IPv6 Address allocation best practises for sites.
owen at delong.com
Tue Sep 25 09:02:09 UTC 2012
On Sep 24, 2012, at 21:08 , Jeff Wheeler <jsw at inconcepts.biz> wrote:
> On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch at illuminati.org> wrote:
>> Does the best practise switch to now using one IPv6 per site, or still the
>> same one IPv6 for multi-sites?
> Certainly it would be nice to have IPv6 address per vhost. In many
> cases, this will be practical.
> It also sometimes will NOT be practical.
> Imagine that I am one of the rather clueless hosting companies who are
> handing out /64 networks to any customer who asks for one, and using
> NDP to find the machine using each address in the /64. Churn problems
> aside, if you have any customer doing particularly dense virtual
> hosting, say a few thousand IPv6 addresses on his one or more
> machines, then he will use up the whole NDP table for just himself.
> You probably won't want to be a customer on the same layer-3 device as
> that guy. Now that there might be dozens of VMs per physical server
> and maybe 40 physical servers per each top-of-rack device, you can
> quickly exhaust all of your NDP entries even with normal, legitimate
> uses like www virtual hosting.
That's not the best way to stand up /64s for vhosts.
If you're smart, the customer gets a /64 for machine addresses (put
your interfaces in this /64) and each machine gets a /64 for vHosts
(put your vhost addresses on the loopback interface of the applicable
machine). Then, you route the /64 to the machine address for the
applicable machine and the vhosts never hit your neighbor table.
[snip] Deleted a whole bunch of additional reasons you really want
to do things the way I suggest above [/snip]
More information about the NANOG