Re: RE: IPV6 in Isolated/VPC networks

Hi, One example why loosely implemented BGP on VR could lead to tsunami of problems. Why I’m proposing to do IPv6 without using BGP. Zebra/Quagga/FRR over BGP will advertise all local routing table to peer. All content of ip route. Usually there are some BGP filters in place to protect from comm

[GitHub] [cloudstack-documentation] shwstppr opened a new pull request #231: network: note on shared networks with IPv6

shwstppr opened a new pull request #231: URL: https://github.com/apache/cloudstack-documentation/pull/231 Shared networks with IPv6 only cannot work. NPE is observed with MAC address of VM's NIC when a VM is deployed or added to such networks. ``` TransactionCallbackWithException

[GitHub] [cloudstack-documentation] shwstppr commented on pull request #230: trusty is in official docs and it is deprecated

shwstppr commented on pull request #230: URL: https://github.com/apache/cloudstack-documentation/pull/230#issuecomment-880531384 @abdelouahabb conflicts here -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL ab

[GitHub] [cloudstack-documentation] shwstppr commented on pull request #231: network: note on shared networks with IPv6

shwstppr commented on pull request #231: URL: https://github.com/apache/cloudstack-documentation/pull/231#issuecomment-880531503 @blueorangutan docbuild -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above t

[GitHub] [cloudstack-documentation] blueorangutan commented on pull request #231: network: note on shared networks with IPv6

blueorangutan commented on pull request #231: URL: https://github.com/apache/cloudstack-documentation/pull/231#issuecomment-880531834 @shwstppr a Jenkins job has been kicked to build the document. I'll keep you posted as I make progress. -- This is an automated message from the Apache G

[GitHub] [cloudstack-documentation] blueorangutan commented on pull request #231: network: note on shared networks with IPv6

blueorangutan commented on pull request #231: URL: https://github.com/apache/cloudstack-documentation/pull/231#issuecomment-880532844 Doc build preview: http://qa.cloudstack.cloud/docs/WIP-PROOFING/pr/231. (SL-JID 112) -- This is an automated message from the Apache Git Service. To resp

Re: IPV6 in Isolated/VPC networks

Op 14-07-2021 om 16:44 schreef Hean Seng: Hi I replied in another thread, i think do not need implement BGP or OSPF, that would be complicated . We only need assign  IPv6 's /64 prefix to Virtual Router (VR) in NAT zone, and the VR responsible to deliver single IPv6 to VM via DHCP6. In

Re: IPV6 in Isolated/VPC networks

Hi Wido, Can you explain why “DHCPv6 as much as possible as that's not really the intended use-case” it’s not intended use-case? On 2021/07/15 09:31:26, Wido den Hollander wrote: > > > Op 14-07-2021 om 16:44 schreef Hean Seng: > > Hi > > > > I replied in another thread, i think do not need

Re: IPV6 in Isolated/VPC networks

Or explain like this : 1) Cloudstack generate list of /64 subnet from /48 that Network admin assigned to Cloudstack 2) Cloudsack allocated the subnet (that generated from step1) to Virtual Router, one Virtual Router have one subniet /64 3) Virtual Router allocate single IPv6 (within the range of /

Re: IPV6 in Isolated/VPC networks

Hi Wido, I think the /48 is at physical router as gateway , and subnet of /64 at VR of Cloudstack. Cloudstack only keep which /48 prefix and vlan information of this /48 to be later split the /64. to VR. And the instances is getting singe IPv6 of /64 IP. The VR is getting /64. The default

Re: IPV6 in Isolated/VPC networks

Hi Hean, You still need to create route on L3 SW that will point /64 VM On 2021/07/15 10:39:13, Hean Seng wrote: > Or explain like this : > > 1) Cloudstack generate list of /64 subnet from /48 that Network admin > assigned to Cloudstack > 2) Cloudsack allocated the subnet (that generated from

Security groups support in advanced zone

Hi all, We are investigating security groups support in Advanced zones. it would be nice to get your feedback. Some background knowledge: (1) there are 3 types of zones in cloudstack: Basic, Advanced, Advanced with Security groups (support KVM and Xenserver. vmware is not supported) (2) Admins ca

Re: [PROPOSE] RM for CloudStack Kubernetes Provider v1.0

+1 From: David Jumani Sent: Thursday, July 15, 2021 1:31 AM To: users ; dev@cloudstack.apache.org Subject: [PROPOSE] RM for CloudStack Kubernetes Provider v1.0 Hi, I'd like to put myself forward as the release manager for CloudStack Kubernetes Provider

Re: IPV6 in Isolated/VPC networks

But you still need routing. See the attached PNG (and draw.io XML). You need to route the /48 subnet TO the VR which can then route it to the Virtual Networks behind the VR. There is no other way then routing with either BGP or a Static route. Wido Op 15-07-2021 om 12:39 schreef Hean Seng:

Re: IPV6 in Isolated/VPC networks

Op 14-07-2021 om 14:59 schreef Alex Mattioli: Hi Kristaps, Thanks for the nice schematic, pretty much where we were going. I just didn't understand your first statement " I would like to argue that implementer dynamic routing protocol and associated security problems/challenges with it to h

Re: IPV6 in Isolated/VPC networks

Hi Wido, What is benefit of using Route Advertisement on internal VR networks? In drawing VR is in VPC mode how it will work for isolated network where external link/ip is not assigned initially? On 2021/07/15 14:47:24, Wido den Hollander wrote: > But you still need routing. See the attache

Re: IPV6 in Isolated/VPC networks

Op 15-07-2021 om 17:05 schreef Kristaps Cudars: Hi Wido, What is benefit of using Route Advertisement on internal VR networks? The VMs need the Router Advertisement to learn their default gateway. That's the only way with IPv6. The RA also contains the prefix (/64) which the VMs can use

Re: [PROPOSE] RM for CloudStack Kubernetes Provider v1.0

+1 Good luck David! Regards, Suresh On 15/07/21, 12:02 PM, "David Jumani" wrote: Hi, I'd like to put myself forward as the release manager for CloudStack Kubernetes Provider v1.0. This will be the first release of Cloud

Re: IPV6 in Isolated/VPC networks

Hi Wido, ACS must know what ip`s it should assignee for external and internal networks on VR isolated and vpc. ACS will know external IP of VR and it will also know subnet or subnets that has been assigned. From this you can form route. This information can be exposed by ACS api. IT can be use

Question about SolidFire plugin with KVM hypervisor

Hi all, Is there someone of you who uses the CS 4.15.1.0 or latest with SolidFire primary storage over a KVM hypervisor? If there is someone, is it possible to share the volumes' format in the DB? Probably more questions will appear after this :) Best regards, Slavka

Re: IPV6 in Isolated/VPC networks

Hi Wido, DHCPv6 is not an option? It enables feature parity between IPv4 and IPv6 in context of VR. Or there are some advantages in RA and SLAAC? On 2021/07/15 15:10:38, Wido den Hollander wrote: > > > Op 15-07-2021 om 17:05 schreef Kristaps Cudars: > > Hi Wido, > > > > What is benefit of

Re: IPV6 in Isolated/VPC networks

Hi Wido, My initial thought is not like this, it is the /48 at ISP router, and /64 subnet assign to AdvanceZoneVR, AdvanceZoneVR responsible is distribule IPv6 ip (from the assigned /64 sunet) to VM, and not routing the traffic, in the VM that get the IPv6 IP will default route to ISP router