Re: [vserver] assigning less than /64 to individual guests:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] assigning less than /64 to individual guests

From: Eugen Leitl <eugen_at_leitl.org>
Date: Tue 17 May 2011 - 19:49:42 BST
Message-ID: <20110517184942.GH24232@leitl.org>

FYI

----- Forwarded message from Michael Richardson <mcr@sandelman.ca> -----

From: Michael Richardson <mcr@sandelman.ca>
Date: Tue, 17 May 2011 13:10:40 -0400
To: Eugen Leitl <eugen@leitl.org>
cc: debian-ipv6@lists.debian.org
Subject: Re: [vserver] assigning less than /64 to individual guests
X-Mailer: MH-E 8.1; nmh 1.1; XEmacs 21.4 (patch 22)

>>>>> "Eugen" == Eugen Leitl <eugen@leitl.org> writes:
    Eugen> Just sent that to the vserver list, but figured this is at
    Eugen> least as relevant.

    Eugen> So am I in the clear to parcel out a /64 in /80s, as long as
    Eugen> all the /80 are all on the same LAN or VLAN? No autoconfig
    Eugen> breakage ensues? Is 48 bits really enough for anybody?

If you are saying that you will allocate /80s to each vserver, but
actually they will not be layer-2 isolated from each other, this is just
an administrative partition, then I think it's a good idea.

You can't use autoconfig for the parts that are in the /80s.
You can arrange for your /80s to never overlap the autoconfigured stuff.
OUI-64s, when generated from OUI-48s (i.e. mac addresses) always have
ff:fe as the middle 16 bits.

In addition, bit 6 in the OUI-64 (which is bit 1 in little bit-endian,
the bit after the "broadcast" bit) will be set if the OUI-64 is believed
to be globally unique. Note that if you have IPv6 Privacy Extensions
on, then autoconfig will not necessarily set bit 6.
I would have to lookup to determine in fact privacy extensions will set
the middle 16 bits in any predictable fashion.

Permitting autoconfig to work seems like a nice thing to retain. 

-- 
]       He who is tired of Weird Al is tired of life!           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
   Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
	               then sign the petition. 
-- 
To UNSUBSCRIBE, email to debian-ipv6-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/27236.1305652240@marajade.sandelman.ca
----- End forwarded message -----
-- 
Eugen* Leitl leitl http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
Received on Tue May 17 19:49:53 2011
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 17 May 2011 - 19:49:53 BST by hypermail 2.1.8