On 12/22/2015 04:35 AM, Ian Rae wrote: > Great to hear, next time I am happy to commit an engineer from CloudOps to > participate. We have done quite a bit of work around VPC and also need to > solve for IPv6 soon. > > Thanks for sharing, great initiative/goal and I will make sure the CloudOps > team reviews and supports this. >
Great! The first challenge will be to get the core of ACS aware of IPv6. Pass IP addresses is InetAddress instead of a String, etc, etc. I don't know if a very big team can work on this without very short communication between the different people. But again, any help is appreciated! We need this to go in. Wido > On Friday, December 18, 2015, Wido den Hollander <w...@widodh.nl> wrote: > >> Hi, >> >> Yesterday we from PCextreme, Leaseweb and Schuberg Phillis sat down for >> a IPv6 brainstorm session. >> >> We asked a good IPv6 consultant (Sander Steffann) to join us to help us >> identify some glitches in our ideas. >> >> We had two ideas: >> - >> >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking >> - >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+VPC+Router >> >> Overall, our ideas looked good, our main concern was security grouping. >> How to prevent clients from spoofing and such. >> >> I updated the spec for the Basic Networking with those ideas. >> >> A few things worth noting: >> - Link-Local traffic should be allowed for specific ICMPv6-only. No UDP >> or TCP! >> - A DUID can not be trusted. We need a tagger on the HV which adds the >> MAC address as DHCPv6 option 37. >> - SLAAC can not be used. DHCPv6+IA only >> - We can assign multiple IPs and Prefixes via DHCPv6 >> - ISC Kea seems very nice as a DHCPv6 server: http://kea.isc.org/wiki >> >> A few RFCs which might be worth reading: >> - https://www.ietf.org/rfc/rfc4890.txt >> - https://tools.ietf.org/html/rfc6939 >> - https://tools.ietf.org/html/rfc4861 >> >> We will start to work on this, but the CloudStack core is still very, >> very, very IPv4 minded and this will need a lot of refactoring. >> >> However, once you understand IPv6 better it is much more simple then >> IPv4 imho. >> >> The end goal is that CloudStack can run on IPv6-only without ANY IPv4. >> >> What also resulted from this day: >> - Basic Networking can probably be merged with Advanced Networking with >> Direct Attached >> - Isolated Networks are about the same as a VPC >> - We might be able to ditch the SSVM in most situations >> >> Any way, enough work to do! >> >> Wido >> > >
