnet, "", labels, isVmSubnetPort, r.restoreMode)
+		nsxSubnetPortState, err := r.SubnetPortService.CreateOrUpdateSubnetPort(subnetPort, nsxSubnet, "", labels, isVmSubnetPort, r.restoreMode)
 		if err != nil {
 			r.StatusUpdater.UpdateFail(ctx, subnetPort, err, "", setSubnetPortReadyStatusFalse, r.SubnetPortService, r.restoreMode)
 			if nsxutil.IsRealizeStateError(err) {
@@ -191,13 +191,35 @@ func (r *SubnetPortReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 						Gateway: "",
 					},
 				},
-				DHCPDeactivatedOnSubnet: !enableDHCP,
+				DHCPDeactivatedOnSubnet:   !util.NSXSubnetDHCPEnabled(nsxSubnet),
+				DHCPv6DeactivatedOnSubnet: !util.NSXSubnetDHCPv6Enabled(nsxSubnet),
+			}
+			// Append one more ipaddress for dual stack subnet
+			// TODO: check SubnetPort interfacetype when it is supported
+			if nsxSubnet.IpAddressType != nil && *nsxSubnet.IpAddressType == model.VpcSubnet_IP_ADDRESS_TYPE_IPV4_IPV6 {
+				subnetPort.Status.NetworkInterfaceConfig.IPAddresses = append(
+					subnetPort.Status.NetworkInterfaceConfig.IPAddresses,
+					v1alpha1.NetworkInterfaceIPAddress{Gateway: ""},
+				)
 			}
 			if util.NSXSubnetStaticIPAllocationEnabled(nsxSubnet) || len(subnetPort.Spec.AddressBindings) > 0 {
 				if len(nsxSubnetPortState.RealizedBindings) > 0 {
-					subnetPort.Status.NetworkInterfaceConfig.IPAddresses[0].IPAddress = *nsxSubnetPortState.RealizedBindings[0].Binding.IpAddress
-					// The MAC address is updated here when the SubnetPort's StaticIPAllocation is enabled or spec.AddressBindings is specific. For the other cases, the MAC address will be updated in the VIF polling.
-					subnetPort.Status.NetworkInterfaceConfig.MACAddress = strings.Trim(*nsxSubnetPortState.RealizedBindings[0].Binding.MacAddress, "\"")
+					// Process all realized bindings and populate IPAddresses array
+					// RealizedBindings can contain up to 2 entries (IPv4 and IPv6)
+					// The MAC address is updated here when the SubnetPort's StaticIPAllocation
+					// is enabled or spec.AddressBindings is specific. For the other cases, the MAC
+					// address will be updated in the VIF polling.
+					macAddress := ""
+					for i, binding := range nsxSubnetPortState.RealizedBindings {
+						if binding.Binding != nil && binding.Binding.IpAddress != nil {
+							if macAddress == "" && binding.Binding.MacAddress != nil {
+								macAddress = strings.Trim(*binding.Binding.MacAddress, "\"")
+							}
+							subnetPort.Status.NetworkInterfaceConfig.IPAddresses[i].IPAddress = *binding.Binding.IpAddress
+						}
+					}
+					// MAC address is consistent across all bindings, set it once
+					subnetPort.Status.NetworkInterfaceConfig.MACAddress = macAddress
 				} else if !util.NSXSubnetStaticIPAllocationEnabled(nsxSubnet) && len(subnetPort.Spec.AddressBindings) > 0 {
 					// If StaticIPAllocation is disabled, propagate the MAC from spec.addressBinding to status
 					subnetPort.Status.NetworkInterfaceConfig.MACAddress = subnetPort.Spec.AddressBindings[0].MACAddress
@@ -211,9 +233,7 @@ func (r *SubnetPortReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 				if subnetPort.Status.NetworkInterfaceConfig.MACAddress == "" && old_status.NetworkInterfaceConfig.MACAddress != "" {
 					subnetPort.Status.NetworkInterfaceConfig.MACAddress = old_status.NetworkInterfaceConfig.MACAddress
 				}
-				if subnetPort.Status.NetworkInterfaceConfig.IPAddresses[0].IPAddress == "" && old_status.NetworkInterfaceConfig.IPAddresses[0].IPAddress != "" {
-					subnetPort.Status.NetworkInterfaceConfig.IPAddresses[0].IPAddress = old_status.NetworkInterfaceConfig.IPAddresses[0].IPAddress
-				}
+				subnetPort.Status.NetworkInterfaceConfig.IPAddresses = old_status.NetworkInterfaceConfig.IPAddresses
 			}
 			err = r.updateSubnetStatusOnSubnetPort(subnetPort, nsxSubnet)
 			if err != nil {
@@ -924,19 +944,50 @@ func (r *SubnetPortReconciler) CheckAndGetSubnetPathForSubnetPort(ctx context.Co
 }
 
 func (r *SubnetPortReconciler) updateSubnetStatusOnSubnetPort(subnetPort *v1alpha1.SubnetPort, nsxSubnet *model.VpcSubnet) error {
-	gateway, prefix, err := r.SubnetService.GetGatewayPrefixOfSubnet(nsxSubnet)
+	subnetPort.Status.NetworkInterfaceConfig.LogicalSwitchUUID = *nsxSubnet.RealizationId
+	// Get all gateways from the subnet (may be IPv4, IPv6, or both for dual-stack)
+	gatewaysWithPrefixes, err := r.SubnetService.GetAllGatewayPrefixesOfSubnet(nsxSubnet)
 	if err != nil {
 		return err
 	}
-	// For now, we have an assumption that one subnetport only have one IP address
-	if len(subnetPort.Status.NetworkInterfaceConfig.IPAddresses[0].IPAddress) > 0 && prefix > 0 {
-		subnetPort.Status.NetworkInterfaceConfig.IPAddresses[0].IPAddress += fmt.Sprintf("/%d", prefix)
-	}
 	// The gateway can be empty for L2_Only Subnet which has the vlan_connection without gateway
-	if len(gateway) > 0 {
-		subnetPort.Status.NetworkInterfaceConfig.IPAddresses[0].Gateway = gateway
+	if len(gatewaysWithPrefixes) == 0 {
+		return nil
+	}
+
+	// Process each IP address entry
+	for i, ipConfig := range subnetPort.Status.NetworkInterfaceConfig.IPAddresses {
+		var isIPv6 bool
+
+		if len(ipConfig.IPAddress) > 0 {
+			// If IP address is present, determine family dynamically
+			isIPv6 = util.IsIPv6(ipConfig.IPAddress)
+		} else {
+			// For empty IP configurations (e.g., DHCP), fall back to index-based positional inference:
+			// Index 0 matches the first gateway family, Index 1 matches the second gateway family
+			if i < len(gatewaysWithPrefixes) {
+				isIPv6 = util.IsIPv6(gatewaysWithPrefixes[i].Gateway)
+			} else {
+				continue
+			}
+		}
+
+		// Find matching gateway by IP family
+		for _, gwInfo := range gatewaysWithPrefixes {
+			isGatewayIPv6 := util.IsIPv6(gwInfo.Gateway)
+			if isIPv6 != isGatewayIPv6 {
+				continue
+			}
+
+			// Only append the prefix notation if the IP address is actually present
+			if len(subnetPort.Status.NetworkInterfaceConfig.IPAddresses[i].IPAddress) > 0 {
+				subnetPort.Status.NetworkInterfaceConfig.IPAddresses[i].IPAddress += fmt.Sprintf("/%d", gwInfo.Prefix)
+			}
+
+			subnetPort.Status.NetworkInterfaceConfig.IPAddresses[i].Gateway = gwInfo.Gateway
+			break
+		}
 	}
-	subnetPort.Status.NetworkInterfaceConfig.LogicalSwitchUUID = *nsxSubnet.RealizationId
 	return nil
 }