Share via

Deploy ACI in VNet with IPv6

Rene Schulz 21 Reputation points
2021-02-12T09:03:50.777+00:00

I'm trying to deploy an Azure Container Instance to a VNet via Azure CLI. It works just fine as long as the VNet is only IPv4. However, when I use a VNet with an additional IPv6 address space, the same CLI command will result in an unspecific error: 

az : ClientRequestError: Error occurred in request., RetryError: HTTPSConnectionPool(host='management.azure.com', port=443): Max retries exceeded with url: /subscriptions/a0b9e58d-5f02-4927-9d37-6c9478f0d732/resourceGroups/rg-rs1202-dev-ipv6/providers/Microsoft.ContainerInstance/containerGroups/ci-fileserver2--rs1202-dev-ipv6?api-version=2018-10-01 (Caused by ResponseError('too many 500 error responses',))

Neither the MS documentation nor a google search brought up a solution or mentions a general restriction to IPv4. When I try to create the ACI via Portal UI, the validation of the generated template fails:

67360-acierror.png

Azure CLI script for VNet creation: 

$VNET_ADDRESS_PREFIX = "10.0.0.0/22"  
$SUBNET_FRONTEND_ADDRESS_PREFIX = "10.0.0.0/24"  
$SUBNET_BACKEND_ADDRESS_PREFIX = "10.0.1.0/24"  
  
$VNET_ADDRESS_PREFIX_IPv6 = "2001:db8:1234::/48"  
$SUBNET_FRONTEND_ADDRESS_PREFIX_IPv6 = "2001:db8:1234::/64"  
$SUBNET_BACKEND_ADDRESS_PREFIX_IPv6 = "2001:db8:1234:1::/64"  
  
Write-Host "Creating network vnet: $VNET_NAME"  
az network vnet create -g $RESOURCE_GROUP_NAME  -n $VNET_NAME -l $INSTALLATION_LOCATION --address-prefix $VNET_ADDRESS_PREFIX $VNET_ADDRESS_PREFIX_IPv6 --output none  
  
Write-Host "Creating network vnet subnet"  
$SUBNET_FRONTEND_ID = az network vnet subnet create -g $RESOURCE_GROUP_NAME --vnet-name $VNET_NAME -n $FRONTEND --address-prefixes $SUBNET_FRONTEND_ADDRESS_PREFIX $SUBNET_FRONTEND_ADDRESS_PREFIX_IPv6 `  
                                --network-security-group $NSG_FRONTEND_NAME `  
                                --service-endpoints Microsoft.Sql Microsoft.Keyvault --query id  
  
$SUBNET_BACKEND_ID = az network vnet subnet create -g $RESOURCE_GROUP_NAME --vnet-name $VNET_NAME -n $BACKEND --address-prefixes $SUBNET_BACKEND_ADDRESS_PREFIX $SUBNET_BACKEND_ADDRESS_PREFIX_IPv6 `  
                                --network-security-group $NSG_BACKEND_NAME `  
                                --delegations Microsoft.ContainerInstance/containerGroups `  
                                --service-endpoints Microsoft.Storage Microsoft.Keyvault Microsoft.ContainerRegistry --query id

Azure CLI script for Container Instance: 

 $FILESERVER_IP = az container create --resource-group $RESOURCE_GROUP_NAME `  
                    --assign-identity `  
                    --cpu 1 `  
                    --environment-variables FS__AppConfigurationServiceUrl=$APPCONFIG_URL FS__TenantLabel=$DEFAULT_PROFILE_TENANT_NAME `  
                    --secure-environment-variables AZURE_TENANT_ID=$FILESERVER_SP_TENANT_ID  `  
                    --image $CENTRAL_CONTAINER_REGISTRY_IMAGE_URL `  
                    --ip-address Private `  
                    --memory 1.5 `  
                    --name $FILESERVER_NAME `  
                    --location $INSTALLATION_LOCATION `  
                    --os-type Linux `  
                    --ports $FILESERVER_PORT `  
                    --protocol TCP `  
                    --registry-login-server $CENTRAL_CONTAINER_REGISTRY_LOGIN_SERVER `  
                    --registry-password $CENTRAL_CONTAINER_REGISTRY_PASSWORD `  
                    --registry-username $CENTRAL_CONTAINER_REGISTRY_USERNAME `  
                    --vnet $VNET_NAME `  
                    --vnet-address-prefix $VNET_ADDRESS_PREFIX_IPv6 `  
                    --subnet $BACKEND `  
                    --subnet-address-prefix $SUBNET_BACKEND_ADDRESS_PREFIX_IPv6  `  
                    --query ipAddress.ip

I tried to leave out the 2 "address-prefix" lines, which resulted in the same error. I didn't find the correct syntax to give both IPv4 and IPv6 prefixes to the parameter (which might not be possible, since the parameter is named "...-prefix" instead of "...-prefixES").

Any help or advice would be greatly appreciated.

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
711 questions
0 comments
Accepted answer
  1. TravisCragg-MSFT 5,681 Reputation points Microsoft Employee
    2021-02-13T02:10:53.497+00:00
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rene Schulz 21 Reputation points
    2021-02-15T11:01:44.373+00:00

    Thanks for the fast response. That explains the issue. I searched the documentation for VNet and ACI, but didn't look for an IPv6 specific page.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.