Create IPv6 Security Group Rules

Hello,

i need some help setting up security groups for ipv6 addresses in opennebula 5.8. If i want to specify some ipv6 network with a large prefix (for example 20a2:ba3f:cdf2::/48) to use it for matching the source address for a security group, opennebula seems unable to create a network with 20a2:ba3f:cdf2::0 as first address and 2^80 as size (1208925819614629174706176) i can not create this as a manual network. Is it somehow possible to create such a network?

Thanks

Hello,

Currently OpenNebula supports a value of 2^32 at maximum for the network size. However, you are not oblige to use the maximum number of IP addresses supported by the subnet; you could use 100 for instance; usually, the size is adjusted depending on the number of instances you are going to need.

Hello,

i did intend to use the networks for security groups for inbound traffic, thus i have to match a default network starting at ::0 and 128 bits in length. So that usecase isn’t possible and I have to redo my entire vm security?

I don’t know if I understood properly but you can create a SG in Sunstone using OpenNebula Virtual Network as Taget Network. The network can be of size X depending of the instances you are going to need, you are not forced to use the whole network.