You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Mohammad Aladwan (JIRA)" <ji...@apache.org> on 2016/06/06 14:42:21 UTC

[jira] [Commented] (CLOUDSTACK-9406) Enable IPv6 Link-Local in cloud0 interface in System VMs

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-9406?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15316573#comment-15316573 ] 

Mohammad Aladwan commented on CLOUDSTACK-9406:
----------------------------------------------

Dear all,

I don't know if this the right place, please if my question in another
section, redirect me.

i have question, whats the way protect ISO image in cloudstack from any
attack.

thanks

On Mon, Jun 6, 2016 at 3:35 PM, Wido den Hollander (JIRA) <ji...@apache.org>



> Enable IPv6 Link-Local in cloud0 interface in System VMs
> --------------------------------------------------------
>
>                 Key: CLOUDSTACK-9406
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9406
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: KVM, SystemVM
>            Reporter: Wido den Hollander
>              Labels: ipv6, link-local, systemvm
>
> Currently a 169.254.0.0/16 address is used for communication between the (KVM) hypervisor and a System VM.
> The address is provided through a socket to the SSVM on startup.
> This adds additional complexity since such an address needs to be recorded in the database.
> IPv6 provides the Link-Local address starting with fe80:: where it is calculated based on the MAC-address.
> This address could be used to communicate with the SSVM without any prior communication with it. The Hypervisor knows the MAC address of the SSVM and thus it knows which address the SSVM will obtain.
> On this address a provisioning daemon could run instead of the current 'patch via socket' scripts.
> Over this address the SSVM could even expose a complete REST-full API which can be used to talk to the SSVM.
> Using the IPv6 link-local address would be the first step to IPv6 in the SSVM.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)