feat(ipam): add doc about IPv6

network/ipam/reference-content/ipv6.mdx

@@ -0,0 +1,140 @@
+---
+meta:
+  title: IPv6 and the Scaleway ecosystem
+  description: Learn about IPv6 at Scaleway - configuration, routing, security, and best practices for seamless integration and scalability. Transition smoothly with our step-by-step guide.
+content:
+  h1: IPv6 and the Scaleway ecosystem
+  paragraph: Learn about IPv6 at Scaleway - configuration, routing, security, and best practices for seamless integration and scalability. Transition smoothly with our step-by-step guide.
+tags: ipv6 ipv4 support
+dates:
+  validation: 2024-11-18
+  posted: 2024-11-18
+categories:
+  - network
+---
+
+IPv6 is increasingly important, as the world transitions to a more connected, secure and scalable internet. While IPv4 still reigns supreme in terms of volume of usage, IPv6 adoption is steadily increasing, with tech giants and ISPs in particular pushing for more widespread IPv6 uptake and integration.
+
+Read on to find out more about IPv6, how it is supported at Scaleway, and how you can configure your resources and infrastructure to take full advantage of this modern protocol.
+
+## What is IPv6?
+
+**IP**, or **Internet Protocol** enables machines to locate and communicate with each other on networks like the Internet or private subnets, by assigning each connected machine a unique IP address. An IP address is a set of numbers to identify the machine on the network. 
+
+The most commonly recognized and most widely-used IP version is **IPv4**, launched in 1983. Each IPv4 address has 32 bits. Written in human-readable form, an IPv4 address is generally shown as four octets separated by periods, e.g. `151.115.59.87`. However, with the growing number of machines connected to the Internet, the world is literally running out of unique IPv4 addresses - only 4.3 billion unique addresses of this format are possible. 
+
+This is where **IPv6** comes in, the most recent version of the IP protocol. Each IPv6 address has 128 bits, meaning a potential pool of 3.4 x 1038 unique IPv6 addresses - you could assign a trillion unique IPv6 addresses to every atom in a human body and still have addresses left over.
+
+Written in human-readable form, an IPv6 address can be shown as eight groups of four hexadecimal digits, each group representing 16 bits and separated by a colon, e.g. `2001:0DB8:0000:0003:0000:01FF:0000:002E`. This can also be notated as `2001:DB8::3:0:1FF:0:2E`.
+
+As well as providing a much bigger address space, IPv6 also includes a built-in network security layer (IPsec), as well as improved features for reliability and efficiency, liked autoconfiguration, streamlined headers and improved Quality of Service (QoS). All leading to a more robust and secure protocol, that can potentially offer lower latency and faster data transfer. 
+
+## IPv6-compatible products
+
+The following products support IPv6:
+
+### Instances and IPv6
+
+Scaleway Instances are compatible with IPv6, with the caveat that the Instance must be using [routed IPs](/compute/instances/concepts/#routed-flexible-ip). 
+
+#### Public IPv6 
+
+You can attach one or multiple public (flexible) IPv6 addresses to your Instance, as well as, or instead of, a public IPv4 address. These public addresses are flexible, meaning that you can detach them from an Instance, hold them in your account, and attach them to a different Instance later, if you want. Each flexible IPv6 address is a `/64` IPv6 subnet.
+
+#### Private IPv6 
+
+When you attach an Instance to a Private Network, it gets both an IPv4 and an IPv6 address on that network. You can either let IPAM auto-allocate any available address, or specify a [reserved IP address](/network/ipam/how-to/reserve-ip/) to use.
+
+#### Going further
+
+Go further with Instances and IPv6 in the following documentation:
+
+- [How to use flexible IPs](/compute/instances/how-to/use-flexips/)
+- [Compatibility between OS images and different flexible IP type combinations](/compute/instances/reference-content/comaptibility-scw-os-images-flexible-ip/)
+- [Using routed IPs](/compute/instances/api-cli/using-routed-ips/)
+- Fix lost IPv6 connectivity when migrating to routed IP for old [Debian Buster images](/instances/troubleshooting/fix-lost-ip-connectivity-on-debian-buster/) or [RHEL images](/compute/instances/troubleshooting/fix-unreachable-ipv6-rhel-based-instance/)
+- [Fix DNS resolution with a routed IPv6-only setup on Debian Bullseye](/compute/instances/troubleshooting/fix-dns-routed-ipv6-only-debian-bullseye/)
+
+### Elastic Metal and IPv6
+
+Scaleway Elastic Metal servers are compatible with IPv6. 
+
+#### Public IPv6
+
+You can attach one or multiple public (flexible) IPv6 addresses to your Elastic Metal server, as well as, or instead of, a public IPv4 address. These public addresses are flexible, meaning that you can detach them from an Elastic Metal server, hold them in your account, and attach them to a different Elastic Metal server, if you want. Each flexible IPv6 address is a `/64` IPv6 subnet. Flexible IPv6 addresses can also be used as additional IP addresses to create virtual machines on your Elastic Metal server.
+
+<Message type="note">
+In addition to the possibility of attaching and detaching flexible IP addresses, note that each Elastic Message server also comes with a statically routed public IPv4 address, which cannot be detached, other than manually.
+</Message>
+
+#### Private IPv6 
+
+When you attach an Elastic Metal server to a Private Network, it gets both an IPv4 and an IPv6 address on that network.  You can either let IPAM auto-allocate any available address, or specify a [reserved IP address](/network/ipam/how-to/reserve-ip/) to use.
+
+You can also use IPAM's [reserve a private IP](https://www.scaleway.com/en/developers/api/ipam/#path-ips-reserve-a-new-ip) and [attach IP to custom resource](https://www.scaleway.com/en/developers/api/ipam/#path-ips-attach-ip-to-custom-resource) feature to attach an IPv6 address to a named resource via its MAC address. This is suitable for ensuring virtual machines on your Elastic Metal server get private IPv6 addresses.
+
+#### Going further
+
+Go further with Elastic Metal and IPv6 in the following documentation:
+- [How to order a flexible IP](/bare-metal/elastic-metal/how-to/order-flexible-ip/)
+- [How to attach/detach a flexible IP](/bare-metal/elastic-metal/how-to/attach-detach-flexible-ip/)
+- [How to configure a flexible IPv6 address on your Elastic Metal server](/bare-metal/elastic-metal/how-to/configure-flexible-ipv6/)
+- [How to configure a flexible IPv6 address on a virtual Proxmox machine](/bare-metal/elastic-metal/how-to/configure-ipv6-hypervisor/)
+- [How to configure the network interface on your server for Private Networks](/bare-metal/elastic-metal/how-to/use-private-networks/#how-to-configure-the-network-interface-on-your-elastic-metal-server-for-private-networks)
+
+### Dedibox and IPv6
+
+The Scaleway Dedibox network fully supports IPv6. IPv6 can serve as your server’s primary IP and also as a failover IP utilizing the concept of a virtual MAC address.
+
+Full information on IPv6 with Dedibox can be found in our [dedicated documentation](/dedibox-network/ipv6/), or you can read more in our [blog post](https://www.scaleway.com/en/blog/ipv6-the-future-proof-internet-protocol/#ipv6-at-scaleway-dedibox).
+
+### Load Balancer and IPv6
+
+Scaleway Load Balancers are compatible with IPv6. 
+
+#### Public IPv6 
+
+You can attach a maximum of one (flexible) IPv6 address to your Load Balancer, in addition to a flexible IPv4 address. The Load Balancer cannot have **only** an IPv6 address. Once attached, the IPv6 address cannot be detached or changed for a different one. Each flexible IPv6 address is a `/64` IPv6 subnet.
+
+#### Private IPv6 
+
+When you attach a Load Balancer to a Private Network, it gets both an IPv4 and an IPv6 address on that network. You can either let IPAM auto-allocate any available address, or specify a [reserved IP address](/network/ipam/how-to/reserve-ip/) to use.
+
+#### IPv6 at the backend
+
+Load Balancers can also use IPv6 to communicate with their backend servers. When you attach backend servers to a Load Balancer, you can either specify their public IPv6 address, or their private IPv6 address (if the Load Balancer and the backend servers are attached to the same Private Network).
+
+#### Going further
+
+Go further with IPv6 and Load Balancers with the following documentation:
+- [How to create and manage flexible IPs](/network/load-balancer/how-to/create-manage-flex-ips/)
+
+### VPC, Private Networks and IPv6
+
+VPC and Private Networks are compatible with IPv6. 
+
+- Private Networks are dual-stack, meaning each Private Network necessarily has both an IPv4 and and an IPv6 CIDR blocks. 
+- For IPv6, this is a `/64` block, automatically created by Scaleway, guaranteed to be unique within the VPC and not overlapping with any of your other Private Networks.
+- All IPv6-compatible resources will automatically receive an IPv6 address when they join a Private Network, in addition to an IPv4 address.
+- This address can be auto-allocated from the pool, or specified by the user via a [reserved IP address](/network/ipam/how-to/reserve-ip/)
+- Scaleway VPC routing supports both IPv4 and IPv6 protocols. [Managed routes](/network/vpc/how-to/manage-routing/#how-to-generate-a-managed-route) to Private Networks are simultaneously generated for both IPV4 and IPV6, and both are added to the VPC's route table. Note that auto-generated managed routes to Public Gateways are only created in IPv4, since Public Gateways are not yet IPv6-compatible. [Custom routes](/network/vpc/how-to/manage-routing/#how-to-create-a-custom-route) are only created for the IP type specified during the creation process.
+
+### Serverless Functions and Containers and IPv6
+
+Serverless Functions and Containers are compatible with public IPv6 traffic. A Function or Container endpoint resolves to both IPv4 and IPv6 addresses (dual stack), ensuring compatibility for clients using either protocol.
+
+## Other products and IPv6
+
+Products other than those listed here do not officially support IPv6. These non-compatible products include Managed Databases, Kubernetes Kapsule and Public Gateways. 
+
+Please open or upvote a [feature request](https://feature-request.scaleway.com/) to register your interest in IPv6 for these resources. 
+
+Alternatively, get in touch on the [Scaleway Slack Community](/tutorials/scaleway-slack-community/) if you'd like to find out more about IPv6 compatibility of these or other products.
+
+## IPv6 best practices
+
+**Only expose a public IPv6 address when necessary**: Adding both IPv4 and IPv6 public addresses to your resource expands the potential attack surface, particularly in terms of the large address space of IPv6. As stated in our [dedicated documentation](/network/ipam/reference-content/public-connectivity-best-practices/), you should favor connectivity over Private Networks, and detach public IP addresses from resources unless strictly necessary.
+
+**Audit DNS and address exposure**: Regularly audit the DNS records and public IPv6 addresses associated with your resources to minimize exposure.
+
+**Implement IPv6-specific security measures**: Features such as [security groups](/compute/instances/concepts/#security-group) for Instances and [ACLs](/network/load-balancer/concepts/#acl) for Load Balancers allow you to filter traffic based on both IPv4 and IPv6 addresses. Ensure that such security measures are equally robust for both protocols.