Minutes of IPv6 Project Meeting on March 20, 2015
Date and Time: UTC 15:00, Friday March 20, 2015Convenor: Bin Hu (AT&T)Participants:- Jonne Soininen (Nokia)
- Louis Fourie (Huawei)
- Mark Medina (ClearPath)
- Roll call
- Admin Update
- TBD
- Status Update and Next Step
- Looking into IPv6 First-Hop Security, and use cases of Static IPv6 and Sub-delegation
- Update from Jonne about the need of IPv6 First-Hop Security feature
Jonne further looked into IPv6 First-Hop Security issue, and felt that there is a gap in OpenStack iptables. So we have an opportunity to submit a new BP to fill in the gap. This should be an easy fix in OpenStack.
On the other hand, there is a unique IPv6 issue that is irrelevant of OpenStack, i.e. Security Neighbor Discovery which overloads neighbor's cache. This issue should be fixed within router instead of OpenStack.
Jonne got an action to provide the group with draft of BP to fill in the gap of OpenStack iptables with IPv6 First-Hop Security. Jonne will share some thoughts in the mailing list before April 3, and group will discuss the BP draft on April 10. The plan is to have OPNFV internal review of the draft by the end of April so that we can have it discussed in OpenStack summit in May 18-22.
- Update from Sridhar about the findings of how well IPv6 First-Hop Security can be addressed in patches, and if there is any gaps
Sridhar is taking a day off on Friday. This item will be updated next week.
- Revision of PoC 1 design - dual stack, terminology change and 2 diagrams
- Update from Mark
Mark will continue to work on it for the following 3 weeks. The target is April 10th, with progress update on March 27th and April 3rd.
- Anti-spoofing patch to disable anti-spoofing rule in Neutron of Juno
- Update from Sridhar
Sridhar has posted a patch to mailing list. Mark needs to apply this patch to current OpenStack, and assess it if there is any other issue or not.
- Next Steps / New Actions
- Looking into IPv6 First-Hop Security, and use cases of Static IPv6 and Sub-delegation
- Jonne provide the group with draft of BP to fill in the gap of OpenStack iptables with IPv6 First-Hop Security.
- Deadline is April 10th for group to discuss at weekly project meeting
- Checkpoint on April 3 - Jonne sends the first draft before the checkpoint for discussion in the mailing list
- OPNFV internal review of the draft by the end of April
- Discuss it in OpenStack Summit on May 18-22.
- Sridhar looks into how well IPv6 First-Hop Security can be addressed in patches, and if there is any gaps
- Revision of PoC 1 design - dual stack, terminology change and 2 diagrams
- Mark further works on the new diagram.
- Deadline is April 10th
- Checkpoints are March 27th and April 3rd for progress report
- Anti-spoofing patch to disable anti-spoofing rule in Neutron of Juno
- Sridhar has provided the patch
- Mark applies the patch to OpenStack experiment
- Deadline is April 10th
- Checkpoints are March 27th and April 3rd for progress report
Meeting adjourned
