Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Yes you can use the whole /64 of IPv6 on OVH's Kimsufi

Yes you can use the whole /64 of IPv6 on OVH's Kimsufi

rm_rm_ Member
edited May 2014 in Tutorials

Just a quick heads up to those who bought one the latest Kimsufi servers.

These servers are advertised to come with a /128 of IPv6 (one address).

However this address follows a specific format: 2001:41d0:x:abcd::1/128

If you are familiar with IPv6, this looks exactly like the first IP in a /64 (all remaining bits of the "host" part set to zero). Looks like everyone has their /128 IPv6 ending with ::1 (if that's not the case for someone, please post). So they seem to allocate a /64 per customer, then only configure one (first) IP out of it on the server by default.

Let's try adding a second IP to the interface:
ip addr add 2001:41d0:x:abcd::2/128 dev eth0
Yep, it works totally fine, pingable from the outside and everything.

So in case you just need 2-3 more IPv6 addresses, this is not a problem whatsoever, just add them in a similar form, they will work, and you don't risk "colliding" with another customer. However there's no way to define rDNS records for those additional IPs, so their usefulness remains somewhat limited.

Tagged:
«1

Comments

  • If you think about it, that makes sense to comply (sortof) with RFCs. Each customer gets a /64 BLOCK for their IPv6 address, so ratelimiting or filtering by /64 still works without affecting others. I'm not sure why OVH wouldn't just advertise it as getting the /64 though.

    BlueVM | Best VPS Deals [~] 1GBPS, RAID-10, OpenVZ/KVM, 8 locations. [~] Feathur VPS Control Panel!
    Thanked by 1mpkossen
  • sc754sc754 Member

    @rm_ said: Just a quick heads up to those who bought one the latest Kimsufi servers.

    Just tried on my kimsufi 2013 atom server and it also works for that. So looks like you get a /64 with those as well :)

  • earlearl Member
    edited May 2014

    Maybe they are advertising it as /128 since technically if you tunnel their v6 you also get their Anti-DDoS? they probably don't want to give the idea of having /64 of v6 with Anti-DDoS protection for 5 euro/mo

  • rm_rm_ Member
    edited May 2014

    Magiobiwan said: I'm not sure why OVH wouldn't just advertise it as getting the /64 though.

    Maybe that's to create an impression that if you want to run any kind of VMs (even OpenVZ, even v6-only ones), you have to buy their more expensive SoYouStart servers.

    earl said: they probably don't want to give the idea of having /64 of v6 with Anti-DDoS protection for 5 euro/mo

    Even one IPv4 with DDoS protection is currently much more valuable than a /64 of IPv6 with DDoS protection. And you already get that IPv4 for 5 EUR. So one way or the other I don't think this was a major factor.

  • PwnerPwner Member

    @rm_ said: Even one IPv4 with DDoS protection is currently much more valuable than a /64 of IPv6 with DDoS protection. And you already get that IPv4 for 5 EUR. So one way or the other I don't think this was a major factor.

    I don't think it has to do with value, I think it has to do with the increased attacks via IPv6. If everyone knew that they could use IPv6 on their Kimsufis, they would be opening up more holes for increased chances of attacks. OVH will really be putting their re-known DDoS protection to the test.

    [Disclosure: I work for a public institution, any comments made reflect myself and my personal views only.]

  • IPv6 is confusing...

    So if my ipv6 is 2001:41d0:8:9304::1/128, i can keep adding like so?

    2001:41d0:8:9304::1/128 2001:41d0:8:9304::2/128 2001:41d0:8:9304::3/128 2001:41d0:8:9304::4/128 2001:41d0:8:9304::5/128

    2001:41d0:8:9304::200/128 2001:41d0:8:9304::1/128

  • CoreyCorey Member, Provider

    @linuxthefish said: IPv6 is confusing...

    So if my ipv6 is 2001:41d0:8:9304::1/128, i can keep adding like so?

    2001:41d0:8:9304::1/128 2001:41d0:8:9304::2/128 2001:41d0:8:9304::3/128 2001:41d0:8:9304::4/128 2001:41d0:8:9304::5/128

    2001:41d0:8:9304::200/128 2001:41d0:8:9304::1/128

    It's only because they 'really' assigned you a /64 to be RFC complaint..

    I was wondering about this guys .... I was wondering if I should really assign my customers the ENTIRE /64. I'll probably do something like this.

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • InfinityInfinity Member, Provider
    edited May 2014

    @Corey said: I was wondering about this guys .... I was wondering if I should really assign my customers the ENTIRE /64. I'll probably do something like this.

    Of course you should.. You don't need to add the whole block, just assign them the addresses and add when needed.

    Thanked by 1ucxo
  • sc754sc754 Member
    edited May 2014

    @linuxthefish said: IPv6 is confusing...

    So if my ipv6 is 2001:41d0:8:9304::1/128, i can keep adding like so?

    2001:41d0:8:9304::1/128 2001:41d0:8:9304::2/128 2001:41d0:8:9304::3/128 2001:41d0:8:9304::4/128 2001:41d0:8:9304::5/128

    2001:41d0:8:9304::200/128 2001:41d0:8:9304::1/128

    Edit... I've no idea

    Thanked by 1linuxthefish
  • Are you sure they wont notice?
    I mean, this basically means unauthorized use of IP space. While it works and wont collide with others, it certainly wont please them.

    If privacy is outlawed, only outlaws will have privacy. Romanian Protests

  • rm_rm_ Member
    edited May 2014

    Maounique said: Are you sure they wont notice?

    They can notice, source/destination headers of an IP packet obviously aren't hidden. But if they really cared, they would make their router not to route the whole /64 to you; limiting the routed range to just that /128 on the router is trivial. And since this really shouldn't cause any issues to them or their other customers, I doubt they will care enough to even ask you to stop using those other IPs, let alone terminate the server or anything of that sort.

  • CoreyCorey Member, Provider

    @rm_ said: They can notice, source/destination headers of an IP packet obviously aren't hidden. But if they really cared, they would make their router not to route the whole /64 to you; limiting the routed range to just that /128 on the router is trivial. And since this really shouldn't cause any issues to them or their other customers, I doubt they will care enough to even ask you to stop using those other IPs, let alone terminate the server or anything of that sort.

    but then would it be harder for them to reserve the rest of the /64 to be rfc compliant?

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • @Corey said:

    It's not about being "compliant". If you spam / do anything stupid / blacklist / someone manages a lit to block IPv6 (guess what, lots of people do at the moment for IPv4 ...) a single /64 in IPv6 is treated as a SINGLE IPv4 . Therefore, multiple clients would be affected if you put them on the same /64 .

    Acting Director of Albino Geek Services Ltd. My Keybase ID ( gh )
    GoodHosting.co | Enterprise KVM Virtual Private Servers | Twitter / Status : @ GoodHostingCo

  • CoreyCorey Member, Provider

    GoodHosting said: It's not about being "compliant". If you spam / do anything stupid / blacklist / someone manages a lit to block IPv6 (guess what, lots of people do at the moment for IPv4 ...) a single /64 in IPv6 is treated as a SINGLE IPv4 . Therefore, multiple clients would be affected if you put them on the same /64 .

    So spamhaus and other blacklists would block the entire /64 if there was abuse?

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • rm_rm_ Member
    edited May 2014

    Corey said: but then would it be harder for them to reserve the rest of the /64 to be rfc compliant?

    Not any harder, they could still reserve it (as in: not assign IPs within it to any other customer), but configure their router only allowing the ....::1/128 destination towards your server, not anything else.

  • @Corey said:

    Spamhaus would probably block in the /48s given their history [ smallest provider size. ]

    Acting Director of Albino Geek Services Ltd. My Keybase ID ( gh )
    GoodHosting.co | Enterprise KVM Virtual Private Servers | Twitter / Status : @ GoodHostingCo

  • CoreyCorey Member, Provider

    GoodHosting said: Spamhaus would probably block in the /48s given their history [ smallest provider size. ]

    Wow that's ridiculous.... CoreXchange only wants to give me /56....

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • rm_rm_ Member

    GoodHosting said: Spamhaus would probably block in the /48s given their history [ smallest provider size. ]

    If they want to ban the whole provider? Sure. But a per-end-user ban should start at /64.

  • raindog308raindog308 Moderator

    Well if I only get a /64 for ipv6 instead of a /128 then Kimsufi is completely useless to me.

    My Advice: VPS Advice

    For LET support, please click here.

  • @raindog308 said: Well if I only get a /64 for ipv6 instead of a /128 then Kimsufi is completely useless to me.

    /64 is much bigger.........

    Acting Director of Albino Geek Services Ltd. My Keybase ID ( gh )
    GoodHosting.co | Enterprise KVM Virtual Private Servers | Twitter / Status : @ GoodHostingCo

  • CoreyCorey Member, Provider

    GoodHosting said: /64 is much bigger.........

    I think he is being sarcastic.... I can't tell.

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
    Thanked by 1Maounique
  • You can set the rDNS through OVH's API

    https://www.ovh.com/soapi/en/?method=dedicatedReverseAdd

  • raindog308raindog308 Moderator

    Corey said: I think he is being sarcastic.... I can't tell.

    I actually need multiple /256 blocks on all my VPSes.

    My Advice: VPS Advice

    For LET support, please click here.

  • RazzaRazza Member

    @chauffer said: You can set the rDNS through OVH's API

    https://www.ovh.com/soapi/en/?method=dedicatedReverseAdd

    I think that only work for server under the ovh range of server's such as soyoustart , not the kimsufi range

  • CoreyCorey Member, Provider

    raindog308 said: I actually need multiple /256 blocks on all my VPSes.

    :) Yea he's being sarcastic

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • rm_rm_ Member

    chauffer said: You can set the rDNS through OVH's API

    https://api.ovh.com/console/ is the online console for that API, and it doesn't seem to accept Kimsufi logins.

  • chaufferchauffer Member
    edited May 2014

    @rm_ @Razza

    those are different APIs. (it works for kimsufi.)

  • AmitzAmitz Member
    edited May 2014

    I just saw that I have a free /48 IPv6 at online.net! How many single IPs is that again?

    Wait... found this:

    Hell... What am I supposed to do with that amount of IPs?

    I ♥ Prometeus.net I Best Forum ever: http://www.kimsufitalk.com

  • rm_rm_ Member
    edited May 2014

    Amitz said: What am I supposed to do with that amount of IPs?

    For one, run a VPS provider and assign each customer's VPS a /64 as you should.
    One /48 is 65536 of /64s, and it's not that many if you think about it. But the main reason is that assigning a /48 is just easier, the next option they could go with is /56 (with a /52 subnetting is awkward actually both /52s and /56s suck about the same), but that's already too small, only 256pcs of /64s.

    It's really not useful to think about IPv6 in terms of "how many individual IPs do you get".
    "How many /64s" sounds more like it.

  • @rm_ said: "How many /64s" sounds more like it.

    That is precisely it. I wish more people would look at IPv6 for what it is, a completely and utterly different addressing scheme than IPv4.

    It's completely useless to try to draw direct comparisons between the two . . . and the leading cause for uninformed people to scream that we're going to run out of IPv6 for the same reason as IPv4, if we hand out /64s like candy.

  • I can get hold of 5 /64 And 5 /48

    From what I remember we are going to run out of v6 within 5 years if we keep on going like this

    Get a Free VPS from 5 posts per month at http://post2vps.com/

  • @mtwiscool said: I can get hold of 5 /64 And 5 /48

    From what I remember we are going to run out of v6 within 5 years if we keep on going like this

    I love you so much. Please marry me.

  • WintereiseWintereise Member
    edited May 2014

    mtwiscool said: From what I remember we are going to run out of v6 within 5 years if we keep on going like this

    To save yourself the embarrassment, no sir, you're unfortunately VERY mistaken.

    It's better to not post at all than post just to 'increase participation.'

    -- BOFH

  • @mtwiscool said: From what I remember we are going to run out of v6 within 5 years if we keep on going like this

    No.

    Thanked by 1Infinity
  • @mtwiscool said: I can get hold of 5 /64 > And 5 /48

    From what I remember we are going to run out of v6 within 5 years if we keep on going like this

    That means there's only 281,474,976,710,650 /48 blocks left :O

    We're doomed

    Favourite host in general: Ramnode (SSD10 for 10% off, affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr (affiliate link)

    Thanked by 1Razza
  • RazzaRazza Member

    only 281,474,976,710,650 /48 left, must start panic buying

  • We will get the the run out point as we have Ipv6 allocated at a click of a mouse, If normal people get into Ipv6 we are doomed simple as that.

    Get a Free VPS from 5 posts per month at http://post2vps.com/

  • DavidxDavidx Member
    edited May 2014

    @mtwiscool said: We will get the the run out point as we have Ipv6 allocated at a click of a mouse, If normal people get into Ipv6 we are doomed simple as that.

    Nope, (someone else) correct me if I'm wrong.. but aren't consumers supposed to be designated a /64?

  • @mtwiscool said: We will get the the run out point as we have Ipv6 allocated at a click of a mouse, If normal people get into Ipv6 we are doomed simple as that.

    If they allocated /48s to everyone in the world (7.16 billion) each person would get 39,300

    I think people underestimate how many IPv6 addresses there actually are

    Favourite host in general: Ramnode (SSD10 for 10% off, affiliate link)
    Favourite host for hourly billing/custom ISOs: Vultr (affiliate link)

  • vedranvedran Member

    Not enough, I need at least 100,000 /48s

  • Seriously though, what is the use of a /64 for an end user? Also how would all those IP's fit into the networking page of solusvm!?

    Also isn't there issues routing a whole /64 to an openvz VPS? ( @Magiobiwan )

  • raindog308raindog308 Moderator

    Amitz said: Hell... What am I supposed to do with that amount of IPs?

    Sell them to @mtwiscool

    My Advice: VPS Advice

    For LET support, please click here.

  • raindog308raindog308 Moderator

    hostnoob said: I think people underestimate how many IPv6 addresses there actually are

    But somehow, someway, I just know there will be a shortage in 20 years.

    Happens every time someone says "that's more than enough for any possible use".

    My Advice: VPS Advice

    For LET support, please click here.

    Thanked by 2linuxthefish Pwner
  • sc754sc754 Member

    @raindog308 said:

    How many more gadgets do you think people will use / get. It can't be anywhere near as many as ipv6 addresses and I don't see a reason why people need multiple ip's in their thousands per person, since you get so many ports per ip

  • c0yc0y Member

    @linuxthefish said: Seriously though, what is the use of a /64 for an end user? Also how would all those IP's fit into the networking page of solusvm!?

    Also isn't there issues routing a whole /64 to an openvz VPS? ( Magiobiwan )

    You're looking at it the wrong way :-)

    Every user is supposed to get a /64 and give a subnet, e.g. /96, /128, whatever you like to his devices in an effort to get rid of NAT.

    The protocol isn't just a longer address, it's a complete redesign of addressing...

    Thanked by 1ucxo
  • SpiritSpirit Disabled

    linuxthefish said: Seriously though, what is the use of a /64 for an end user?

    /64 is the minimum for auto assignment/SLAAC autoconfigured VPN on IPv6. https://en.wikipedia.org/wiki/SLAAC#Stateless_address_autoconfiguration_.28SLAAC.29 the EUI-64 mechanism for stateless autoconfiguration of IPv6 addresses requires a subnet to have 64 bits. This means most, if not all subnets (except point-to-point links), will have a size of /64 in the future.

  • raindog308 said: Happens every time someone says "that's more than enough for any possible use".

    Pretty much the only way to run of IPv6 before it becomes obsolete is human stupidity. That can't be fixed with any number of bits. Inevitably, at some point, someone will figure out a use that IPv6 was never intended for - and that will be the threat.

  • raindog308raindog308 Moderator

    sc754 said: How many more gadgets do you think people will use / get. It can't be anywhere near as many as ipv6 addresses and I don't see a reason why people need multiple ip's in their thousands per person, since you get so many ports per ip

    And really, 640KB of RAM ought to be enough for anyone...

    I'd put a whole lot of money on the fact that eventually ipv6 will be exhausted. I will be through

    • proliferation of IP addressing. Only a dozen or so things in my house have an IP and they're all computers, mobile devices, or network devices. Someday every toaster will have an IP address.

    • mismanagement of the address space. When there is a "virtually unlimited" amount of everything, humans will use it up. There were once 5 billion passenger pigeons in the world...today, zero. People will hand out big blocks of addresses and the people will hoard them (another human trait).

    In reality, ipv4 should be sufficient. I mean, who really needs more than 10.x, 172.16.x, and 192.168.x + one public IP? But human nature...

    My Advice: VPS Advice

    For LET support, please click here.

  • MicrolinuxMicrolinux Member
    edited May 2014

    @linuxthefish said: Seriously though, what is the use of a /64 for an end user?

    IPv6 allocations tend to be based more on efficiency and network logic than actual need. Also keep in mind, once that /64 hits you -- you are free to sub-divide it as you wish.

  • KeithKeith Member

    raindog308 said: But somehow, someway, I just know there will be a shortage in 20 years.

    Happens every time someone says "that's more than enough for any possible use".

    Is ipv8 next?

Sign In or Register to comment.