nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Long and unabbreviatable IPv6 addresses with random overloaded bits, vs. tunnelbroker

From: Jon Lewis <jlewis () lewis org>
Date: Sun, 18 Nov 2012 19:53:07 -0500 (EST)
On Sun, 18 Nov 2012, Bryan Fields wrote:


On 11/18/12 5:53 PM, Constantine A. Murenin wrote:

edis.at gives you an IPv4 address of, for example, 158.255.21x.xxx,
and the IPv6 /112 that you get is 2a03:f80:ed15:158:255:21x:xxx:0/112
(really a /48), with 2a03:0f80:ed15::1 as the gateway.
By "KVM", I assume he's talking about cloud or VPS, i.e. a KVM based virtual machine. With cloud in particular, I've been trying to decide how to dole out IPv6 space. Because we're doing bridged networking for the VMs, we've been giving out IPv4 /32s to each VM and all VMs are in the same VLAN.
It seems insane to try to setup a proper IPv6 subnet and unique gateway for each VM, so I've been thinking something similar to what the host being complained about here has done is the only way to go. Not down to the detail of making the IPv6 ip based on the IPv4 IP, but giving out "very small" v6 blocks, (i.e. maybe /120 or /124), out of a /48 with the prefix::1/48 IP as everyone's gateway. Sure, IPv6 is big enough that we could give out /64s from that /48 and not run out of numbers, but I'm concerned about what happens when an abusive customer turns up 2^64 addresses and overloads the neighbor discovery cache on our gear. What's anyone really going to do with more than a few IP addresses on a VPS anyway? Just as we do with additional v4 IPs, if someone really has a need for additional v6 subnets, those could be provided, likely for a fee. 


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Previous By Date Next
Previous By Thread Next

Current thread: