Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Datacenter IPv6 providing less than /64 per dedicated server
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Datacenter IPv6 providing less than /64 per dedicated server

    NihimNihim Member
    edited August 2015 in Help

    So if I am not mistaken IANA (ICANN) suggests a /64 per individual (like a ISP customer) and almost everyone considers a /64 like (originating from) one connection.

    Just saw that leaseweb gives out a /112 per dedi. Personally that seems weird to me seeing the nature of IPv6. Obviously I will never use the /64 or the /112 but from what I 've read providing less than a /64 feels wrong and doesn't provide any benefit.

    It pottentially can cause problems since as I said in certain cases a /64 is considered one connection so if a /64 is split under multiple servers it can affect all of them.

    Am I wrong in thinking that? Regardless of whether I am right or wrong would like to hear a more detailed explanation on how IPv6 allocation works per say individual.

    Cheers

    Comments

    • Shot2Shot2 Member
      edited August 2015

      You're right, even though few people (and unfortunately, few ISP/hosting sellers) care about IPv6.

      A /64 block should be the minimum to provide any customer with... and still, it might prove problematic for some use cases, were some customer willing to implement IPv6-compatible services on their machine (a VPN for example, as it requires a /64 block for itself in order to function properly).

      As I said, few if any providers care, most of them get the whole IPv6 thing remarkably wrong (e.g. OVH offering a unique /128 address, while many consider a /112 block "plenty enough" even though it's barely usable...)

      Afaik only vstoike.ru VPS come with a decent IPv6 allocation (/56, IIRC)

      Thanked by 1Nihim

      Providing less than /64 means "we are clueless about IPv6". I haz Aruba, IonSwitch, OneProv, Veesp.

    • rm_rm_ Member

      You're absolutely correct, and a /112 per dedi is top silliness, and a sure sign that someone somewhere doesn't understand IPv6. Even giving out a /112 per VPS is questionable and can lead to various issues, but per a dedicated server, there's simply no excuse.

    • Before I made this post here I created a ticket @ leaseweb explaining my reasoning behind requesting a full /64 and implications that could arise from the /112.
      (well it was a bit silly ticket - monty pythons - as in it's short & I wrote it in a hurray)

      Will see how that goes.

    • @rm_ said:
      You're absolutely correct, and a /112 per dedi is top silliness, and a sure sign that someone somewhere doesn't understand IPv6. Even giving out a /112 per VPS is questionable and can lead to various issues, but per a dedicated server, there's simply no excuse.

      I can understand smaller blocks for LowEndSpirit providers, since they're ran on a very tight budget and don't have much choice in providers. Sometimes they have to run OpenVZ inside KVM/Xen limiting the options even further.

      The underlying problem, though, is providers refusing to hand out /48s. Even a /56 would do for most cases.

      I recommend Prometeus, the best provider ever!

    • ClouviderClouvider Member, Provider
      edited August 2015

      @mpkossen /48 should not be a problem. In fact it can be arranged as a PI, fairly easy in RIPE region at least. I do agree though with the case that some providers simply didn't bothered to read enough RFCs about IPv6, or even simple official guidelines and recommended addressing plan policies as in RIPE region.

      Clouvider Leading UK Cloud Hosting solution provider || UK Dedicated Servers Sale || Tasty KVM Slices || Latest LET Offer

      Web hosting in Cloud | SSD & SAS True Cloud VPS on OnApp | Private Cloud | Dedicated Servers | Colocation | Managed Services

    • @Clouvider said:
      mpkossen /48 should not be a problem. In fact it can be arranged as a PI, fairly easy in RIPE region at least. I do agree though with the case that some providers simply didn't bothered to read enough RFCs about IPv6, or even simple official guidelines and recommended addressing plan policies as in RIPE region.

      You don't have to tell me. Tell the guys at Hetzner, Leaseweb, and a whole bunch of other providers who don't seem to grasp the concept.

      It's disappointing that businesses the size of Hetzner and Leaseweb don't seem to understand something as basic and simple as IPv6 (which has been around for almost 20 years!).

      Thanked by 1Clouvider

      I recommend Prometeus, the best provider ever!

    • MaouniqueMaounique Member
      edited August 2015

      /112 is a waste!!! Voxility, after a lot of begging, finally enabled IPv6 and gave me /128 per IPv4...
      Only when those stopped working they offered a /64 for 100 Eur fee... After 2 months, the /128s were still not working (I wonder why, it is so easy to carve /128s for each odd IPv4 allocated not even in order to various customers), so they finally gave in and allocated me a /64 without the ridiculous "routing fee". Only one, though, not one per IPv4 as it would have been a minimum, or a /56 to manage my own.

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • @Maounique are the IPv6 mitigated?

    • TBH, have no idea, I am not using their mitigation.

      Thanked by 1J1021

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • rm_rm_ Member
      edited August 2015

      mpkossen said: I can understand smaller blocks for LowEndSpirit providers, since they're ran on a very tight budget and don't have much choice in providers.

      There's a difference between that, and the fat dumb Leaseweb sitting on a /32 (likely could extend to a /29 for free) but allocating a /112 per server because of some incompetent reasoning such as "64K IPs should be enough".

    • nexusrainnexusrain Member
      edited August 2015

      Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

      -revoked

      ¦ x64Dash ¦

    • @nexusrain said:
      Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

      I can understand this from a random guy on the net, but a big provider worth many millions cannot think like that, RFCs are there for a reason, also, recommendations from IANA and cubs.

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • @Maounique said:
      I can understand this from a random guy on the net, but a big provider worth many millions cannot think like that, RFCs are there for a reason, also, recommendations from IANA and cubs.

      Sure it's something else for providers, but for a "normal server owner" like the OP looks like that's just senseless.

      ¦ x64Dash ¦

    • IANA even suggests a /64 per home user @nexusrain

      As for me I don't need them, hell with just 2-3 I would be fine but a lot of stuff out there considers /64 as 1 IP, that is if a IP under that /64 gets blacklisted the whole /64 gets blacklisted.
      So if my server is under the same /64 with others that potentially can cause me trouble. And a /64 is nothing quantity wise since the ranges providers get are expondentially bigger.

    • @nexusrain said:
      Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

      I immediately know that someone didn't understand IPv6 when reading a statement like that.

      SnapServ Mathis - Your cheap and reliable RIPE Sponsoring LIR. Use coupon code LET2017 to get a recurring discount of 10% on our products!

    • https://tools.ietf.org/html/rfc6583 I'll just leave this here.

    • I don't think there's a solid standard that everyone wants to follow for allocating blocks of IPV6 address. Some just want to do 5 IPv6's, /96, /112, /118, /64, etc. It'll be very difficult to mitigate a ddos attack at the routing level without lots of collateral damage. Personally, I think the /64 guideline is outdated.

    • nexusrainnexusrain Member
      edited August 2015

      @Nihim said:
      if a IP under that /64 gets blacklisted the whole /64 gets blacklisted

      Oh, didn't know this. Alright then, a hole /64 makes more sense then. First comment in this thread revoked.

      ¦ x64Dash ¦

    • rm_rm_ Member
      edited August 2015

      DamienSB said: I'll just leave this here.

      Cave in phrase for a dumb lemming who saw some link somewhere and now goes around forums trolling with it in every vaguely related thread, not even understanding said link himself in the first place...

      Let me explain how subnet assignments are usually done. You get one IP (a /128), and the rest of whatever allocation you get (a /48, a /56, or even a /64) is routed via that /128 to you. And guess what. In a setup like this the issue described in the RFC you so helpfully "left here" for us does not apply what-so-ever.

    • @nexusrain said:
      Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

      Why do you want 65,536 ports on an IP? You could just have, like, 50 ports, leaving the rest to the world.

    • @msg7086 said:
      Why do you want 65,536 ports on an IP? You could just have, like, 50 ports, leaving the rest to the world.

      That's something completely else. And I already revoked my first comment.

      Thanked by 1NeoXiD

      ¦ x64Dash ¦

    • @msg7086 said:
      Why do you want 65,536 ports on an IP? You could just have, like, 50 ports, leaving the rest to the world.

      50? Why do you need 50? 20 is max. Just buy an LES

      Different.

    • NeoXiDNeoXiD Member
      edited August 2015

      @nexusrain said:
      That's something completely else. And I already revoked my first comment.

      Thanks for adding "revoked" to the post instead of ripping everything away, many people don't act like you unfortunately.

      Thanked by 3Maounique Pwner ucxo

      SnapServ Mathis - Your cheap and reliable RIPE Sponsoring LIR. Use coupon code LET2017 to get a recurring discount of 10% on our products!

    • @NeoXiD said:
      Thanks for adding "revoked" to the post instead of ripping everything away, many people don't act like you unfortunately.

      I know, this annoys me as well when people do it so I don't :)

      Thanked by 1NeoXiD

      ¦ x64Dash ¦

    • rm_rm_ Member

      black said: I don't think there's a solid standard that everyone wants to follow for allocating blocks of IPV6 address. Some just want to do 5 IPv6's, /96, /112, /118, /64, etc.

      Some just want 50V in their outlets, some want 380V, some want maybe 150V or so. Surely that way it's more fun, plug your stuff in and you never know what happens.

      It'll be very difficult to mitigate a ddos attack at the routing level without lots of collateral damage.

      Why? Ban a /64, then extend by 8 bits first to a /56, then to a /48. Much simpler than IPv4, in fact.

      Personally, I think the /64 guideline is outdated.

      It is not going anywhere. Not towards the shrinking side, at any rate. Residential IPv6 deployments are all a /64 or more (requirement for SLAAC), due to this every blocklist, spamlist and connection ratelimit list will operate at a /64 granularity, not anything more precise. And nope, no one is going to special case a DC or a dedi provider ("Oh I know it's that special one, they assign a /112 per user, let's not ban their /64s..." -- nope, just too much effort and unmaintainable on a global scale).

      Thanked by 2NeoXiD ucxo
    • @rm_ said:
      Let me explain how subnet assignments are usually done. You get one IP (a /128), and the rest of whatever allocation you get (a /48, a /56, or even a /64) is routed via that /128 to you. And guess what. In a setup like this the issue described in the RFC you so helpfully "left here" for us does not apply what-so-ever.

      Many providers just slap a /64 on the vlan and call it a day. Many people dont even configure their switches properly in any environment. If that's a datacenter, a few racks in their office building, or shoved under a desk someplace.

      Nobody follows the "standard". Everyone is going to do whatever they want and what they feel works the best.

    • @black said:
      I don't think there's a solid standard that everyone wants to follow for allocating blocks of IPV6 address. Some just want to do 5 IPv6's, /96, /112, /118, /64, etc. It'll be very difficult to mitigate a ddos attack at the routing level without lots of collateral damage. Personally, I think the /64 guideline is outdated.

      TBH, I also dont like the IPv6 design, however, we have to live with this, once it was implemented, it will last forever. The citizen's network of the future will probably be ipless, addresses in almost human readable form, no more need for DNS, etc. Let's hope we will have a PoC next year.

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • @rm_ is there a RFC or something that states the "proper" etiquette for resindential deployments is a /64? Would be good to link to that since regardless if it is a rule or not, it's way too big for any DC to just say "I don't agree with this" and a good argument for my side!

    • UrDNUrDN Member

      IPv6 is very easy to deploy, the problem of most big ISPs is that they use proprietary garbage incapable of routing IPv6 which they can't update.

      Some policies such as the one to obtain a PI when you're not a LIR with the RIPE are really bad, but apart those issues there's really no difficulty in implementing IPv6.

      /56 should be given to sites or end-users who have the intention to route /64 to more devices.

      /64 are used for instance on a router so SLAAC can be used, it's so easy to setup, it's like two lines in the router advertisement daemon.

      www.urdn.com.ua - KVM/Qemu hosting in Sweden.

    • rm_rm_ Member

      Nihim said: is there a RFC or something that states the "proper" etiquette for resindential deployments is a /64? Would be good to link to that since regardless if it is a rule or not

      The main one is IPv6 Address Assignment to End Sites.

      The core rationale for /64s is that SLAAC is the de-facto way of providing IPv6 configuration to the actual endpoint devices (DHCPv6 is much less widely supported and is more complex), SLAAC requires a /64 per physical network, so you need at least one /64 as the bare minimum for it to work.

    • BruceBruce Member
      edited August 2015

      THIS article is good reading on the subject

      typical usage:

      the case for ISPs:

      nowhere does it suggest it's a good idea to issue anything longer than a /64. although "end site" is never defined, this article does mention a low bandwith PDA should still be issued with a /64. So I think it's reasonable to apply this to VPS

      interesting that nowhere, that I can find, refers to the hosting business at all, in regard to IPv6 allocation for servers, VPS, websites, etc.

      free trial zilore monitoring

    • msg7086msg7086 Member
      edited August 2015

      @nexusrain said:
      That's something completely else. And I already revoked my first comment.

      Thanks for revoking. However IMHO they are quite similar. In a IPv4 NAT environment you share IP address with someone else. Technically there are ~65535 ports (what a waste) to be shared with your neighbors. When your neighbor did something wrong and got blacklisted, sued, etc, you are affected as well.

      The same applies to IPv6, where a /64 is consider a single organization / entity / group / person. So if you share the "18.446.744.073.709.551.616" addresses with someone else, and they do something wrong, you are affected as well.

      OVH, who assign you a /128 address, will also reserve the whole rest of the /64 for you. This solves 2 problems, (1) you are assigned only a /128, so no "waste" (/sarcasm), (2) you don't share the subnet with anyone else.

      Thanked by 14n0nx
    • rm_rm_ Member
      edited August 2015

      msg7086 said: (1) you are assigned only a /128, so no "waste" (/s), (2) you don't share the subnet with anyone else.

      Even if accepting your silly "waste" argument, how is there no waste, if the whole /64 is allocated to you? And then you're told you can't use it, and of course nobody else can. This is worse than waste, marking IPs as occupied but then forbidding anyone to use them. (Actually of course you can).

    • msg7086msg7086 Member
      edited August 2015

      @rm_ said:

      Note /s (Just fixed it so people won't miss it)

    • rm_rm_ Member

      msg7086 said: (Just fixed it so people won't miss it)

      Okay, now is a bit clearer, but it still doesn't make any sense, even in a sarcastic manner.

    • So leaseweb answered and they refused to issue a new range since:

      "I already have a range assigned and I didn't ask for that from the start, IPv6 is provided for free so they won't do it after this time period (since I requested them) has passed."

      At this point I hope some other customer gets my /64 blacklisted somewhere since I am pretty sure (without having re checked their TOS) that they have to provide clean IPs and see how they fix it.

    • Nihim said: that they have to provide clean IPs

      Yes, it will be clean at provisioning, if it gets dirty, you are guilty too, terminated, no refund.

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • @Maounique said:

      That would be wrong and illegal, since I can't be held responsible for what another customer does with his own dedicated server, their fault for splitting a /64 over multiple different customers.

    • @Nihim said:
      That would be wrong and illegal, since I can't be held responsible for what another customer does with his own dedicated server, their fault for splitting a /64 over multiple different customers.

      Agreed, but you cannot prove that and even if you could, would you go to another country/state and sue them for 50 bucks? Doubtful.

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • zedzed Member

      If I don't get a full /64 (or /48, circumstances), I'm going to assume there are probably other things networking they are also clueless about.

      Thanked by 1rm_
    • It's not about the amount of IPs but about being blocked by providers who adhere to standards and think of one /64 as one individual.

      (((o(゚▽゚)o))) If privacy is outlawed, only outlaws will have privacy. (((o(゚▽゚)o)))

      ヽ(`Д´)ノ Everyone should run Tor on their idle servers.

    • 4n0nx said: who adhere to standards

      That is why standards are there, so everyone adheres to them, if they do not adhere, should suffer the consequences.

      Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

    • Yea I have some friends that are from NL and are also customers of leaseweb, I 'll get them to call leaseweb and ask for the same thing. Usually on phone they are more "level headed".

      I shall name it the "IPv6 Crusade" !! (sorry I am kind tired and could't resist)...

    Sign In or Register to comment.