Re: [one-users] IP(v6) network enhancements

2014-02-20 Thread Ruben S. Montero 
Thanks Stefan. Now, It make sense. So:

1.- Added a new issue for the address generation:
http://dev.opennebula.org/issues/2740

2.- Extended the description of #1818 to include the "alias" functionality:
http://dev.opennebula.org/issues/1818

THANKS!

Ruben


On Mon, Feb 17, 2014 at 11:36 AM, Stefan Kooman  wrote:

> Quoting Ruben S. Montero (rsmont...@opennebula.org):
> > Hi Stefan
> >
> > The IPv6 design in OpenNebula is basically designed to work with the
> > auto-configuration features of IPv6. An IPv6 capable host will always
> > have link-local addresses for all their interfaces. AFAIK you cannot
> > disable IPv6 stack per interface.
> In linux you can do so quite easily:
>
> echo 1 > /proc/sys/net/ipv6/conf/$interface_name/disable_ipv6
>
> >So it really does not make sense to have one interface for IPv4 and
> >other for IPv6, as the IPv4 will also have the link local addreses
> >(plus the host multi-cast address).
> I agree with you that having seperate IPv4 and IPv6 interfaces
> (normally) doesn't make much sense. Quoting myself here:
>
> "3) two different interfaces, one for IPv4 and one for IPv6."
>
> I didn't make myself clear on that point. Just like you I would like to
> avoid having seperate IPv4 / IPv6 interfaces. But at present the only
> way to provision a (contextualized) vm with or without IPv6 is to give
> it an interface in a "IPv4 only" network or a "IPv6" network. If you
> would like to combine "IPv4 and IPv6" in one vnet (dual-stack) and
> ENFORCE_IPV4, a vm will always get an IPv6 address. There's currently no
> way to disable that. The thing I would like to propose is the defintion
> of a "dual-stack" network with the following attributes: ENABLE_IP,
> ENABLE_IP6, ENABLE_DUALSTACK, actually funtioning as "switches".
> >
> > About the generation of the host-id (the 64 lower bits) can be
> > generated: following the modified EUI-64, based on the IP, or by any
> > other means (usually random generation is accepted as a more secure
> > option). But I see this as part of the guest configuration and
> > probably not for context (although you could generate this through a
> > context variable or using the IPv4 address...)
>
> Yeah, this whole IPv4 / IPv6 enable/disable thing can also be handled
> through contextualization. We could change the behaviour based on some
> template attributes and fix networking at startup.
> >
> > So the ideal setup is to have a router in your virtual network
> > advertising the IPv6 network prefix (e.g. radvd or zebra) and then let
> > the ICMPv6 protocol autoconfigure the interface. The addresses shown
> > in OpenNebula are supposed to match those obtained by the previous
> > procedure (as long as the prefix advertised is the one configured in
> > the vnet).
>
> The downside of having RA's in your network is that vm's that only
> need/want IPv4 (for whatever reason) have to be adjusted beforehand not
> to do anything with IPv6 autoconfiguration. On the other hand, if your
> using VRRPV6, because of network redundancy, routers are obliged to sent
> them (RA's) and also have to respond to RS requests (RFC 5798) [1].
> >
> > Currently, the only way to add more IP addresses is to add more
> > network interfaces to the VM. Probably a nice feature could be a NIC
> > of type "alias" or "virtual" so you get the lease from the vnet, but
> > not an additional nic. The context script can simple "ip addr add" the
> > IP from the virtual NIC through context.
>
> Exactly, having a "alias" possibility would be nice. Escpecially if you
> would like to have all ip administration consistent in OpenNebula. You
> wouldb able to can query the template for IP info and match that to
> other ip administration (i.e. reverse dns entries) for consistency
> checks. This "alias" feature might overlap / complement [2].
>
> >
> > Probably, I am not fully getting your proposal...
> Does it make more sense now?
>
> Gr. Stefan
>
> [1]: http://tools.ietf.org/search/rfc5798#section-6.4.3
> [2]: http://dev.opennebula.org/issues/1818
>
> --
> | BIT BV  http://www.bit.nl/Kamer van Koophandel 09090351
> | GPG: 0xD14839C6   +31 318 648 688 / i...@bit.nl
>



-- 
-- 
Ruben S. Montero, PhD
Project co-Lead and Chief Architect
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] IP(v6) network enhancements

2014-02-17 Thread Stefan Kooman 
Quoting Ruben S. Montero (rsmont...@opennebula.org):
> Hi Stefan
> 
> The IPv6 design in OpenNebula is basically designed to work with the
> auto-configuration features of IPv6. An IPv6 capable host will always
> have link-local addresses for all their interfaces. AFAIK you cannot
> disable IPv6 stack per interface.
In linux you can do so quite easily:

echo 1 > /proc/sys/net/ipv6/conf/$interface_name/disable_ipv6

>So it really does not make sense to have one interface for IPv4 and
>other for IPv6, as the IPv4 will also have the link local addreses
>(plus the host multi-cast address).
I agree with you that having seperate IPv4 and IPv6 interfaces
(normally) doesn't make much sense. Quoting myself here:

"3) two different interfaces, one for IPv4 and one for IPv6."

I didn't make myself clear on that point. Just like you I would like to
avoid having seperate IPv4 / IPv6 interfaces. But at present the only
way to provision a (contextualized) vm with or without IPv6 is to give
it an interface in a "IPv4 only" network or a "IPv6" network. If you
would like to combine "IPv4 and IPv6" in one vnet (dual-stack) and
ENFORCE_IPV4, a vm will always get an IPv6 address. There's currently no
way to disable that. The thing I would like to propose is the defintion
of a "dual-stack" network with the following attributes: ENABLE_IP,
ENABLE_IP6, ENABLE_DUALSTACK, actually funtioning as "switches".
> 
> About the generation of the host-id (the 64 lower bits) can be
> generated: following the modified EUI-64, based on the IP, or by any
> other means (usually random generation is accepted as a more secure
> option). But I see this as part of the guest configuration and
> probably not for context (although you could generate this through a
> context variable or using the IPv4 address...)

Yeah, this whole IPv4 / IPv6 enable/disable thing can also be handled
through contextualization. We could change the behaviour based on some
template attributes and fix networking at startup.
> 
> So the ideal setup is to have a router in your virtual network
> advertising the IPv6 network prefix (e.g. radvd or zebra) and then let
> the ICMPv6 protocol autoconfigure the interface. The addresses shown
> in OpenNebula are supposed to match those obtained by the previous
> procedure (as long as the prefix advertised is the one configured in
> the vnet).

The downside of having RA's in your network is that vm's that only
need/want IPv4 (for whatever reason) have to be adjusted beforehand not
to do anything with IPv6 autoconfiguration. On the other hand, if your
using VRRPV6, because of network redundancy, routers are obliged to sent
them (RA's) and also have to respond to RS requests (RFC 5798) [1].
> 
> Currently, the only way to add more IP addresses is to add more
> network interfaces to the VM. Probably a nice feature could be a NIC
> of type "alias" or "virtual" so you get the lease from the vnet, but
> not an additional nic. The context script can simple "ip addr add" the
> IP from the virtual NIC through context.

Exactly, having a "alias" possibility would be nice. Escpecially if you
would like to have all ip administration consistent in OpenNebula. You
wouldb able to can query the template for IP info and match that to
other ip administration (i.e. reverse dns entries) for consistency
checks. This "alias" feature might overlap / complement [2].

> 
> Probably, I am not fully getting your proposal...
Does it make more sense now?

Gr. Stefan

[1]: http://tools.ietf.org/search/rfc5798#section-6.4.3
[2]: http://dev.opennebula.org/issues/1818

-- 
| BIT BV  http://www.bit.nl/Kamer van Koophandel 09090351
| GPG: 0xD14839C6   +31 318 648 688 / i...@bit.nl
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

Re: [one-users] IP(v6) network enhancements

2014-01-29 Thread Ruben S. Montero 
Hi Stefan

The IPv6 design in OpenNebula is basically designed to work with the
auto-configuration features of IPv6. An IPv6 capable host will always have
link-local addresses for all their interfaces. AFAIK you cannot disable
IPv6 stack per interface. So it really does not make sense to have one
interface for IPv4 and other for IPv6, as the IPv4 will also have the link
local addreses (plus the host multi-cast address).

About the generation of the host-id (the 64 lower bits) can be generated:
following the modified EUI-64, based on the IP, or by any other means
(usually random generation is accepted as a more secure option). But I see
this as part of the guest configuration and probably not for context
(although you could generate this through a context variable or using the
IPv4 address...)

So the ideal setup is to have a router in your virtual network advertising
the IPv6 network prefix (e.g. radvd or zebra) and then let the ICMPv6
protocol autoconfigure the interface. The addresses shown in OpenNebula are
supposed to match those obtained by the previous procedure (as long as the
prefix advertised is the one configured in the vnet).

Currently, the only way to add more IP addresses is to add more network
interfaces to the VM. Probably a nice feature could be a NIC of type
"alias" or "virtual" so you get the lease from the vnet, but not an
additional nic. The context script can simple "ip addr add" the IP from the
virtual NIC through context.

Probably, I am not fully getting your proposal...

Cheers

Ruben



On Mon, Jan 27, 2014 at 2:09 PM, Stefan Kooman  wrote:

> Hi List,
>
> While deploying some vm's with IPv4/IPv6 (dual stack) support I ran into
> some issues. I would like to be able to choose (switch "on" or "off")
> the use of IPv6 in a "dual stack" vnet, i.e. It's possible to enforce
> IPv4 address generation in a "IPv6" network but it's not possible (as
> far as I can see) to disable IPv6 in a IPv6/IPv4 network (dual stack as
> I call it).  I would like to avoid having two different vnet's, one for
> IPv6 and one for IPv4 just to be able to be able to provide vm's with:
> 1) IPv4 only, 2) IPv6 only, 3) two different interfaces, one for IPv4
> and one for IPv6. Of course there are ways to disable IPv6 on the vm
> itself (just not load ipv6 modules for example) but it would be cleaner
> to fix this with contextualization.
>
> With IPv4 vnet it's possible to choose an ip address. With IPv6 vnet
> it's automatically generated based on the mac-address. It's currently
> not possible to choose your IPv6 address. One common practice is to use
> "IPv4" address in "IPv6" address. Example: IPv4 192.0.2.33, IPv6
> 2001:db8:122:344:192:0:2:33 (note this is not truly mapping ipv4 into
> ipv6, as described in rfc4291).
>
> Some vm's need more that one IP(v4/v6) address. For example webservers
> handling multple SSL websites. Currently I can't create an ip "alias"
> for a virtual machine. A workaround would be to hold a lease and
> manually adding this ip to the vm. It would be nicer to have support for
> ip aliases. This feature would complement issue #1818 [1].
>
> If some of what I described above is already possible please point me
> the documentation.
>
> Gr. Stefan
>
> [1]: http://dev.opennebula.org/issues/1818
>
>
>
> --
> | BIT BV  http://www.bit.nl/Kamer van Koophandel 09090351
> | GPG: 0xD14839C6   +31 318 648 688 / i...@bit.nl
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iF4EAREIAAYFAlLmWnMACgkQTyGgYdFIOcYP2AD/Y5o9+GTv0U+JO7sJKyz7d9s6
> lX16Uc1b2q5O0BfTuFIBAJp9lmu0EXtwXLtgI/ljm3VP8KstnGB+jRo3JivUo6R2
> =vBjL
> -END PGP SIGNATURE-
>
> ___
> Users mailing list
> Users@lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
> --
> 
> --
> Ruben S. Montero, PhD
> Project co-Lead and Chief 
> Architect
> OpenNebula - Flexible Enterprise Cloud Made Simple
>  
> www.OpenNebula.org | rsmont...@opennebula.org | @OpenNebula
>
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org

[one-users] IP(v6) network enhancements

2014-01-27 Thread Stefan Kooman 
Hi List,

While deploying some vm's with IPv4/IPv6 (dual stack) support I ran into
some issues. I would like to be able to choose (switch "on" or "off")
the use of IPv6 in a "dual stack" vnet, i.e. It's possible to enforce
IPv4 address generation in a "IPv6" network but it's not possible (as
far as I can see) to disable IPv6 in a IPv6/IPv4 network (dual stack as
I call it).  I would like to avoid having two different vnet's, one for
IPv6 and one for IPv4 just to be able to be able to provide vm's with:
1) IPv4 only, 2) IPv6 only, 3) two different interfaces, one for IPv4
and one for IPv6. Of course there are ways to disable IPv6 on the vm
itself (just not load ipv6 modules for example) but it would be cleaner
to fix this with contextualization.

With IPv4 vnet it's possible to choose an ip address. With IPv6 vnet
it's automatically generated based on the mac-address. It's currently
not possible to choose your IPv6 address. One common practice is to use
"IPv4" address in "IPv6" address. Example: IPv4 192.0.2.33, IPv6
2001:db8:122:344:192:0:2:33 (note this is not truly mapping ipv4 into
ipv6, as described in rfc4291). 

Some vm's need more that one IP(v4/v6) address. For example webservers
handling multple SSL websites. Currently I can't create an ip "alias"
for a virtual machine. A workaround would be to hold a lease and
manually adding this ip to the vm. It would be nicer to have support for
ip aliases. This feature would complement issue #1818 [1].

If some of what I described above is already possible please point me
the documentation.

Gr. Stefan

[1]: http://dev.opennebula.org/issues/1818



-- 
| BIT BV  http://www.bit.nl/Kamer van Koophandel 09090351
| GPG: 0xD14839C6   +31 318 648 688 / i...@bit.nl


signature.asc
Description: Digital signature
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org