Wiki

User Tools

Site Tools

Trace: minutes_20150313
ipv6_opnfv_project:minutes_20150313

Minutes of IPv6 Project Meeting on March 13, 2015

  • Date and Time: UTC 15:00, Friday March 13, 2015
  • Convenor: Bin Hu (AT&T)
  • Participants:
    • Al Morton (AT&T)
    • Hui Deng (China Mobile)
    • Iben Rodriguez (Spirent)
    • Jonne Soininen (Nokia)
    • Manuel Rebellon (Sandvine)
    • Mark Medina (ClearPath)
    • Sridhar Gaddam (RedHat)
  • Admin Update

None

  • Review of Action Items
    • Looking into IPv6 First-Hop Security, and use cases of Static IPv6 and Sub-delegation

Both Jonne and Bin looked into Cisco's article IPv6 First-Hop Security. Both felt that this is a good article about the potential threats/concerns at the first-hop of IPv6 infrastructure. We need to have a deep dive of their solution and guidelines to decide whether or not we need to this feature.

Jonne got the action to further look into the need of IPv6 First-Hop security feature.

Sridhar shared a bug report and a set of patches with regard to ARP spoofing. Sridhar got an action of further looking into those patches, and will report his findings of how well IPv6 First-Hop Security can be addressed in those patches, and if there is any gaps.

  • Revision of PoC 1 design - dual stack, terminology change and 2 diagrams

Mark updated the terminology in the diagram. The others are work in progress, and will give further update next week.

  • Anti-spoofing workaround - Mark, Sridhar and Iben

Sridhar shared his findings in mailing list. The conclusion is that because of the anti-spoofing rule, we will not be able to run a router (i.e., forwarding use-case) inside the VM. In-order to support this requirement, we would need the port-security extension proposed for kilo.

The group discussed alternatives. The consensus is that we may need a small patch for Neutron to disable the anti-spoofing rule in Juno in order to achieve a successful demo. Sridhar got an action to provide this patch.

  • Next Steps / New Actions
    • Looking into IPv6 First-Hop Security, and use cases of Static IPv6 and Sub-delegation
      • Jonne does a deep-dive and further looks into the need of IPv6 First-Hop Security feature
      • Sridhar looks into how well IPv6 First-Hop Security can be addressed in patches, and if there is any gaps
    • Revision of PoC 1 design - dual stack, terminology change and 2 diagrams
      • Mark further works on the new diagram
    • Anti-spoofing patch to disable anti-spoofing rule in Neutron of Juno
      • Sridhar works on the patch

Meeting adjourned.

ipv6_opnfv_project/minutes_20150313.txt · Last modified: 2015/03/13 18:30 by Bin Hu

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki