Ubuntu
procps package

Bug #1068756
Comment #14

Comment 14 for bug 1068756

Revision history for this message

Neil Wilson (neil-aldur) wrote on 2014-06-04: Re: [Bug 1068756] Re: IPv6 Privacy Extensions enabled on Ubuntu Server by default

#14

There's no problem with using it in an IPv6 environment if you use
IPv6 prefix mechanisms as designed

If you've tied down your cloud environment too tight (and technically
contra the spec - IPv6 is prefix based, not address based) then you
have to expect to make alterations to the standard equipment.

I have no problem with the temporary addresses as I scope my machines
on /64 boundaries - which is what everything pretty much expects and
RFC 5375 recommends. "Note that RFC 3177 strongly prescribes 64-bit
subnets for general usage, and that stateless autoconfiguration on
most link layers (including Ethernet) is only defined for 64-bit
subnets."

On 4 June 2014 11:57, Alex Bligh <email address hidden> wrote:
> Neil: the metadata is just one example (though that's not happening).
>
> The firewall rule thing applies irrespective of the metadata. The cloud
> environment created requires only /128 addresses it knows about to be
> accessible, and firewalls everything else out. Reasons for this include
> prevention of spoofing of IP addresses on outbound traffic. We want each
> UEC image to come up with the IPv6 address(es) we have assigned, and not
> a random one in the same /64. This is not an unreasonable requirement.
> We would use DHCPv6 for this if it weren't for the fact that DHCPv6 is
> broken in different ways and has little support.
>
> IPv6 *as designed* says RFC4941 SHOULD (RFC capitalisation) be turned
> off by default. So the argument that applications should be using it 'as
> designed' is bogus, as if it was deployed *as designed* (i.e. per the
> RFC) it would work. There would be no problem with (e.g.) Network
> Manager turning this on in a desktop environment.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1068756
>
> Title:
> IPv6 Privacy Extensions enabled on Ubuntu Server by default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1068756/+subscriptions

--
Neil Wilson

There's no problem with using it in an IPv6 environment if you use
IPv6 prefix mechanisms as designed

If you've tied down your cloud environment too tight (and technically
contra the spec - IPv6 is prefix based, not address based) then you
have to expect to make alterations to the standard equipment.

On 4 June 2014 11:57, Alex Bligh <ubuntu@alex.org.uk> wrote:
> Neil: the metadata is just one example (though that's not happening).
>
> The firewall rule thing applies irrespective of the metadata. The cloud
> environment created requires only /128 addresses it knows about to be
> accessible, and firewalls everything else out. Reasons for this include
> prevention of spoofing of IP addresses on outbound traffic. We want each
> UEC image to come up with the IPv6 address(es) we have assigned, and not
> a random one in the same /64. This is not an unreasonable requirement.
> We would use DHCPv6 for this if it weren't for the fact that DHCPv6 is
> broken in different ways and has little support.
>
> IPv6 *as designed* says RFC4941 SHOULD (RFC capitalisation) be turned
> off by default. So the argument that applications should be using it 'as
> designed' is bogus, as if it was deployed *as designed* (i.e. per the
> RFC) it would work. There would be no problem with (e.g.) Network
> Manager turning this on in a desktop environment.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1068756
>
> Title:
>   IPv6 Privacy Extensions enabled on Ubuntu Server by default
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1068756/+subscriptions

-- 
Neil Wilson

Ubuntuprocps package

Comment 14 for bug 1068756

Ubuntu
procps package