[
https://issues.apache.org/jira/browse/CLOUDSTACK-676?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15840734#comment-15840734
]
ASF subversion and git services commented on CLOUDSTACK-676:
------------------------------------------------------------
Commit f10c8bfe0c99a762c2606459413a47219614e775 in cloudstack's branch
refs/heads/master from [~rajanik]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=f10c8bf ]
Merge pull request #1700 from wido/ipv6-basic-networking
CLOUDSTACK-9359: IPv6 for Basic NetworkingThis PR is a proposal for adding very
basic IPv6 to Basic Networking. The main goal of this PR is that the API
returns a valid IPv6 address over which the Instance is reachable.
The GUI will show the IPv6 address after deployment of the Instance.
If the table VLAN has a proper IPv6 CIDR configured the
DirectPodBasedNetworkGuru will calculate the IPv6 Address the Instance will
obtain using EUI-64 and SLAAC: https://tools.ietf.org/search/rfc4862
In this case the _vlan_ table contained:
<pre>mysql> select * from vlan \G
*************************** 1. row ***************************
id: 1
uuid: 90e0716c-5261-4992-bb9d-0afd3006f476
vlan_id: vlan://untagged
vlan_gateway: 172.16.0.1
vlan_netmask: 255.255.255.0
description: 172.16.0.10-172.16.0.250
vlan_type: DirectAttached
data_center_id: 1
network_id: 204
physical_network_id: 200
ip6_gateway: 2001:980:7936:112::1
ip6_cidr: 2001:980:7936:112::/64
ip6_range: NULL
removed: NULL
created: 2016-07-19 20:39:41
1 row in set (0.00 sec)
mysql></pre>
It will then log:
<pre>2016-10-04 11:42:44,998 DEBUG [c.c.n.g.DirectPodBasedNetworkGuru]
(Work-Job-Executor-1:ctx-1975ec54 job-186/job-187 ctx-0d967d88)
(logid:275c4961) Found IPv6 CIDR 2001:980:7936:112::/64 for VLAN 1
2016-10-04 11:42:45,009 INFO [c.c.n.g.DirectPodBasedNetworkGuru]
(Work-Job-Executor-1:ctx-1975ec54 job-186/job-187 ctx-0d967d88)
(logid:275c4961) Calculated IPv6 address 2001:980:7936:112:4ba:80ff:fe00:e9
using EUI-64 for NIC 6a05deab-b5d9-4116-80da-c94b48333e5e</pre>
The template has to be configured accordingly:
- No IPv6 Privacy Extensions
- Use SLAAC
- Follow RFC4862
This is also described in:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking
The next steps after this will be:
- Security Grouping to prevent IPv6 Address Spoofing
- Security Grouping to filter ICMP, UDP and TCP traffic
* pr/1700:
CLOUDSTACK-676: IPv6 In -and Egress filtering for Basic Networking
CLOUDSTACK-676: IPv6 Basic Security Grouping for KVM
CLOUDSTACK-9359: IPv6 for Basic Networking with KVM
Signed-off-by: Rajani Karuturi <rajani.karut...@accelerite.com>
> Firewall / ACL support for ipv6
> -------------------------------
>
> Key: CLOUDSTACK-676
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-676
> Project: CloudStack
> Issue Type: Sub-task
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Chiradeep Vittal
> Assignee: Wido den Hollander
> Fix For: Future
>
>
> An ability to specify a firewall / ACL rule set for a subnet which has
> instances with ipv6 addresses. The implementation can be at the VR level, at
> the hypervisor level or in an external firewall
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
