cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wido den Hollander <w...@widodh.nl>
Subject Re: Results of a IPv6 brainstorm day
Date Tue, 22 Dec 2015 10:17:51 GMT


On 12/22/2015 04:35 AM, Ian Rae wrote:
> Great to hear, next time I am happy to commit an engineer from CloudOps to
> participate. We have done quite a bit of work around VPC and also need to
> solve for IPv6 soon.
> 
> Thanks for sharing, great initiative/goal and I will make sure the CloudOps
> team reviews and supports this.
> 

Great! The first challenge will be to get the core of ACS aware of IPv6.
Pass IP addresses is InetAddress instead of a String, etc, etc.

I don't know if a very big team can work on this without very short
communication between the different people.

But again, any help is appreciated! We need this to go in.

Wido

> On Friday, December 18, 2015, Wido den Hollander <wido@widodh.nl> wrote:
> 
>> Hi,
>>
>> Yesterday we from PCextreme, Leaseweb and Schuberg Phillis sat down for
>> a IPv6 brainstorm session.
>>
>> We asked a good IPv6 consultant (Sander Steffann) to join us to help us
>> identify some glitches in our ideas.
>>
>> We had two ideas:
>> -
>>
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
>> -
>> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+VPC+Router
>>
>> Overall, our ideas looked good, our main concern was security grouping.
>> How to prevent clients from spoofing and such.
>>
>> I updated the spec for the Basic Networking with those ideas.
>>
>> A few things worth noting:
>> - Link-Local traffic should be allowed for specific ICMPv6-only. No UDP
>> or TCP!
>> - A DUID can not be trusted. We need a tagger on the HV which adds the
>> MAC address as DHCPv6 option 37.
>> - SLAAC can not be used. DHCPv6+IA only
>> - We can assign multiple IPs and Prefixes via DHCPv6
>> - ISC Kea seems very nice as a DHCPv6 server: http://kea.isc.org/wiki
>>
>> A few RFCs which might be worth reading:
>> - https://www.ietf.org/rfc/rfc4890.txt
>> - https://tools.ietf.org/html/rfc6939
>> - https://tools.ietf.org/html/rfc4861
>>
>> We will start to work on this, but the CloudStack core is still very,
>> very, very IPv4 minded and this will need a lot of refactoring.
>>
>> However, once you understand IPv6 better it is much more simple then
>> IPv4 imho.
>>
>> The end goal is that CloudStack can run on IPv6-only without ANY IPv4.
>>
>> What also resulted from this day:
>> - Basic Networking can probably be merged with Advanced Networking with
>> Direct Attached
>> - Isolated Networks are about the same as a VPC
>> - We might be able to ditch the SSVM in most situations
>>
>> Any way, enough work to do!
>>
>> Wido
>>
> 
> 

Mime
View raw message