[156735] in North American Network Operators' Group
Re: IPv6 Address allocation best practises for sites.
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Sep 25 05:08:25 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAPWAtbJ+L5dv0bBFBwXSHteD4LsMRyMHFQZHQGgVK9xtNf4JnA@mail.gmail.com>
Date: Tue, 25 Sep 2012 02:02:09 -0700
To: Jeff Wheeler <jsw@inconcepts.biz>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sep 24, 2012, at 21:08 , Jeff Wheeler <jsw@inconcepts.biz> wrote:
> On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch@illuminati.org> =
wrote:
>> Does the best practise switch to now using one IPv6 per site, or =
still the
>> same one IPv6 for multi-sites?
>=20
> Certainly it would be nice to have IPv6 address per vhost. In many
> cases, this will be practical.
>=20
> It also sometimes will NOT be practical.
>=20
> Imagine that I am one of the rather clueless hosting companies who are
> handing out /64 networks to any customer who asks for one, and using
> NDP to find the machine using each address in the /64. Churn problems
> aside, if you have any customer doing particularly dense virtual
> hosting, say a few thousand IPv6 addresses on his one or more
> machines, then he will use up the whole NDP table for just himself.
> You probably won't want to be a customer on the same layer-3 device as
> that guy. Now that there might be dozens of VMs per physical server
> and maybe 40 physical servers per each top-of-rack device, you can
> quickly exhaust all of your NDP entries even with normal, legitimate
> uses like www virtual hosting.
>=20
That's not the best way to stand up /64s for vhosts.
If you're smart, the customer gets a /64 for machine addresses (put
your interfaces in this /64) and each machine gets a /64 for vHosts
(put your vhost addresses on the loopback interface of the applicable
machine). Then, you route the /64 to the machine address for the
applicable machine and the vhosts never hit your neighbor table.
[snip] Deleted a whole bunch of additional reasons you really want
to do things the way I suggest above [/snip]
Owen
