Wiki

• Date and Time: UTC 15:00, Friday March 20, 2015
• Convenor: Bin Hu (AT&T)
• Participants:
  • Jonne Soininen (Nokia)
  • Louis Fourie (Huawei)
  • Mark Medina (ClearPath)

• Roll call
• Admin Update
  • TBD
• Status Update and Next Step
  • Looking into IPv6 First-Hop Security, and use cases of Static IPv6 and Sub-delegation
    • Update from Jonne about the need of IPv6 First-Hop Security feature

Jonne further looked into IPv6 First-Hop Security issue, and felt that there is a gap in OpenStack iptables. So we have an opportunity to submit a new BP to fill in the gap. This should be an easy fix in OpenStack.

On the other hand, there is a unique IPv6 issue that is irrelevant of OpenStack, i.e. Security Neighbor Discovery which overloads neighbor's cache. This issue should be fixed within router instead of OpenStack.

Jonne got an action to provide the group with draft of BP to fill in the gap of OpenStack iptables with IPv6 First-Hop Security. Jonne will share some thoughts in the mailing list before April 3, and group will discuss the BP draft on April 10. The plan is to have OPNFV internal review of the draft by the end of April so that we can have it discussed in OpenStack summit in May 18-22.

• Update from Sridhar about the findings of how well IPv6 First-Hop Security can be addressed in patches, and if there is any gaps
• Revision of PoC 1 design - dual stack, terminology change and 2 diagrams
• Update from Mark
• Anti-spoofing patch to disable anti-spoofing rule in Neutron of Juno
• Update from Sridhar
• AOB

Meeting adjourned