IPv6 Address Resolution protection support in Neutron.
Bug #1491690 reported by
Sridhar Gaddam
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Sridhar Gaddam |
Bug Description
Similar to IPv4 arp protection support (Bug#1274034), we would require Neutron to add the necessary OVS rules to prevent ports attached to agent from sending any icmpv6 Neighbor Advertisement messages that contain an IPv6 address not belonging to the port.
For more details, please refer to "Figure 3. Attack against IPv6 Address Resolution"
http://
Changed in neutron: | |
assignee: | nobody → Sridhar Gaddam (sridhargaddam) |
Changed in neutron: | |
status: | New → In Progress |
Changed in neutron: | |
milestone: | none → liberty-rc1 |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | liberty-rc1 → 7.0.0 |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/201650 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=17765114292 217d109c15b220b e57fea6c9eed4a
Committed: https:/
Submitter: Jenkins
Branch: master
commit 17765114292217d 109c15b220be57f ea6c9eed4a
Author: sridhargaddam <email address hidden>
Date: Tue Jul 14 16:18:06 2015 +0000
Add IPv6 Address Resolution protection
Similar to IPv4 arp protection support, this patch adds the necessary OVS
rules to prevent ports attached to agent from sending any icmpv6 neighbor
advertisement messages that contain an IPv6 address not belonging to the port.
For details please refer to "Figure 3. Attack against IPv6 Address Resolution" www.cisco. com/web/ about/security/ intelligence/ ipv6_first_ hop.html
http://
DocImpact
SecurityImpact
Closes-Bug: #1491690 e02afde3e9078e4 9c6da373a88
Change-Id: I1f8311f1b9ae1b