IPv6 Address allocation best practises for sites.

Jeff Wheeler jsw at inconcepts.biz
Tue Sep 25 04:08:15 UTC 2012


On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch at illuminati.org> wrote:
> Does the best practise switch to now using one IPv6 per site, or still the
> same one IPv6 for multi-sites?

Certainly it would be nice to have IPv6 address per vhost.  In many
cases, this will be practical.

It also sometimes will NOT be practical.

Imagine that I am one of the rather clueless hosting companies who are
handing out /64 networks to any customer who asks for one, and using
NDP to find the machine using each address in the /64.  Churn problems
aside, if you have any customer doing particularly dense virtual
hosting, say a few thousand IPv6 addresses on his one or more
machines, then he will use up the whole NDP table for just himself.
You probably won't want to be a customer on the same layer-3 device as
that guy.  Now that there might be dozens of VMs per physical server
and maybe 40 physical servers per each top-of-rack device, you can
quickly exhaust all of your NDP entries even with normal, legitimate
uses like www virtual hosting.

Now imagine the hosting company has decided the "stacking" trend is a
good idea, and stacked up a row of 10 EX4200s so they can all share
the same configuration, uplinks, etc.  They also share the same NDP
table, so it will be quite easy to run out of NDP (there is only room
for a few thousand entries) not just on one top-of-rack switch, but on
the whole row.

Further, imagine you decided to use a 6500 for a room full of
customers, or even your whole datacenter, which will often work just
fine for IPv4.  Suddenly it won't for IPv6, because each customer may
want to make hundreds of NDP entries for his various virtual-hosts.
Just one busy customer with a lot of virtual hosting will run out a
resource shared by every other customer.

So yes, having an IPv6 address per each www virtual-host is certainly
a nice idea.  If you have to use NDP to get your addresses to your web
server, though, it might not be practical.  It certainly will be
foolish in a "dedicated server" type of environment where you are
renting individual machines or VMs and not owning your own layer-3
box.

-- 
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts




More information about the NANOG mailing list