[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Long and unabbreviatable IPv6 addresses with random overloaded bits, vs. tunnelbroker

On Sun, Nov 18, 2012 at 7:53 PM, Jon Lewis <jlewis at lewis.org> wrote:
> It seems insane to try to setup a proper IPv6 subnet and unique gateway for
> each VM, so I've been thinking something similar to what the host being
> complained about here has done is the only way to go.  Not down to the
> detail of making the IPv6 ip based on the IPv4 IP, but giving out "very
> small" v6 blocks, (i.e. maybe /120 or /124), out of a /48 with the
> prefix::1/48 IP as everyone's gateway.  Sure, IPv6 is big enough that we
> could give out /64s from that /48 and not run out of numbers, but I'm
> concerned about what happens when an abusive customer turns up 2^64
> addresses and overloads the neighbor discovery cache on our gear.  What's
> anyone really going to do with more than a few IP addresses on a VPS anyway?
> Just as we do with additional v4 IPs, if someone really has a need for
> additional v6 subnets, those could be provided, likely for a fee.

Hi Jon,

Why not assign a single IPv6 address to each VM and then for those
folks who need more, *route* a /64 to the original address? With
Linux, I think you can then attach the whole /64 to a loopback alias
(lo:1) and the host will understand that it has the entire /64 without
creating neighbor table entries or any other chancy things.

Bill Herrin

William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004