Wido, consider me in. My main objective btw is to give users the possibility to run there VMs IPv6 only. The management layer is not such a biggy.
I am still reading up on those rfcs and all the links in them. On Tue, Dec 22, 2015 at 11:17 AM, Wido den Hollander <w...@widodh.nl> wrote: > > > On 12/22/2015 04:35 AM, Ian Rae wrote: > > Great to hear, next time I am happy to commit an engineer from CloudOps > to > > participate. We have done quite a bit of work around VPC and also need to > > solve for IPv6 soon. > > > > Thanks for sharing, great initiative/goal and I will make sure the > CloudOps > > team reviews and supports this. > > > > Great! The first challenge will be to get the core of ACS aware of IPv6. > Pass IP addresses is InetAddress instead of a String, etc, etc. > > I don't know if a very big team can work on this without very short > communication between the different people. > > But again, any help is appreciated! We need this to go in. > > Wido > > > On Friday, December 18, 2015, Wido den Hollander <w...@widodh.nl> wrote: > > > >> Hi, > >> > >> Yesterday we from PCextreme, Leaseweb and Schuberg Phillis sat down for > >> a IPv6 brainstorm session. > >> > >> We asked a good IPv6 consultant (Sander Steffann) to join us to help us > >> identify some glitches in our ideas. > >> > >> We had two ideas: > >> - > >> > >> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking > >> - > >> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+VPC+Router > >> > >> Overall, our ideas looked good, our main concern was security grouping. > >> How to prevent clients from spoofing and such. > >> > >> I updated the spec for the Basic Networking with those ideas. > >> > >> A few things worth noting: > >> - Link-Local traffic should be allowed for specific ICMPv6-only. No UDP > >> or TCP! > >> - A DUID can not be trusted. We need a tagger on the HV which adds the > >> MAC address as DHCPv6 option 37. > >> - SLAAC can not be used. DHCPv6+IA only > >> - We can assign multiple IPs and Prefixes via DHCPv6 > >> - ISC Kea seems very nice as a DHCPv6 server: http://kea.isc.org/wiki > >> > >> A few RFCs which might be worth reading: > >> - https://www.ietf.org/rfc/rfc4890.txt > >> - https://tools.ietf.org/html/rfc6939 > >> - https://tools.ietf.org/html/rfc4861 > >> > >> We will start to work on this, but the CloudStack core is still very, > >> very, very IPv4 minded and this will need a lot of refactoring. > >> > >> However, once you understand IPv6 better it is much more simple then > >> IPv4 imho. > >> > >> The end goal is that CloudStack can run on IPv6-only without ANY IPv4. > >> > >> What also resulted from this day: > >> - Basic Networking can probably be merged with Advanced Networking with > >> Direct Attached > >> - Isolated Networks are about the same as a VPC > >> - We might be able to ditch the SSVM in most situations > >> > >> Any way, enough work to do! > >> > >> Wido > >> > > > > > -- Daan
