You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ra...@apache.org on 2017/01/27 00:13:44 UTC

[4/4] git commit: updated refs/heads/master to f10c8bf

Merge pull request #1700 from wido/ipv6-basic-networking

CLOUDSTACK-9359: IPv6 for Basic NetworkingThis PR is a proposal for adding very basic IPv6 to Basic Networking. The main goal of this PR is that the API returns a valid IPv6 address over which the Instance is reachable.

The GUI will show the IPv6 address after deployment of the Instance.

![screenshot from 2016-10-03 16 34 56](https://cloud.githubusercontent.com/assets/326786/19070024/b06d2de6-8a29-11e6-8fe7-4902e2801ada.png)

If the table VLAN has a proper IPv6 CIDR configured the DirectPodBasedNetworkGuru will calculate the IPv6 Address the Instance will obtain using EUI-64 and SLAAC: https://tools.ietf.org/search/rfc4862

In this case the _vlan_ table contained:

<pre>mysql> select * from vlan \G
*************************** 1. row ***************************
                 id: 1
               uuid: 90e0716c-5261-4992-bb9d-0afd3006f476
            vlan_id: vlan://untagged
       vlan_gateway: 172.16.0.1
       vlan_netmask: 255.255.255.0
        description: 172.16.0.10-172.16.0.250
          vlan_type: DirectAttached
     data_center_id: 1
         network_id: 204
physical_network_id: 200
        ip6_gateway: 2001:980:7936:112::1
           ip6_cidr: 2001:980:7936:112::/64
          ip6_range: NULL
            removed: NULL
            created: 2016-07-19 20:39:41
1 row in set (0.00 sec)

mysql></pre>

It will then log:

<pre>2016-10-04 11:42:44,998 DEBUG [c.c.n.g.DirectPodBasedNetworkGuru] (Work-Job-Executor-1:ctx-1975ec54 job-186/job-187 ctx-0d967d88) (logid:275c4961) Found IPv6 CIDR 2001:980:7936:112::/64 for VLAN 1
2016-10-04 11:42:45,009 INFO  [c.c.n.g.DirectPodBasedNetworkGuru] (Work-Job-Executor-1:ctx-1975ec54 job-186/job-187 ctx-0d967d88) (logid:275c4961) Calculated IPv6 address 2001:980:7936:112:4ba:80ff:fe00:e9 using EUI-64 for NIC 6a05deab-b5d9-4116-80da-c94b48333e5e</pre>

The template has to be configured accordingly:
- No IPv6 Privacy Extensions
- Use SLAAC
- Follow RFC4862

This is also described in: https://cwiki.apache.org/confluence/display/CLOUDSTACK/IPv6+in+Basic+Networking

The next steps after this will be:
- Security Grouping to prevent IPv6 Address Spoofing
- Security Grouping to filter ICMP, UDP and TCP traffic

* pr/1700:
  CLOUDSTACK-676: IPv6 In -and Egress filtering for Basic Networking
  CLOUDSTACK-676: IPv6 Basic Security Grouping for KVM
  CLOUDSTACK-9359: IPv6 for Basic Networking with KVM

Signed-off-by: Rajani Karuturi <ra...@accelerite.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f10c8bfe
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f10c8bfe
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f10c8bfe

Branch: refs/heads/master
Commit: f10c8bfe0c99a762c2606459413a47219614e775
Parents: 4721c53 115d6d5
Author: Rajani Karuturi <ra...@accelerite.com>
Authored: Fri Jan 27 05:42:44 2017 +0530
Committer: Rajani Karuturi <ra...@accelerite.com>
Committed: Fri Jan 27 05:42:44 2017 +0530

----------------------------------------------------------------------
 api/src/com/cloud/agent/api/to/NetworkTO.java   |  31 ++
 .../cloud/agent/api/SecurityGroupRulesCmd.java  |   7 +
 .../agent/api/SecurityGroupRulesCmdTest.java    |   3 +-
 debian/control                                  |   2 +-
 packaging/centos63/cloud.spec                   |   1 +
 packaging/centos7/cloud.spec                    |   1 +
 .../kvm/resource/LibvirtComputingResource.java  |   6 +-
 ...LibvirtSecurityGroupRulesCommandWrapper.java |   2 +-
 .../resource/LibvirtComputingResourceTest.java  |  11 +-
 .../xenbase/CitrixRequestWrapperTest.java       |   3 +-
 scripts/vm/network/security_group.py            | 323 ++++++++++++++-----
 .../cloud/hypervisor/HypervisorGuruBase.java    |   2 +
 .../network/guru/DirectPodBasedNetworkGuru.java | 104 +++---
 .../security/SecurityGroupManagerImpl.java      |   6 +-
 .../security/SecurityGroupManagerImpl2.java     |   2 +-
 ui/lib/jquery.validate.additional-methods.js    |   5 +-
 ui/scripts/network.js                           |   4 +-
 ui/scripts/sharedFunctions.js                   |  12 +-
 .../main/java/com/cloud/utils/net/NetUtils.java |  25 ++
 .../java/com/cloud/utils/net/NetUtilsTest.java  |  27 ++
 20 files changed, 439 insertions(+), 138 deletions(-)
----------------------------------------------------------------------