[one-users] IP(v6) network enhancements

Ruben S. Montero rsmontero at opennebula.org
Wed Jan 29 09:25:38 PST 2014 

Hi Stefan

The IPv6 design in OpenNebula is basically designed to work with the
auto-configuration features of IPv6. An IPv6 capable host will always have
link-local addresses for all their interfaces. AFAIK you cannot disable
IPv6 stack per interface. So it really does not make sense to have one
interface for IPv4 and other for IPv6, as the IPv4 will also have the link
local addreses (plus the host multi-cast address).

About the generation of the host-id (the 64 lower bits) can be generated:
following the modified EUI-64, based on the IP, or by any other means
(usually random generation is accepted as a more secure option). But I see
this as part of the guest configuration and probably not for context
(although you could generate this through a context variable or using the
IPv4 address...)

So the ideal setup is to have a router in your virtual network advertising
the IPv6 network prefix (e.g. radvd or zebra) and then let the ICMPv6
protocol autoconfigure the interface. The addresses shown in OpenNebula are
supposed to match those obtained by the previous procedure (as long as the
prefix advertised is the one configured in the vnet).

Currently, the only way to add more IP addresses is to add more network
interfaces to the VM. Probably a nice feature could be a NIC of type
"alias" or "virtual" so you get the lease from the vnet, but not an
additional nic. The context script can simple "ip addr add" the IP from the
virtual NIC through context.

Probably, I am not fully getting your proposal...

Cheers

Ruben



On Mon, Jan 27, 2014 at 2:09 PM, Stefan Kooman <stefan at bit.nl> wrote:

> Hi List,
>
> While deploying some vm's with IPv4/IPv6 (dual stack) support I ran into
> some issues. I would like to be able to choose (switch "on" or "off")
> the use of IPv6 in a "dual stack" vnet, i.e. It's possible to enforce
> IPv4 address generation in a "IPv6" network but it's not possible (as
> far as I can see) to disable IPv6 in a IPv6/IPv4 network (dual stack as
> I call it).  I would like to avoid having two different vnet's, one for
> IPv6 and one for IPv4 just to be able to be able to provide vm's with:
> 1) IPv4 only, 2) IPv6 only, 3) two different interfaces, one for IPv4
> and one for IPv6. Of course there are ways to disable IPv6 on the vm
> itself (just not load ipv6 modules for example) but it would be cleaner
> to fix this with contextualization.
>
> With IPv4 vnet it's possible to choose an ip address. With IPv6 vnet
> it's automatically generated based on the mac-address. It's currently
> not possible to choose your IPv6 address. One common practice is to use
> "IPv4" address in "IPv6" address. Example: IPv4 192.0.2.33, IPv6
> 2001:db8:122:344:192:0:2:33 (note this is not truly mapping ipv4 into
> ipv6, as described in rfc4291).
>
> Some vm's need more that one IP(v4/v6) address. For example webservers
> handling multple SSL websites. Currently I can't create an ip "alias"
> for a virtual machine. A workaround would be to hold a lease and
> manually adding this ip to the vm. It would be nicer to have support for
> ip aliases. This feature would complement issue #1818 [1].
>
> If some of what I described above is already possible please point me
> the documentation.
>
> Gr. Stefan
>
> [1]: http://dev.opennebula.org/issues/1818
>
>
>
> --
> | BIT BV  http://www.bit.nl/        Kamer van Koophandel 09090351
> | GPG: 0xD14839C6                   +31 318 648 688 / info at bit.nl
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iF4EAREIAAYFAlLmWnMACgkQTyGgYdFIOcYP2AD/Y5o9+GTv0U+JO7sJKyz7d9s6
> lX16Uc1b2q5O0BfTuFIBAJp9lmu0EXtwXLtgI/ljm3VP8KstnGB+jRo3JivUo6R2
> =vBjL
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
> --
> <http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
> --
> Ruben S. Montero, PhD
> Project co-Lead and Chief Architect<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
> OpenNebula - Flexible Enterprise Cloud Made Simple
>  <http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
> www.OpenNebula.org | rsmontero at opennebula.org | @OpenNebula
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20140129/a7aa710f/attachment-0001.htm>

More information about the Users mailing list