On 08/20/2014 05:46 PM, Nux! wrote:
Hi,
Excuse my ignorance, but doesn't this mean that clients can "steal" each
other's IPv6 at will?
Yes, they can indeed.
Lack of IPv6 is probably my biggest complaint re basic/sg zones, but just using
router adv. seems like bad security, worse than not having IPv6 at all.
Thoughts?
Basic implementation would require 'locking' IPs to guest using
ip6tables with security_group.py under KVM.
With SLAAC you can calculate the IP the guest will use and set that in
the rules.
That way you can prevent hijacking addresses.
Wido
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
From: "Wido den Hollander" <w...@widodh.nl>
To: dev@cloudstack.apache.org
Sent: Tuesday, 19 August, 2014 8:27:14 PM
Subject: Re: IPv6 ~ Basic Network
On 08/19/2014 09:23 PM, Mo wrote:
Hello,
Is it possible to toss in an IPv6 subnet in a basic setup?
Yes. I'm doing so in a setup, but it goes outside CloudStack. Simply
configure your router to do Router Advertisements and your guests will
get a IPv6 address.
Be aware though, security groups do not apply and CloudStack has no
knowledge of IPv6 being present.
Wido
- Mo
