cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-9359) Return ip6address in Basic Networking
Date Fri, 27 Jan 2017 00:14:25 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15840735#comment-15840735
] 

ASF subversion and git services commented on CLOUDSTACK-9359:
-------------------------------------------------------------

Commit f10c8bfe0c99a762c2606459413a47219614e775 in cloudstack's branch refs/heads/master from
[~rajanik]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f10c8bf ]

Merge pull request #1700 from wido/ipv6-basic-networking

CLOUDSTACK-9359: IPv6 for Basic NetworkingThis PR is a proposal for adding very basic IPv6
to Basic Networking. The main goal of this PR is that the API returns a valid IPv6 address
over which the Instance is reachable.

The GUI will show the IPv6 address after deployment of the Instance.

![screenshot from 2016-10-03 16 34 56](https://cloud.githubusercontent.com/assets/326786/19070024/b06d2de6-8a29-11e6-8fe7-4902e2801ada.png)

If the table VLAN has a proper IPv6 CIDR configured the DirectPodBasedNetworkGuru will calculate
the IPv6 Address the Instance will obtain using EUI-64 and SLAAC: https://tools.ietf.org/search/rfc4862

In this case the _vlan_ table contained:

<pre>mysql> select * from vlan \G
*************************** 1. row ***************************
                 id: 1
               uuid: 90e0716c-5261-4992-bb9d-0afd3006f476
            vlan_id: vlan://untagged
       vlan_gateway: 172.16.0.1
       vlan_netmask: 255.255.255.0
        description: 172.16.0.10-172.16.0.250
          vlan_type: DirectAttached
     data_center_id: 1
         network_id: 204
physical_network_id: 200
        ip6_gateway: 2001:980:7936:112::1
           ip6_cidr: 2001:980:7936:112::/64
          ip6_range: NULL
            removed: NULL
            created: 2016-07-19 20:39:41
1 row in set (0.00 sec)

mysql></pre>

It will then log:

<pre>2016-10-04 11:42:44,998 DEBUG [c.c.n.g.DirectPodBasedNetworkGuru] (Work-Job-Executor-1:ctx-1975ec54
job-186/job-187 ctx-0d967d88) (logid:275c4961) Found IPv6 CIDR 2001:980:7936:112::/64 for
VLAN 1
2016-10-04 11:42:45,009 INFO  [c.c.n.g.DirectPodBasedNetworkGuru] (Work-Job-Executor-1:ctx-1975ec54
job-186/job-187 ctx-0d967d88) (logid:275c4961) Calculated IPv6 address 2001:980:7936:112:4ba:80ff:fe00:e9
using EUI-64 for NIC 6a05deab-b5d9-4116-80da-c94b48333e5e</pre>

The template has to be configured accordingly:
- No IPv6 Privacy Extensions
- Use SLAAC
- Follow RFC4862

This is also described in: https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking

The next steps after this will be:
- Security Grouping to prevent IPv6 Address Spoofing
- Security Grouping to filter ICMP, UDP and TCP traffic

* pr/1700:
  CLOUDSTACK-676: IPv6 In -and Egress filtering for Basic Networking
  CLOUDSTACK-676: IPv6 Basic Security Grouping for KVM
  CLOUDSTACK-9359: IPv6 for Basic Networking with KVM

Signed-off-by: Rajani Karuturi <rajani.karuturi@accelerite.com>


> Return ip6address in Basic Networking
> -------------------------------------
>
>                 Key: CLOUDSTACK-9359
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9359
>             Project: CloudStack
>          Issue Type: Sub-task
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API, Management Server
>         Environment: CloudStack Basic Networking
>            Reporter: Wido den Hollander
>            Assignee: Wido den Hollander
>              Labels: api, basic-networking, ipv6
>             Fix For: Future
>
>
> In Basic Networking Instances will obtain their IPv6 address using SLAAC (Stateless Autoconfiguration)
as described in the Wiki: https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
> When a ip6cidr is configured and is a /64 we can calculate the IPv6 address an Instance
will obtain.
> There is no need to store a IPv6 address in the database with the /64 subnet (ip6cidr)
and the MAC address we can calculate the address using EUI-64:
> "A 64-bit interface identifier is most commonly derived from its 48-bit MAC address.
A MAC address 00:0C:29:0C:47:D5 is turned into a 64-bit EUI-64 by inserting FF:FE in the middle:
00:0C:29:FF:FE:0C:47:D5. When this EUI-64 is used to form an IPv6 address it is modified:[1]
the meaning of the Universal/Local bit (the 7th most significant bit of the EUI-64, starting
from 1) is inverted, so that a 1 now means Universal. To create an IPv6 address with the network
prefix 2001:db8:1:2::/64 it yields the address 2001:db8:1:2:020c:29ff:fe0c:47d5 (with the
underlined U/L (=Universal/Local) bit inverted to a 1, because the MAC address is universally
unique)."
> The API should return this address in the ip6address field for a NIC in Basic Networking.
> End-Users can use this, but it can also be used internally by Security Grouping to program
rules.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message