[
https://issues.apache.org/jira/browse/CLOUDSTACK-9359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15840729#comment-15840729
]
ASF subversion and git services commented on CLOUDSTACK-9359:
-------------------------------------------------------------
Commit c0e7766713b2631a167c2ceea7d42b574a5cd1b9 in cloudstack's branch
refs/heads/master from [~widodh]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=c0e7766 ]
CLOUDSTACK-9359: IPv6 for Basic Networking with KVM
This commit adds the initial functionality for IPv6 in Basic Networking.
When a valid IPv6 CIDR is configured for the POD/VLAN the
DirectPodBasedNetworkGuru
will use the EUI-64 calculation to calculate the IPv6 Address the Instance will
obtain.
For this it is required that the physical routers in the Layer 2 network
(POD/VLAN) send out
Router Advertisements with the same subnet as configured in CloudStack.
A example subnet could be 2001:db8::/64
Using radvd a Linux Router could send out Router Advertisements using this
configuration:
interface eth0
{
MinRtrAdvInterval 5;
MaxRtrAdvInterval 60;
AdvSendAdvert on;
AdvOtherConfigFlag off;
IgnoreIfMissing off;
prefix 2001:db8::/64 {
};
RDNSS 2001:db8:ffff::53 {
};
};
A Instance with MAC Address 06:7a:88:00:00:8b will obtain IPv6 address
2001:db8:100::47a:88ff:fe00:8b
Both Windows, Linux and FreeBSD use the same calculation for their IPv6
Addresses, this is specified
in RFC4862 (IPv6 Stateless Address Autoconfiguration).
Under Linux it is mandatory that IPv6 Privacy Extensions are disabled:
$ sysctl -w net.ipv6.conf.all.use_tempaddr=0
Windows should be configured to use the MAC Address as the identifier for the
EUI-64/SLAAC calculation.
$ netsh interface ipv6 set privacy state=disabled store=persistent
$ netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
The IPv6 address is stored in the 'nics' table and is then returned by the API
and will be shown in the UI.
Searching for a conflicting IPv6 Address it NOT required as each IPv6 address
is based on the MAC Address
of the Instance and therefor unique.
Security Grouping has not been implemented yet and will follow in a upcoming
commit.
Signed-off-by: Wido den Hollander <w...@widodh.nl>
> Return ip6address in Basic Networking
> -------------------------------------
>
> Key: CLOUDSTACK-9359
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9359
> Project: CloudStack
> Issue Type: Sub-task
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API, Management Server
> Environment: CloudStack Basic Networking
> Reporter: Wido den Hollander
> Assignee: Wido den Hollander
> Labels: api, basic-networking, ipv6
> Fix For: Future
>
>
> In Basic Networking Instances will obtain their IPv6 address using SLAAC
> (Stateless Autoconfiguration) as described in the Wiki:
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
> When a ip6cidr is configured and is a /64 we can calculate the IPv6 address
> an Instance will obtain.
> There is no need to store a IPv6 address in the database with the /64 subnet
> (ip6cidr) and the MAC address we can calculate the address using EUI-64:
> "A 64-bit interface identifier is most commonly derived from its 48-bit MAC
> address. A MAC address 00:0C:29:0C:47:D5 is turned into a 64-bit EUI-64 by
> inserting FF:FE in the middle: 00:0C:29:FF:FE:0C:47:D5. When this EUI-64 is
> used to form an IPv6 address it is modified:[1] the meaning of the
> Universal/Local bit (the 7th most significant bit of the EUI-64, starting
> from 1) is inverted, so that a 1 now means Universal. To create an IPv6
> address with the network prefix 2001:db8:1:2::/64 it yields the address
> 2001:db8:1:2:020c:29ff:fe0c:47d5 (with the underlined U/L (=Universal/Local)
> bit inverted to a 1, because the MAC address is universally unique)."
> The API should return this address in the ip6address field for a NIC in Basic
> Networking.
> End-Users can use this, but it can also be used internally by Security
> Grouping to program rules.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
