ipv6_opnfv_project:topdown_usecase
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
ipv6_opnfv_project:topdown_usecase [2016/02/22 20:31] Bin Hu [Table] |
ipv6_opnfv_project:topdown_usecase [2016/02/22 20:39] (current) Bin Hu [Table] |
||
|---|---|---|---|
| Line 17: | Line 17: | ||
| | VM access to the meta-data server to obtain user data, SSH keys, etc. using cloud-init with IPv6 only interfaces. | **No** | This is currently not supported. Config-drive or dual-stack IPv4/IPv6 can be used as a workaround (so that the IPv4 network is used to obtain connectivity with the metadata service)\\ Ref:[[http://openstack.10931.n7.nabble.com/Neutron-cloud-init-IPv6-support-td45386.html|email-thread]] | | | VM access to the meta-data server to obtain user data, SSH keys, etc. using cloud-init with IPv6 only interfaces. | **No** | This is currently not supported. Config-drive or dual-stack IPv4/IPv6 can be used as a workaround (so that the IPv4 network is used to obtain connectivity with the metadata service)\\ Ref:[[http://openstack.10931.n7.nabble.com/Neutron-cloud-init-IPv6-support-td45386.html|email-thread]] | | ||
| | Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, UDP) in security groups. Ability to control and manage all IPv6 security group capabilities via Neutron/Nova API (REST and CLI) as well as via Horizon. | Yes | | | | Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, UDP) in security groups. Ability to control and manage all IPv6 security group capabilities via Neutron/Nova API (REST and CLI) as well as via Horizon. | Yes | | | ||
| - | | During network/subnet/router create, there should be an option to allow user to specify the type of address management they would like. This includes all options including those low priority if implemented (e.g., toggle on/off router and address prefix advertisements); It must be supported via Neutron API (REST and CLI) as well as via Horizon | Yes | Two new Subnet attributes were introduced to control IPv6 address assignment options: \\"ipv6-ra-mode" - to determine who sends Router Advertisements, and \\"ipv6-address-mode" - to determine how VM obtains IPv6 address, default gateway, and/or optional information. | | + | | During network/subnet/router create, there should be an option to allow user to specify the type of address management they would like. This includes all options including those low priority if implemented (e.g., toggle on/off router and address prefix advertisements); It must be supported via Neutron API (REST and CLI) as well as via Horizon | Yes | Two new Subnet attributes were introduced to control IPv6 address assignment options: \\ "ipv6-ra-mode" - to determine who sends Router Advertisements, and \\ "ipv6-address-mode" - to determine how VM obtains IPv6 address, default gateway, and/or optional information. | |
| | Security groups anti-spoofing: Prevent VM from using a source IPv6/MAC address which is not assigned to the VM | Yes | | | | Security groups anti-spoofing: Prevent VM from using a source IPv6/MAC address which is not assigned to the VM | Yes | | | ||
| | Protect tenant and provider network from rogue RAs | Yes | When using a tenant network, Neutron is going to automatically handle the filter rules to allow connectivity of RAs to the VMs only from the Neutron router port; with provider networks, users are required to specify the LLA of the upstream router during the subnet creation, or otherwise manually edit the security-groups rules to allow incoming traffic from this specific address. | | | Protect tenant and provider network from rogue RAs | Yes | When using a tenant network, Neutron is going to automatically handle the filter rules to allow connectivity of RAs to the VMs only from the Neutron router port; with provider networks, users are required to specify the LLA of the upstream router during the subnet creation, or otherwise manually edit the security-groups rules to allow incoming traffic from this specific address. | | ||
| Line 24: | Line 24: | ||
| | Support for IPv6 Prefix Delegation. | Yes | Partial support in Liberty | | | Support for IPv6 Prefix Delegation. | Yes | Partial support in Liberty | | ||
| | Distributed Virtual Routing (DVR) support for IPv6 | **No** | Blueprint proposed upstream, pending discussion. | | | Distributed Virtual Routing (DVR) support for IPv6 | **No** | Blueprint proposed upstream, pending discussion. | | ||
| + | | IPv6 First-Hop Security, IPv6 ND spoofing | Yes | | | ||
| | IPv6 support in Neutron Layer3 High Availability (keepalived+VRRP). | Yes | | | | IPv6 support in Neutron Layer3 High Availability (keepalived+VRRP). | Yes | | | ||
| + | |||
| + | |||
ipv6_opnfv_project/topdown_usecase.1456173115.txt.gz ยท Last modified: 2016/02/22 20:31 by Bin Hu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
