Hi, I've been thinking about this and apparently there is a big security problem with this idea, at least my colleagues from the network dept tell me so. If you want to use the router autoconfig thingy you must - as per current standards - use a /64 on the router interface and this way you expose yourself to a neighbour table attack - the neighbour table in avg cisco routers can hold tens of thousands of entries more or less, but it's still far from the trillions of addresses in a /64. This may seem far fetched but since 512k day, my colleagues don't want to take any more chances. :-) They recommend to use DHCPv6 instead with far smaller subnets, which of course complicates things quite a bit on the cloudstack side...
Any thoughts? Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "John Kinsella" <j...@stratosec.co> > To: dev@cloudstack.apache.org > Sent: Wednesday, 20 August, 2014 11:59:27 PM > Subject: Re: IPv6 ~ Basic Network > > Please do - we started tinkering with ipv6 ages ago, never got it to > production, tho. > > On Aug 20, 2014, at 3:48 PM, Nux! <n...@li.nux.ro> wrote: > > > Thanks Wido for the idea, then. :-) > > I'll gladly share it with you guys should I come up with something that > > works. > > > > Lucian > > > > -- > > Sent from the Delta quadrant using Borg technology! > > > > Nux! > > www.nux.ro > > > > > > ----- Original Message ----- > >> From: "Wido den Hollander" <w...@widodh.nl> > >> To: dev@cloudstack.apache.org > >> Sent: Wednesday, 20 August, 2014 9:36:48 PM > >> Subject: Re: IPv6 ~ Basic Network > >> > >> > >> > >> On 08/20/2014 10:07 PM, Nux! wrote: > >>> Wido, > >>> > >>> Can you share your code for this? > >>> > >> > >> Oh, I don't have any code. The setups I created have plain IPv6 without > >> any security grouping. > >> > >> My previous e-mail was just to illustrate what would be required. > >> > >> Wido > >> > >>> Cheers > >>> > >>> -- > >>> Sent from the Delta quadrant using Borg technology! > >>> > >>> Nux! > >>> www.nux.ro > >>> > >> > > >
