feat: Add dualstack support for AWS Infrastructure

[Volatus]

1. Makes the necessary changes to the VPC, subnets, security groups and gateways to add IPv6 Dualstack support.
2. Dualstack is opt-in, controlled by the var.dualstack variable, which defaults to false.
3. There is no change to how IPv4 environments are created, they're identical to how they were before.

dualstack is also added as a Terraform output so that Bosh will have a way of determining whether it has to consume IPv6 specific outputs or not.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: Volatus / name: Ismayil Mirzali (2d52540, e122254)

[peanball]

For completeness, I've discussed with @Volatus that the IPv6 config should be optional, not default. The PR is being reworked to base IPv6 or not on a terraform variable. This variable will then be set by the Go code appropriately and defaults to "IPv4 only".

[oliver-heinrich]

Hi @Volatus , thanks for your contribution :-). I have the following questions:

• Looks like you also enhanced the load balancer for the ingress part. Are the enhancements also covering therefore the IPv6 ingress part? This would be great as we plan from cf-deployment a roundtrip test in the CATs test suite where an app exposes an IPv6 HTTP endpoint that can be called from the same app via an egress call. With this approach we would become in the CATs tests independent from calling external Third Party IPv6 Test URL's
• Currently we have in cf deployment only bbl env for IPv4. Can we upgrade in a compatible way our IPv4 bbl env's to the new dualstack env using the introduced config switch for the dualstack (proposed by @peanball )?

[peanball]

@oliver-heinrich, please note that "upgrade" is not in scope. Recreate would be your option.

See also #632, which contains what was agreed with the BOSH team (via @rkoster).

[Volatus]

Hi @oliver-heinrich

Looks like you also enhanced the load balancer for the ingress part. Are the enhancements also covering therefore the IPv6 ingress part?

LB wise it's occurred to me that we should replace the aws_elb resources with aws_lb ones. The ELB variants are the old classic load balancers on AWS, which don't support dualstack/IPv6. The newer ones do and would allow us to pick from application, network or gateway LBs.

Here's an overview of the differences between the LB variants on AWS, I think we may need to use network type if we need TCP listeners.

Currently we have in cf deployment only bbl env for IPv4. Can we upgrade in a compatible way our IPv4 bbl env's to the new dualstack env using the introduced config switch for the dualstack

Theoretically this could be possible. (although I run into clashing security group rules when trying to upgrade from IPv4 to dualstack but it downgrades just fine from dualstack to IPv4)

[oliver-heinrich]

overview of the differences between the LB variants on AWS

@Volatus : Thank you for the info.
@jochenehret : FYI regarding the ELB/LB changes.

[peanball]

I would prefer moving the LB changes into a separate PR.

[beyhan]

@Volatus could you please update the description with the latest change state.

[peanball]

@beyhan @ramonskie, the description has been updated. Please don't forget about this PR :D

As noted, this is part 1 of X for adding IPv6 dual stack support. The next step will be to process the new TF vars when var.dualstack is set to true and pass them on to BOSH and the other deployments as part of the BBL code.

[peanball]

Validated changes on our AWS account, with changes as expected.

[ramonskie]

lgtm