Cloudstack: Changes due to feedback and our observations
Posted: Fri Jul 12, 2013 2:42 am
Hello !
Due to feed-back so far, we have adjusted some settings:
1. SLAAC has been disabled, i.e. you no longer receive an automated IPv6 based on your MAC. This made little sense in conjunction with the firewall which was blocking all IPv4 while leaving IPv6 wide open. In the future, CloudStack will be added IPv6 firewalling capabilities and we may reconsider this, but it is not the only reason why we removed SLAAC and it is left untouched on our other products with a MAC, Xen, KVM, including the storage ones;
2. The default security zone now blocks everything, including port 22 TCP, therefore, even if you have SSH enabled (as it is in all templates) it will not be reachable from outside until you open port 22 TCP. On IPv6, if you choose to configure it, it will still work as soon as IPv6 is up. Naturally, if you put SSH to listen on another port, you will have to open that one instead.
3. A change in templates is progress, it will prioritize IPv4 over IPv6 due to the above change, so, until you configure IPv6, connectivity will not be slow.
Due to feed-back so far, we have adjusted some settings:
1. SLAAC has been disabled, i.e. you no longer receive an automated IPv6 based on your MAC. This made little sense in conjunction with the firewall which was blocking all IPv4 while leaving IPv6 wide open. In the future, CloudStack will be added IPv6 firewalling capabilities and we may reconsider this, but it is not the only reason why we removed SLAAC and it is left untouched on our other products with a MAC, Xen, KVM, including the storage ones;
2. The default security zone now blocks everything, including port 22 TCP, therefore, even if you have SSH enabled (as it is in all templates) it will not be reachable from outside until you open port 22 TCP. On IPv6, if you choose to configure it, it will still work as soon as IPv6 is up. Naturally, if you put SSH to listen on another port, you will have to open that one instead.
3. A change in templates is progress, it will prioritize IPv4 over IPv6 due to the above change, so, until you configure IPv6, connectivity will not be slow.