Re: IPv6 Address allocation best practises for sites.

[Owen DeLong <owen () delong com>]

On Sep 24, 2012, at 21:08 , Jeff Wheeler <jsw () inconcepts biz> wrote:

> On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch () illuminati org> wrote:
> > Does the best practise switch to now using one IPv6 per site, or still the
> > same one IPv6 for multi-sites?
>
> Certainly it would be nice to have IPv6 address per vhost.  In many
> cases, this will be practical.
>
> It also sometimes will NOT be practical.
>
> Imagine that I am one of the rather clueless hosting companies who are
> handing out /64 networks to any customer who asks for one, and using
> NDP to find the machine using each address in the /64.  Churn problems
> aside, if you have any customer doing particularly dense virtual
> hosting, say a few thousand IPv6 addresses on his one or more
> machines, then he will use up the whole NDP table for just himself.
> You probably won't want to be a customer on the same layer-3 device as
> that guy.  Now that there might be dozens of VMs per physical server
> and maybe 40 physical servers per each top-of-rack device, you can
> quickly exhaust all of your NDP entries even with normal, legitimate
> uses like www virtual hosting.

That's not the best way to stand up /64s for vhosts.

If you're smart, the customer gets a /64 for machine addresses (put
your interfaces in this /64) and each machine gets a /64 for vHosts
(put your vhost addresses on the loopback interface of the applicable
machine). Then, you route the /64 to the machine address for the
applicable machine and the vhosts never hit your neighbor table.

[snip] Deleted a whole bunch of additional reasons you really want
to do things the way I suggest above [/snip]

Owen