Re: IPv6 in Basic Networking progress

2016-10-22 Thread Wido den Hollander 

> Op 19 oktober 2016 om 17:06 schreef Wido den Hollander :
> 
> 
> 
> > Op 4 oktober 2016 om 12:38 schreef Wido den Hollander :
> > 
> > 
> > I've submitted the code as a PR for the master branch: 
> > https://github.com/apache/cloudstack/pull/1700
> > 
> 
> While this PR is still open (reviews are welcome!) I'm working on the 
> Security Grouping and making progress there.
> 
> The code can be found here: 
> https://github.com/wido/cloudstack/commits/ipv6-basic-networking-secgroup
> 
> I'm currently focusing on Anti Spoofing and basic network security, not so 
> much opening individual UDP or TCP ports for Instances. It currently simply 
> allows all UDP and TCP traffic.

The opening of ports both ingress and egress now also seems to work and the 
code can be found here: 
https://github.com/wido/cloudstack/commits/ipv6-basic-networking-secgroup-ports

This now allows for full security grouping of IPv6 in Basic Networking, in my 
tests it works good!

One outstanding thing is the UI and it's JavaScript validator, but I'm lacking 
the JS skills to fix that.

I will wait for PR #1700 to be merged before sending in one PR for the security 
grouping which will hopefully be within 2 weeks.

Would be awesome if 4.10 or 4.11 would have IPv6 support for Basic Networking!

Next in line is having the SSVMs be IPv6 capabale.

Wido

> 
> Wido
> 
> > > Op 3 oktober 2016 om 20:43 schreef Wido den Hollander :
> > > 
> > > 
> > > Hi,
> > > 
> > > One of the things I'm really missing in CloudStack currently is IPv6 
> > > support in Basic Networking. Why? Our cloud at PCextreme runs on 
> > > CloudStack with Basic Networking and we currently do have IPv6 support, 
> > > but without the knowledge of CloudStack.
> > > 
> > > My goals are currently simple:
> > > - The API should return the IPv6 address of the Instance
> > > - Security Grouping should prevent IPv6 address spoofing
> > > 
> > > This is all on the Wiki: 
> > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
> > > 
> > > I didn't get to it due to a lack of time, but I gave it a try again this 
> > > weekend and today. With result!: 
> > > https://github.com/wido/cloudstack/commits/ipv6-basic-networking
> > > 
> > > The 'nics' table already has the ip6_address column and the API will 
> > > return this value when it is set. So what I did is modify the 
> > > DirectPodBasedNetworkGuru that it calculates the EUI-64 IPv6 address a 
> > > Instance will obtain using SLAAC.
> > > 
> > > In the network you have to make sure the routers (not the VR, physical 
> > > ones!) are sending our Router Advertisements with the same subnet as you 
> > > configured in CloudStack.
> > > 
> > > The code is actually very simple and it 'works': 
> > > https://widodh.o.auroraobjects.eu/cloudstack/ipv6-basic-networking-instance.png
> > > 
> > > The CloudStack code is very, very IPv4 orientated and has many flaws. It 
> > > passes IP-Addresses as Strings and such while native types like 
> > > InetAddress might be better, but that would be a major refactor which 
> > > will consume a lot of time. And honestly, I don't have the time.
> > > 
> > > As stated above our goals are currently simple. The API should return a 
> > > IPv6 Address so that after deployment anything consuming the API can 
> > > instantly connect to the Instance over IPv6.
> > > 
> > > Wido

Re: IPv6 in Basic Networking progress

2016-10-19 Thread Wido den Hollander 

> Op 4 oktober 2016 om 12:38 schreef Wido den Hollander :
> 
> 
> I've submitted the code as a PR for the master branch: 
> https://github.com/apache/cloudstack/pull/1700
> 

While this PR is still open (reviews are welcome!) I'm working on the Security 
Grouping and making progress there.

The code can be found here: 
https://github.com/wido/cloudstack/commits/ipv6-basic-networking-secgroup

I'm currently focusing on Anti Spoofing and basic network security, not so much 
opening individual UDP or TCP ports for Instances. It currently simply allows 
all UDP and TCP traffic.

Wido

> > Op 3 oktober 2016 om 20:43 schreef Wido den Hollander :
> > 
> > 
> > Hi,
> > 
> > One of the things I'm really missing in CloudStack currently is IPv6 
> > support in Basic Networking. Why? Our cloud at PCextreme runs on CloudStack 
> > with Basic Networking and we currently do have IPv6 support, but without 
> > the knowledge of CloudStack.
> > 
> > My goals are currently simple:
> > - The API should return the IPv6 address of the Instance
> > - Security Grouping should prevent IPv6 address spoofing
> > 
> > This is all on the Wiki: 
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
> > 
> > I didn't get to it due to a lack of time, but I gave it a try again this 
> > weekend and today. With result!: 
> > https://github.com/wido/cloudstack/commits/ipv6-basic-networking
> > 
> > The 'nics' table already has the ip6_address column and the API will return 
> > this value when it is set. So what I did is modify the 
> > DirectPodBasedNetworkGuru that it calculates the EUI-64 IPv6 address a 
> > Instance will obtain using SLAAC.
> > 
> > In the network you have to make sure the routers (not the VR, physical 
> > ones!) are sending our Router Advertisements with the same subnet as you 
> > configured in CloudStack.
> > 
> > The code is actually very simple and it 'works': 
> > https://widodh.o.auroraobjects.eu/cloudstack/ipv6-basic-networking-instance.png
> > 
> > The CloudStack code is very, very IPv4 orientated and has many flaws. It 
> > passes IP-Addresses as Strings and such while native types like InetAddress 
> > might be better, but that would be a major refactor which will consume a 
> > lot of time. And honestly, I don't have the time.
> > 
> > As stated above our goals are currently simple. The API should return a 
> > IPv6 Address so that after deployment anything consuming the API can 
> > instantly connect to the Instance over IPv6.
> > 
> > Wido

Re: IPv6 in Basic Networking progress

2016-10-04 Thread Wido den Hollander 
I've submitted the code as a PR for the master branch: 
https://github.com/apache/cloudstack/pull/1700

> Op 3 oktober 2016 om 20:43 schreef Wido den Hollander :
> 
> 
> Hi,
> 
> One of the things I'm really missing in CloudStack currently is IPv6 support 
> in Basic Networking. Why? Our cloud at PCextreme runs on CloudStack with 
> Basic Networking and we currently do have IPv6 support, but without the 
> knowledge of CloudStack.
> 
> My goals are currently simple:
> - The API should return the IPv6 address of the Instance
> - Security Grouping should prevent IPv6 address spoofing
> 
> This is all on the Wiki: 
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
> 
> I didn't get to it due to a lack of time, but I gave it a try again this 
> weekend and today. With result!: 
> https://github.com/wido/cloudstack/commits/ipv6-basic-networking
> 
> The 'nics' table already has the ip6_address column and the API will return 
> this value when it is set. So what I did is modify the 
> DirectPodBasedNetworkGuru that it calculates the EUI-64 IPv6 address a 
> Instance will obtain using SLAAC.
> 
> In the network you have to make sure the routers (not the VR, physical ones!) 
> are sending our Router Advertisements with the same subnet as you configured 
> in CloudStack.
> 
> The code is actually very simple and it 'works': 
> https://widodh.o.auroraobjects.eu/cloudstack/ipv6-basic-networking-instance.png
> 
> The CloudStack code is very, very IPv4 orientated and has many flaws. It 
> passes IP-Addresses as Strings and such while native types like InetAddress 
> might be better, but that would be a major refactor which will consume a lot 
> of time. And honestly, I don't have the time.
> 
> As stated above our goals are currently simple. The API should return a IPv6 
> Address so that after deployment anything consuming the API can instantly 
> connect to the Instance over IPv6.
> 
> Wido

IPv6 in Basic Networking progress

2016-10-03 Thread Wido den Hollander 
Hi,

One of the things I'm really missing in CloudStack currently is IPv6 support in 
Basic Networking. Why? Our cloud at PCextreme runs on CloudStack with Basic 
Networking and we currently do have IPv6 support, but without the knowledge of 
CloudStack.

My goals are currently simple:
- The API should return the IPv6 address of the Instance
- Security Grouping should prevent IPv6 address spoofing

This is all on the Wiki: 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking

I didn't get to it due to a lack of time, but I gave it a try again this 
weekend and today. With result!: 
https://github.com/wido/cloudstack/commits/ipv6-basic-networking

The 'nics' table already has the ip6_address column and the API will return 
this value when it is set. So what I did is modify the 
DirectPodBasedNetworkGuru that it calculates the EUI-64 IPv6 address a Instance 
will obtain using SLAAC.

In the network you have to make sure the routers (not the VR, physical ones!) 
are sending our Router Advertisements with the same subnet as you configured in 
CloudStack.

The code is actually very simple and it 'works': 
https://widodh.o.auroraobjects.eu/cloudstack/ipv6-basic-networking-instance.png

The CloudStack code is very, very IPv4 orientated and has many flaws. It passes 
IP-Addresses as Strings and such while native types like InetAddress might be 
better, but that would be a major refactor which will consume a lot of time. 
And honestly, I don't have the time.

As stated above our goals are currently simple. The API should return a IPv6 
Address so that after deployment anything consuming the API can instantly 
connect to the Instance over IPv6.

Wido