ipv6_opnfv_project:minutes_20151002
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
ipv6_opnfv_project:minutes_20151002 [2015/10/06 23:50] Bin Hu |
ipv6_opnfv_project:minutes_20151002 [2015/10/08 15:46] (current) Bin Hu |
||
|---|---|---|---|
| Line 26: | Line 26: | ||
| * Neutron Rest API only supports /64 IPv6 subnets. | * Neutron Rest API only supports /64 IPv6 subnets. | ||
| + | * Hannes talked about Connection Tracking feature added in Kernel, and it needs new BP for Neutron. | ||
| + | * The idea is to get rid of the qrouter, as those currently slow down performance a lot (the current setup traverses two ovs dataplanes and one namespace performing the NAT, masquerading, enforcing security policies and such). The new code can do this directly in openvswitch, thus giving huge performance improvements. | ||
| + | * We need to check what we need to do inside ovs for ipv6, then. | ||
| + | |||
| + | * Hannes also talked about Link local address with MAC address, and enhancement in kernel for us to verify. | ||
| + | * Basically Fedora Kernel does have this feature already. The RFC7217 is available here <https://tools.ietf.org/html/rfc7217> | ||
| + | * It is implemented in the kernel via the sysctls in /proc/sys/net/ipv6/conf/*/stable_secret | ||
| + | |||
| + | # stable_secret - IPv6 address | ||
| + | This IPv6 address will be used as a secret to generate IPv6 | ||
| + | addresses for link-local addresses and autoconfigured | ||
| + | ones. All addresses generated after setting this secret will | ||
| + | be stable privacy ones by default. This can be changed via the | ||
| + | addrgenmode ip-link. conf/default/stable_secret is used as the | ||
| + | secret for the namespace, the interface specific ones can | ||
| + | overwrite that. Writes to conf/all/stable_secret are refused. | ||
| + | |||
| + | It is recommended to generate this secret during installation | ||
| + | of a system and keep it stable after that. | ||
| + | |||
| + | By default the stable secret is unset. | ||
| + | |||
| + | * Currently it is not integrated into NetworkManager etc. in current distributions, but as soon as a new version will be released, it should include stable privacy support: | ||
| + | * https://fedoraproject.org/wiki/Tools/NetworkManager/IPv6#IPv6_Privacy_Extensions | ||
| + | * http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=lr/stable-privacy-rfc7217 | ||
| + | * A specific build with new NetworkManager can be generated for the test lab to test this before a new release. | ||
| + | |||
| * We discussed PoC design. It is good for long term, because it should work in this way | * We discussed PoC design. It is good for long term, because it should work in this way | ||
| * Any feature that is required for OPNFV IPv6 use-cases if found missing in Neutron/ODL, the idea is to propose it upstream in the respective component and track/implement it so that it becomes part of the upstream feature. | * Any feature that is required for OPNFV IPv6 use-cases if found missing in Neutron/ODL, the idea is to propose it upstream in the respective component and track/implement it so that it becomes part of the upstream feature. | ||
ipv6_opnfv_project/minutes_20151002.1444175450.txt.gz ยท Last modified: 2015/10/06 23:50 by Bin Hu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
