[157988] in North American Network Operators' Group
Re: Long and unabbreviatable IPv6 addresses with random overloaded
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Nov 19 00:46:19 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <Pine.LNX.4.61.1211181922480.26706@soloth.lewis.org>
Date: Sun, 18 Nov 2012 21:40:45 -0800
To: Jon Lewis <jlewis@lewis.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Nov 18, 2012, at 4:53 PM, Jon Lewis <jlewis@lewis.org> wrote:
> On Sun, 18 Nov 2012, Bryan Fields wrote:
>=20
>> On 11/18/12 5:53 PM, Constantine A. Murenin wrote:
>>> edis.at gives you an IPv4 address of, for example, 158.255.21x.xxx,
>>> and the IPv6 /112 that you get is =
2a03:f80:ed15:158:255:21x:xxx:0/112
>>> (really a /48), with 2a03:0f80:ed15::1 as the gateway.
>=20
> By "KVM", I assume he's talking about cloud or VPS, i.e. a KVM based =
virtual machine. With cloud in particular, I've been trying to decide =
how to dole out IPv6 space. Because we're doing bridged networking for =
the VMs, we've been giving out IPv4 /32s to each VM and all VMs are in =
the same VLAN.
>=20
> It seems insane to try to setup a proper IPv6 subnet and unique =
gateway for each VM, so I've been thinking something similar to what the =
host being complained about here has done is the only way to go. Not =
down to the detail of making the IPv6 ip based on the IPv4 IP, but =
giving out "very small" v6 blocks, (i.e. maybe /120 or /124), out of a =
/48 with the prefix::1/48 IP as everyone's gateway. Sure, IPv6 is big =
enough that we could give out /64s from that /48 and not run out of =
numbers, but I'm concerned about what happens when an abusive customer =
turns up 2^64 addresses and overloads the neighbor discovery cache on =
our gear. What's anyone really going to do with more than a few IP =
addresses on a VPS anyway? Just as we do with additional v4 IPs, if =
someone really has a need for additional v6 subnets, those could be =
provided, likely for a fee.
Setting up a proper IPv6 subnet and unique gateway for each VM is =
probably insane, but, potentially less insane than some other =
alternatives. Setting one up for each customer's collection of VMs, =
OTOH, might not be so insane. Remember, you can have multiple IPv6 =
subnets on the same link without much penalty. Since you probably want =
the ability to have VPS portable across physical servers, you probably =
don't want to set up a subnet per physical server with all the VPS on a =
given PS sharing that subnet which is the numerically simplest approach.
I'd have to review your actual architecture (physical and overlaid =
virtual) to really know what would be best for your particular =
circumstance. Contact me off-list if you're interested in something like =
that.
Owen
