Re: [openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-20 Thread Shixiong Shang
Awesome! Seems like we reached agreement for not covering privacy extension at 
this moment. I am totally fine with that. To put closure on this subject, do 
you think we need to document it and provide user with work-around in case 
somebody asks for it in Juno release?

Shixiong




On May 16, 2014, at 3:29 PM, Robert Li (baoli)  wrote:

> Dane put some notes on the session??s ether pad  to support multiple 
> prefixes. Seem like this is really something that everyone want to support in 
> openstack.
> 
> ??Robert
> 
> On 5/16/14, 2:23 PM, "Martinx - ?`"  wrote:
> 
>> Precisely Anthony! We talked about this topic ("Non-NAT Floating IPv6") 
>> here, on the following thread:
>> 
>> --
>> [openstack-dev] [Neutron][IPv6] Idea: Floating IPv6 - "Without any kind of 
>> NAT":
>> http://lists.openstack.org/pipermail/openstack-dev/2014-February/026871.html
>> --
>> 
>> :-D
>> 
>> About IPv6 Privacy Extensions, well, if it is too hard to implement, I think 
>> that it can be postponed... And only the IPv6 self-generated by SLAAC and 
>> previously calculated by Neutron itself (based on Instance's MAC address), 
>> should be allowed to pass/work for now...
>> 
>> -
>>  Thiago
>> 
>> 
>> On 16 May 2014 12:12, Veiga, Anthony  wrote:
>>> I??ll take this one a step further.  I think one of the methods for getting 
>>> (non-NAT) floating IPs in IPv6 would be to push a new, extra address to the 
>>> same port.  Either by crafting an extra, unicast RA to the specific VM or 
>>> providing multiple IA_NA fields in the DHCPv6 transaction.  This would 
>>> require multiple addresses to be allowed on a single MAC.
>>> -Anthony
>>> 
>>> From: Martinx - ?`???? 
>>> Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
>>> 
>>> Date: Thursday, May 15, 2014 at 14:18 
>>> To: "OpenStack Development Mailing List (not for usage questions)" 
>>> 
>>> Subject: Re: [openstack-dev] [Neutron][IPv6] Privacy extension
>>> 
>>>> Hello!
>>>> 
>>>> I agree that there is no need for Privacy Extensions in a Cloud 
>>>> environment, since MAC address are fake... No big deal...
>>>> 
>>>> Nevertheless, I think that should be nice to allow 1 Instance to have more 
>>>> than 1 IPv6 addr, since IPv6 is (almost) virtually unlimited... This way, 
>>>> a VM with, for example, a range of IPv6s to it, can have a shared host 
>>>> environment when each website have its own IPv6 address (I prefer to use 
>>>> IP-Based virtualhosts on Apache, instead of Name-Based)...
>>>> 
>>>> Cheers!
>>>> Thiago
>>>> 
>>>> 
>>>> On 15 May 2014 14:22, Ian Wells  wrote:
>>>>> I was just about to respond to that in the session when we ran out of 
>>>>> time.  I would vote for simply insisting that VMs run without the privacy 
>>>>> extension enabled, and only permitting the expected ipv6 address based on 
>>>>> MAC.  Its primary purpose is to conceal your MAC address so that your IP 
>>>>> address can't be used to track you, as I understand it, and I don't think 
>>>>> that's as relevant in a cloud environment and where the MAC addresses are 
>>>>> basically fake.  Someone interested in desktop virtualisation with 
>>>>> Openstack may wish to contradict me...
>>>>> -- 
>>>>> Ian.
>>>>> 
>>>>> 
>>>>> On 15 May 2014 09:30, Shixiong Shang  
>>>>> wrote:
>>>>>> Hi, guys:
>>>>>> 
>>>>>> Nice to meet with all of you in the technical session and design 
>>>>>> session. I mentioned the challenge of privacy extension in the meeting, 
>>>>>> but would like to hear your opinions of how to address the problem. If 
>>>>>> you have any comments or suggestions, please let me know. I will create 
>>>>>> a BP for this problem.
>>>>>> 
>>>>>> Thanks!
>>>>>> 
>>>>>> Shixiong
>>>>>> 
>>>>>> 
>>>>>> Shixiong Shang
>>>>>> 
>>>>>> !--- Stay Hungry, Stay Foolish ---!
>>>>>> 
>>>>>> 
>>>>>> ___
>>>>>> OpenStack-dev mailing list
>>>>>> OpenStack-dev@lists.openstack.org
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>> 
>>>>> 
>>>>> 
>>>>> ___
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev@lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>> 
>>>> 
>>> 
>>> ___
>>> OpenStack-dev mailing list
>>> OpenStack-dev@lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> 
>> 
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



Shixiong Shang

!--- Stay Hungry, Stay Foolish ---!

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-16 Thread Robert Li (baoli)
Dane put some notes on the session’s ether pad  to support multiple prefixes. 
Seem like this is really something that everyone want to support in openstack.

―Robert

On 5/16/14, 2:23 PM, "Martinx - ジェ�`ムズ" 
mailto:thiagocmarti...@gmail.com>> wrote:

Precisely Anthony! We talked about this topic ("Non-NAT Floating IPv6") here, 
on the following thread:

--
[openstack-dev] [Neutron][IPv6] Idea: Floating IPv6 - "Without any kind of NAT":
http://lists.openstack.org/pipermail/openstack-dev/2014-February/026871.html
--

:-D

About IPv6 Privacy Extensions, well, if it is too hard to implement, I think 
that it can be postponed... And only the IPv6 self-generated by SLAAC and 
previously calculated by Neutron itself (based on Instance's MAC address), 
should be allowed to pass/work for now...

-
 Thiago


On 16 May 2014 12:12, Veiga, Anthony 
mailto:anthony_ve...@cable.comcast.com>> wrote:
I’ll take this one a step further.  I think one of the methods for getting 
(non-NAT) floating IPs in IPv6 would be to push a new, extra address to the 
same port.  Either by crafting an extra, unicast RA to the specific VM or 
providing multiple IA_NA fields in the DHCPv6 transaction.  This would require 
multiple addresses to be allowed on a single MAC.
-Anthony

From: Martinx - ジェ�`ムズ 
mailto:thiagocmarti...@gmail.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Date: Thursday, May 15, 2014 at 14:18
To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][IPv6] Privacy extension

Hello!

I agree that there is no need for Privacy Extensions in a Cloud environment, 
since MAC address are fake... No big deal...

Nevertheless, I think that should be nice to allow 1 Instance to have more than 
1 IPv6 addr, since IPv6 is (almost) virtually unlimited... This way, a VM with, 
for example, a range of IPv6s to it, can have a shared host environment when 
each website have its own IPv6 address (I prefer to use IP-Based virtualhosts 
on Apache, instead of Name-Based)...

Cheers!
Thiago


On 15 May 2014 14:22, Ian Wells 
mailto:ijw.ubu...@cack.org.uk>> wrote:
I was just about to respond to that in the session when we ran out of time.  I 
would vote for simply insisting that VMs run without the privacy extension 
enabled, and only permitting the expected ipv6 address based on MAC.  Its 
primary purpose is to conceal your MAC address so that your IP address can't be 
used to track you, as I understand it, and I don't think that's as relevant in 
a cloud environment and where the MAC addresses are basically fake.  Someone 
interested in desktop virtualisation with Openstack may wish to contradict me...
--
Ian.


On 15 May 2014 09:30, Shixiong Shang 
mailto:sparkofwisdom.cl...@gmail.com>> wrote:
Hi, guys:

Nice to meet with all of you in the technical session and design session. I 
mentioned the challenge of privacy extension in the meeting, but would like to 
hear your opinions of how to address the problem. If you have any comments or 
suggestions, please let me know. I will create a BP for this problem.

Thanks!

Shixiong


Shixiong Shang

!--- Stay Hungry, Stay Foolish ---!


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-16 Thread Martinx - ジェームズ
Precisely Anthony! We talked about this topic ("Non-NAT Floating IPv6")
here, on the following thread:

--
[openstack-dev] [Neutron][IPv6] Idea: Floating IPv6 - "Without any kind of
NAT":
http://lists.openstack.org/pipermail/openstack-dev/2014-February/026871.html
--

:-D

About IPv6 Privacy Extensions, well, if it is too hard to implement, I
think that it can be postponed... And only the IPv6 self-generated by SLAAC
and previously calculated by Neutron itself (based on Instance's MAC
address), should be allowed to pass/work for now...

-
 Thiago


On 16 May 2014 12:12, Veiga, Anthony wrote:

>  I’ll take this one a step further.  I think one of the methods for
> getting (non-NAT) floating IPs in IPv6 would be to push a new, extra
> address to the same port.  Either by crafting an extra, unicast RA to the
> specific VM or providing multiple IA_NA fields in the DHCPv6 transaction.
>  This would require multiple addresses to be allowed on a single MAC.
> -Anthony
>
>   From: Martinx - ジェームズ 
> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev@lists.openstack.org>
> Date: Thursday, May 15, 2014 at 14:18
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev@lists.openstack.org>
> Subject: Re: [openstack-dev] [Neutron][IPv6] Privacy extension
>
>   Hello!
>
>  I agree that there is no need for Privacy Extensions in a Cloud
> environment, since MAC address are fake... No big deal...
>
>  Nevertheless, I think that should be nice to allow 1 Instance to have
> more than 1 IPv6 addr, since IPv6 is (almost) virtually unlimited... This
> way, a VM with, for example, a range of IPv6s to it, can have a shared host
> environment when each website have its own IPv6 address (I prefer to use
> IP-Based virtualhosts on Apache, instead of Name-Based)...
>
>  Cheers!
> Thiago
>
>
> On 15 May 2014 14:22, Ian Wells  wrote:
>
>>  I was just about to respond to that in the session when we ran out of
>> time.  I would vote for simply insisting that VMs run without the privacy
>> extension enabled, and only permitting the expected ipv6 address based on
>> MAC.  Its primary purpose is to conceal your MAC address so that your IP
>> address can't be used to track you, as I understand it, and I don't think
>> that's as relevant in a cloud environment and where the MAC addresses are
>> basically fake.  Someone interested in desktop virtualisation with
>> Openstack may wish to contradict me...
>>  --
>>  Ian.
>>
>>
>>  On 15 May 2014 09:30, Shixiong Shang wrote:
>>
>>>  Hi, guys:
>>>
>>>  Nice to meet with all of you in the technical session and design
>>> session. I mentioned the challenge of privacy extension in the meeting, but
>>> would like to hear your opinions of how to address the problem. If you have
>>> any comments or suggestions, please let me know. I will create a BP for
>>> this problem.
>>>
>>>  Thanks!
>>>
>>>  Shixiong
>>>
>>>
>>>  *Shixiong Shang*
>>>
>>>  *!--- Stay Hungry, Stay Foolish ---!*
>>>
>>>
>>>  ___
>>> OpenStack-dev mailing list
>>> OpenStack-dev@lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-16 Thread Veiga, Anthony
I’ll take this one a step further.  I think one of the methods for getting 
(non-NAT) floating IPs in IPv6 would be to push a new, extra address to the 
same port.  Either by crafting an extra, unicast RA to the specific VM or 
providing multiple IA_NA fields in the DHCPv6 transaction.  This would require 
multiple addresses to be allowed on a single MAC.
-Anthony

From: Martinx - ジェームズ 
mailto:thiagocmarti...@gmail.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Date: Thursday, May 15, 2014 at 14:18
To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Neutron][IPv6] Privacy extension

Hello!

I agree that there is no need for Privacy Extensions in a Cloud environment, 
since MAC address are fake... No big deal...

Nevertheless, I think that should be nice to allow 1 Instance to have more than 
1 IPv6 addr, since IPv6 is (almost) virtually unlimited... This way, a VM with, 
for example, a range of IPv6s to it, can have a shared host environment when 
each website have its own IPv6 address (I prefer to use IP-Based virtualhosts 
on Apache, instead of Name-Based)...

Cheers!
Thiago


On 15 May 2014 14:22, Ian Wells 
mailto:ijw.ubu...@cack.org.uk>> wrote:
I was just about to respond to that in the session when we ran out of time.  I 
would vote for simply insisting that VMs run without the privacy extension 
enabled, and only permitting the expected ipv6 address based on MAC.  Its 
primary purpose is to conceal your MAC address so that your IP address can't be 
used to track you, as I understand it, and I don't think that's as relevant in 
a cloud environment and where the MAC addresses are basically fake.  Someone 
interested in desktop virtualisation with Openstack may wish to contradict me...
--
Ian.


On 15 May 2014 09:30, Shixiong Shang 
mailto:sparkofwisdom.cl...@gmail.com>> wrote:
Hi, guys:

Nice to meet with all of you in the technical session and design session. I 
mentioned the challenge of privacy extension in the meeting, but would like to 
hear your opinions of how to address the problem. If you have any comments or 
suggestions, please let me know. I will create a BP for this problem.

Thanks!

Shixiong


Shixiong Shang

!--- Stay Hungry, Stay Foolish ---!


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-15 Thread Martinx - ジェームズ
Hello!

I agree that there is no need for Privacy Extensions in a Cloud
environment, since MAC address are fake... No big deal...

Nevertheless, I think that should be nice to allow 1 Instance to have more
than 1 IPv6 addr, since IPv6 is (almost) virtually unlimited... This way, a
VM with, for example, a range of IPv6s to it, can have a shared host
environment when each website have its own IPv6 address (I prefer to use
IP-Based virtualhosts on Apache, instead of Name-Based)...

Cheers!
Thiago


On 15 May 2014 14:22, Ian Wells  wrote:

> I was just about to respond to that in the session when we ran out of
> time.  I would vote for simply insisting that VMs run without the privacy
> extension enabled, and only permitting the expected ipv6 address based on
> MAC.  Its primary purpose is to conceal your MAC address so that your IP
> address can't be used to track you, as I understand it, and I don't think
> that's as relevant in a cloud environment and where the MAC addresses are
> basically fake.  Someone interested in desktop virtualisation with
> Openstack may wish to contradict me...
> --
> Ian.
>
>
> On 15 May 2014 09:30, Shixiong Shang wrote:
>
>> Hi, guys:
>>
>> Nice to meet with all of you in the technical session and design session.
>> I mentioned the challenge of privacy extension in the meeting, but would
>> like to hear your opinions of how to address the problem. If you have any
>> comments or suggestions, please let me know. I will create a BP for this
>> problem.
>>
>> Thanks!
>>
>> Shixiong
>>
>>
>>  *Shixiong Shang*
>>
>>  *!--- Stay Hungry, Stay Foolish ---!*
>>
>>
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-15 Thread Ian Wells
I was just about to respond to that in the session when we ran out of
time.  I would vote for simply insisting that VMs run without the privacy
extension enabled, and only permitting the expected ipv6 address based on
MAC.  Its primary purpose is to conceal your MAC address so that your IP
address can't be used to track you, as I understand it, and I don't think
that's as relevant in a cloud environment and where the MAC addresses are
basically fake.  Someone interested in desktop virtualisation with
Openstack may wish to contradict me...
-- 
Ian.


On 15 May 2014 09:30, Shixiong Shang  wrote:

> Hi, guys:
>
> Nice to meet with all of you in the technical session and design session.
> I mentioned the challenge of privacy extension in the meeting, but would
> like to hear your opinions of how to address the problem. If you have any
> comments or suggestions, please let me know. I will create a BP for this
> problem.
>
> Thanks!
>
> Shixiong
>
>
>  *Shixiong Shang*
>
>  *!--- Stay Hungry, Stay Foolish ---!*
>
>
> ___
> OpenStack-dev mailing list
> OpenStack-dev@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


[openstack-dev] [Neutron][IPv6] Privacy extension

2014-05-15 Thread Shixiong Shang
Hi, guys:

Nice to meet with all of you in the technical session and design session. I 
mentioned the challenge of privacy extension in the meeting, but would like to 
hear your opinions of how to address the problem. If you have any comments or 
suggestions, please let me know. I will create a BP for this problem.

Thanks!

Shixiong


Shixiong Shang

!--- Stay Hungry, Stay Foolish ---!

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev