yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1491690] [NEW] IPv6 Address Resolution protection support in Neutron.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Sridhar Gaddam <sgaddam@xxxxxxxxxx>
Date: Thu, 03 Sep 2015 04:01:21 -0000
Reply-to: Bug 1491690 <1491690@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Similar to IPv4 arp protection support (Bug#1274034), we would require
Neutron to add the necessary OVS rules to prevent ports attached to
agent from sending any icmpv6 Neighbor Advertisement messages that
contain an IPv6 address not belonging to the port.

For more details, please refer to "Figure 3. Attack against IPv6 Address Resolution"
http://www.cisco.com/web/about/security/intelligence/ipv6_first_hop.html

** Affects: neutron
     Importance: Undecided
     Assignee: Sridhar Gaddam (sridhargaddam)
         Status: In Progress

** Changed in: neutron
     Assignee: (unassigned) => Sridhar Gaddam (sridhargaddam)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1491690

Title:
  IPv6 Address Resolution protection support in Neutron.

Status in neutron:
  In Progress

Bug description:
  Similar to IPv4 arp protection support (Bug#1274034), we would require
  Neutron to add the necessary OVS rules to prevent ports attached to
  agent from sending any icmpv6 Neighbor Advertisement messages that
  contain an IPv6 address not belonging to the port.

  For more details, please refer to "Figure 3. Attack against IPv6 Address Resolution"
  http://www.cisco.com/web/about/security/intelligence/ipv6_first_hop.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1491690/+subscriptions

Follow ups

[Bug 1491690] Re: IPv6 Address Resolution protection support in Neutron.
From: Thierry Carrez, 2015-09-24