Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E6D1A18939 for ; Tue, 22 Dec 2015 10:18:20 +0000 (UTC) Received: (qmail 38116 invoked by uid 500); 22 Dec 2015 10:18:08 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 38048 invoked by uid 500); 22 Dec 2015 10:18:08 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 38027 invoked by uid 99); 22 Dec 2015 10:18:07 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Dec 2015 10:18:07 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 286A7C093C for ; Tue, 22 Dec 2015 10:18:07 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.001 X-Spam-Level: * X-Spam-Status: No, score=1.001 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id oXfevlFnN1ul for ; Tue, 22 Dec 2015 10:17:54 +0000 (UTC) Received: from smtp02.mail.pcextreme.nl (smtp02.mail.pcextreme.nl [109.72.87.139]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTP id 7F2EB2050F for ; Tue, 22 Dec 2015 10:17:53 +0000 (UTC) Received: from [IPv6:2a02:f6e:8052:0:8519:ae8c:aff0:87ea] (unknown [IPv6:2a02:f6e:8052:0:8519:ae8c:aff0:87ea]) by smtp02.mail.pcextreme.nl (Postfix) with ESMTPA id AFCC33FFA2 for ; Tue, 22 Dec 2015 11:17:51 +0100 (CET) Subject: Re: Results of a IPv6 brainstorm day To: dev@cloudstack.apache.org References: <56740CB0.70808@widodh.nl> From: Wido den Hollander Message-ID: <5679234F.7080506@widodh.nl> Date: Tue, 22 Dec 2015 11:17:51 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 12/22/2015 04:35 AM, Ian Rae wrote: > Great to hear, next time I am happy to commit an engineer from CloudOps to > participate. We have done quite a bit of work around VPC and also need to > solve for IPv6 soon. > > Thanks for sharing, great initiative/goal and I will make sure the CloudOps > team reviews and supports this. > Great! The first challenge will be to get the core of ACS aware of IPv6. Pass IP addresses is InetAddress instead of a String, etc, etc. I don't know if a very big team can work on this without very short communication between the different people. But again, any help is appreciated! We need this to go in. Wido > On Friday, December 18, 2015, Wido den Hollander wrote: > >> Hi, >> >> Yesterday we from PCextreme, Leaseweb and Schuberg Phillis sat down for >> a IPv6 brainstorm session. >> >> We asked a good IPv6 consultant (Sander Steffann) to join us to help us >> identify some glitches in our ideas. >> >> We had two ideas: >> - >> >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking >> - >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+VPC+Router >> >> Overall, our ideas looked good, our main concern was security grouping. >> How to prevent clients from spoofing and such. >> >> I updated the spec for the Basic Networking with those ideas. >> >> A few things worth noting: >> - Link-Local traffic should be allowed for specific ICMPv6-only. No UDP >> or TCP! >> - A DUID can not be trusted. We need a tagger on the HV which adds the >> MAC address as DHCPv6 option 37. >> - SLAAC can not be used. DHCPv6+IA only >> - We can assign multiple IPs and Prefixes via DHCPv6 >> - ISC Kea seems very nice as a DHCPv6 server: http://kea.isc.org/wiki >> >> A few RFCs which might be worth reading: >> - https://www.ietf.org/rfc/rfc4890.txt >> - https://tools.ietf.org/html/rfc6939 >> - https://tools.ietf.org/html/rfc4861 >> >> We will start to work on this, but the CloudStack core is still very, >> very, very IPv4 minded and this will need a lot of refactoring. >> >> However, once you understand IPv6 better it is much more simple then >> IPv4 imho. >> >> The end goal is that CloudStack can run on IPv6-only without ANY IPv4. >> >> What also resulted from this day: >> - Basic Networking can probably be merged with Advanced Networking with >> Direct Attached >> - Isolated Networks are about the same as a VPC >> - We might be able to ditch the SSVM in most situations >> >> Any way, enough work to do! >> >> Wido >> > >