cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wido den Hollander <>
Subject Re: IPv6 in Basic Networking progress
Date Wed, 19 Oct 2016 15:06:40 GMT

> Op 4 oktober 2016 om 12:38 schreef Wido den Hollander <>:
> I've submitted the code as a PR for the master branch:

While this PR is still open (reviews are welcome!) I'm working on the Security Grouping and
making progress there.

The code can be found here:

I'm currently focusing on Anti Spoofing and basic network security, not so much opening individual
UDP or TCP ports for Instances. It currently simply allows all UDP and TCP traffic.


> > Op 3 oktober 2016 om 20:43 schreef Wido den Hollander <>:
> > 
> > 
> > Hi,
> > 
> > One of the things I'm really missing in CloudStack currently is IPv6 support in
Basic Networking. Why? Our cloud at PCextreme runs on CloudStack with Basic Networking and
we currently do have IPv6 support, but without the knowledge of CloudStack.
> > 
> > My goals are currently simple:
> > - The API should return the IPv6 address of the Instance
> > - Security Grouping should prevent IPv6 address spoofing
> > 
> > This is all on the Wiki:
> > 
> > I didn't get to it due to a lack of time, but I gave it a try again this weekend
and today. With result!:
> > 
> > The 'nics' table already has the ip6_address column and the API will return this
value when it is set. So what I did is modify the DirectPodBasedNetworkGuru that it calculates
the EUI-64 IPv6 address a Instance will obtain using SLAAC.
> > 
> > In the network you have to make sure the routers (not the VR, physical ones!) are
sending our Router Advertisements with the same subnet as you configured in CloudStack.
> > 
> > The code is actually very simple and it 'works':
> > 
> > The CloudStack code is very, very IPv4 orientated and has many flaws. It passes
IP-Addresses as Strings and such while native types like InetAddress might be better, but
that would be a major refactor which will consume a lot of time. And honestly, I don't have
the time.
> > 
> > As stated above our goals are currently simple. The API should return a IPv6 Address
so that after deployment anything consuming the API can instantly connect to the Instance
over IPv6.
> > 
> > Wido

View raw message