GitHub user wido opened a pull request:
https://github.com/apache/cloudstack/pull/1700
IPv6 for Basic Networking
This PR is a proposal for adding very basic IPv6 to Basic Networking. The
main goal of this PR is that the API returns a valid IPv6 address over which
the Instance is reachable.
The GUI will show the IPv6 address after deployment of the Instance.
If the table VLAN has a proper IPv6 CIDR configured the
DirectPodBasedNetworkGuru will calculate the IPv6 Address the Instance will
obtain using EUI-64 and SLAAC: https://tools.ietf.org/search/rfc4862
The template has to be configured accordingly:
- No IPv6 Privacy Extensions
- Use SLAAC
- Follow RFC4862
This is also described in:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
The next steps after this will be:
- Security Grouping to prevent IPv6 Address Spoofing
- Security Grouping to filter ICMP, UDP and TCP traffic
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/wido/cloudstack ipv6-basic-networking
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/cloudstack/pull/1700.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1700
----
commit c9acd61dea455663ff13a44dccee87f5eda56bd0
Author: Wido den Hollander <[email protected]>
Date: 2016-07-20T10:10:53Z
utils: IPv6 EUI-64 address calculator
When given a IPv6 subnet and a MAC-Address it will calculate the
EUI-64 IPv6 address used in SLAAC.
Signed-off-by: Wido den Hollander <[email protected]>
commit 74449d8e956514fa74532c8c9580619a11bbc943
Author: Wido den Hollander <[email protected]>
Date: 2016-07-21T08:45:36Z
utils: Calculate IPv6 Link-Local Address from MAC address
Util for calculating the Link-Local Address a host will obtain
using EUI-64 and the fe80::/64 subnet.
Signed-off-by: Wido den Hollander <[email protected]>
commit 01a34e299196ac00319a4500be8541901d46e68d
Author: Wido den Hollander <[email protected]>
Date: 2016-10-03T08:13:25Z
Calculate IPv6 address for Instance in DirectPodBasedNetworkGuru
EUI-64 is used here which calculates the address based on the CIDR and MAC
address. Duplicate addresses are not possible to due to the usage of EUI-64
which makes the code much more simple.
In Basic Networking the NIC of the Instance will have it's IPv6 details
configured in the NIC.
This way the API returns the information which can then be used by other
applications to directly talk IPv6 with the Instance.
Signed-off-by: Wido den Hollander <[email protected]>
commit 6ac4280c564bb088fbeefb099b66e5e10dd272f9
Author: Wido den Hollander <[email protected]>
Date: 2016-10-03T12:31:22Z
ipv6: Update NetworkTO to transfer IPv6 Address and CIDR to Hypervisors
This way the StartCommand for KVM contains all the required information
needed to program Security Groups in such a way that IPv6 Address spoofing
is not possible.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
