Re: [vserver] IPV6 Implementation Guidelines:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] IPV6 Implementation Guidelines

From: Andrew Ruthven <andrew.ruthven_at_catalyst.net.nz>
Date: Wed 08 Jun 2011 - 21:48:18 BST
Message-ID: <1307566098.5193.10.camel@cyclops.etc.gen.nz>

Hi Ed,

On Wed, 2011-06-08 at 16:32 +0100, Ed W wrote:
> Happy IPV6 day...
>
> Now, I read the previous ipv6 posts from a few days back, but I'm new to
> ipv6 best practices and struggling to get my head around the
> implementation required.
>
> Does someone have a 101 guide to current best practice allocating ipv6
> right now?

Heh, I think there are a few current best practices, and they all depend
on your situation. But sparse allocation seems to be a preferred method
rather than sequential.

> To give a specific scenario I have a bunch of machines in a datacenter
> attached to a switch, and the datacenter can route a static ipv6 range
> to the machines. The machines consist of a small number of physical
> servers, each running linux-vserver and less than 256 guests per
> machine. At present I use a static allocation of IPV4 space to vservers.
> The machines will be publicly accessible and primary DNS servers will
> probably be outsourced (we don't yet, but could run secondary DNS servers)

In this situation what I'm doing is allocating a /112 to each physical
server. So, if the LAN has 2001:0db8:1000::/64 which is the standard,
each host would have a /112 inside that "allocated" to it, for example:

  2001:0db8:1000::100:0/112

So each vserver within that physical host can then use an IPv6 address
within 2001:0db8:1000::100:0000 to 2001:0db8:1000::100:ffff.

If I want a largish number of addresses in each vserver then I move the
allocation up one level and assign the physical host a /96 and then each
vserver a /112 within that /96.

Another trick I'm using is to assign IPv4 addresses to vservers using
RFC1918 space on dummy0 and SNAT'ing it out, but IPv6 addresses are
globally routed on eth0. So the vservers can get out on both IPv4 and
IPv6, but to access the vservers I use IPv6, and don't exhaust the IPv4
address pool in the LAN.

> IPV6 seems to be a confusing array of standards and it's not clear on
> the best route to allocate addresses given that somewhere up the line
> you need to publish in DNS?

Well, how you allocated addresses has nothing to do with putting them in
the DNS.

> Any tips on best practices?

Does that help? 

-- 
Andrew Ruthven, Wellington, New Zealand
Catalyst IT Limited --> http://www.catalyst.net.nz
At work: andrew.ruthven@catalyst.net.nz
At home: andrew@etc.gen.nz
GPG fpr: 34CA 12A3 C6F8 B156 72C2  D0D7 D286 CE0C 0C62 B791
LCA2012: Come with us, Under the Stars - lcaunderthestars.org.au

Received on Wed Jun 8 21:48:36 2011
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 08 Jun 2011 - 21:48:36 BST by hypermail 2.1.8