cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: Results of a IPv6 brainstorm day
Date Tue, 22 Dec 2015 10:30:45 GMT
Wido, consider me in. My main objective btw is to give users the
possibility to run there VMs IPv6 only. The management layer is not such a
biggy.

I am still reading up on those rfcs and all the links in them.

On Tue, Dec 22, 2015 at 11:17 AM, Wido den Hollander <wido@widodh.nl> wrote:

>
>
> On 12/22/2015 04:35 AM, Ian Rae wrote:
> > Great to hear, next time I am happy to commit an engineer from CloudOps
> to
> > participate. We have done quite a bit of work around VPC and also need to
> > solve for IPv6 soon.
> >
> > Thanks for sharing, great initiative/goal and I will make sure the
> CloudOps
> > team reviews and supports this.
> >
>
> Great! The first challenge will be to get the core of ACS aware of IPv6.
> Pass IP addresses is InetAddress instead of a String, etc, etc.
>
> I don't know if a very big team can work on this without very short
> communication between the different people.
>
> But again, any help is appreciated! We need this to go in.
>
> Wido
>
> > On Friday, December 18, 2015, Wido den Hollander <wido@widodh.nl> wrote:
> >
> >> Hi,
> >>
> >> Yesterday we from PCextreme, Leaseweb and Schuberg Phillis sat down for
> >> a IPv6 brainstorm session.
> >>
> >> We asked a good IPv6 consultant (Sander Steffann) to join us to help us
> >> identify some glitches in our ideas.
> >>
> >> We had two ideas:
> >> -
> >>
> >>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
> >> -
> >>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+VPC+Router
> >>
> >> Overall, our ideas looked good, our main concern was security grouping.
> >> How to prevent clients from spoofing and such.
> >>
> >> I updated the spec for the Basic Networking with those ideas.
> >>
> >> A few things worth noting:
> >> - Link-Local traffic should be allowed for specific ICMPv6-only. No UDP
> >> or TCP!
> >> - A DUID can not be trusted. We need a tagger on the HV which adds the
> >> MAC address as DHCPv6 option 37.
> >> - SLAAC can not be used. DHCPv6+IA only
> >> - We can assign multiple IPs and Prefixes via DHCPv6
> >> - ISC Kea seems very nice as a DHCPv6 server: http://kea.isc.org/wiki
> >>
> >> A few RFCs which might be worth reading:
> >> - https://www.ietf.org/rfc/rfc4890.txt
> >> - https://tools.ietf.org/html/rfc6939
> >> - https://tools.ietf.org/html/rfc4861
> >>
> >> We will start to work on this, but the CloudStack core is still very,
> >> very, very IPv4 minded and this will need a lot of refactoring.
> >>
> >> However, once you understand IPv6 better it is much more simple then
> >> IPv4 imho.
> >>
> >> The end goal is that CloudStack can run on IPv6-only without ANY IPv4.
> >>
> >> What also resulted from this day:
> >> - Basic Networking can probably be merged with Advanced Networking with
> >> Direct Attached
> >> - Isolated Networks are about the same as a VPC
> >> - We might be able to ditch the SSVM in most situations
> >>
> >> Any way, enough work to do!
> >>
> >> Wido
> >>
> >
> >
>



-- 
Daan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message