[vserver] Re: IPv6 Address allocation best practises for sites.:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

[vserver] Re: IPv6 Address allocation best practises for sites.

From: Eugen Leitl <eugen_at_leitl.org>
Date: Wed 26 Sep 2012 - 15:07:44 BST
Message-ID: <20120926140744.GA9750@leitl.org>

----- Forwarded message from Owen DeLong <owen@delong.com> -----

From: Owen DeLong <owen@delong.com>
Date: Tue, 25 Sep 2012 02:02:09 -0700
To: Jeff Wheeler <jsw@inconcepts.biz>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Subject: Re: IPv6 Address allocation best practises for sites.
X-Mailer: Apple Mail (2.1486)

On Sep 24, 2012, at 21:08 , Jeff Wheeler <jsw@inconcepts.biz> wrote:

> On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch@illuminati.org> wrote:
>> Does the best practise switch to now using one IPv6 per site, or still the
>> same one IPv6 for multi-sites?
>
> Certainly it would be nice to have IPv6 address per vhost. In many
> cases, this will be practical.
>
> It also sometimes will NOT be practical.
>
> Imagine that I am one of the rather clueless hosting companies who are
> handing out /64 networks to any customer who asks for one, and using
> NDP to find the machine using each address in the /64. Churn problems
> aside, if you have any customer doing particularly dense virtual
> hosting, say a few thousand IPv6 addresses on his one or more
> machines, then he will use up the whole NDP table for just himself.
> You probably won't want to be a customer on the same layer-3 device as
> that guy. Now that there might be dozens of VMs per physical server
> and maybe 40 physical servers per each top-of-rack device, you can
> quickly exhaust all of your NDP entries even with normal, legitimate
> uses like www virtual hosting.
>

That's not the best way to stand up /64s for vhosts.

If you're smart, the customer gets a /64 for machine addresses (put
your interfaces in this /64) and each machine gets a /64 for vHosts
(put your vhost addresses on the loopback interface of the applicable
machine). Then, you route the /64 to the machine address for the
applicable machine and the vhosts never hit your neighbor table.

[snip] Deleted a whole bunch of additional reasons you really want
to do things the way I suggest above [/snip]

Owen

----- End forwarded message ----- 

-- 
Eugen* Leitl leitl http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
Received on Wed Sep 26 15:07:54 2012
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 26 Sep 2012 - 15:07:55 BST by hypermail 2.1.8