[GBP-33] IPv6 some features require PacketIn PacketOut for full support (currently limited) Created: 18/May/15 Updated: 11/Oct/15 Due: 05/Jun/15 |
|
| Status: | Confirmed |
| Project: | groupbasedpolicy |
| Component/s: | Renderer:OfOverlay |
| Affects Version/s: | unspecified |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Keith Burns | Assignee: | Martin Sunal |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| External issue ID: | 3241 | ||||||||
| Priority: | Highest | ||||||||
| Comments |
| Comment by Keith Burns [ 19/May/15 ] |
|
Attachment simplePOCfiles.tar has been added with description: Utilities for POC including ones changed for IPv6 testing |
| Comment by Thomas Bachman [ 21/May/15 ] |
|
Can pass L2 traffic using the POC with a modified DestinationMapper (changes flow-mod so that it matches the L2 flow instead of the L3 flow, which was decrementing the TTL, causing the host to drop the Neighbor Advertisement). Can't pass L3 traffic due to no handling of IPv6 Router Solicit messaging. This Google Doc captures the state of IPv6 support needed for Group Based Policy: https://docs.google.com/document/d/1AU3erz2KCunK6bOU3Nq9bH7wk-6vJrgc9pFARiGmm7c/edit?usp=sharing |
| Comment by Keith Burns [ 25/May/15 ] |
|
Minor change required to routing to stop TTL-. Can use dMAC==matcherMac for this purpose. Bigger issues are around (and thanks to Rob Adams readams for the pointers) "responses to router and neighbor solicitations for the router are handled through packet-in/packet-out (actually we use the nicira extension version of packet-out since that lets us see the register values set for the packet which makes it so the controller can be simpler). I'm not sure how easy that is to handle with the ODL openflow plugin. Luckily nearly all the original GBP code already supported ipv6 except for a few corner cases. You will also need to deal with router advertisements that need to be sent periodically from the virtual router to any endpoints that are members of a given subnet. You can see that code in the AdvertManager.cpp file in the agent (you won't need to worry about the endpoint advertisements, just the router advertisements). There's a lot of fiddly bits here dealing with various flags that enable or disable stateless autoconfiguration, dhcpv6, etc. The agent only supports a subset of all that. You'll also need to update the port security table to allow neighbor discovery and dhcpv6 to work correctly. |