Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Datacenter IPv6 providing less than /64 per dedicated server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Datacenter IPv6 providing less than /64 per dedicated server

NihimNihim Member
edited August 2015 in Help

So if I am not mistaken IANA (ICANN) suggests a /64 per individual (like a ISP customer) and almost everyone considers a /64 like (originating from) one connection.

Just saw that leaseweb gives out a /112 per dedi. Personally that seems weird to me seeing the nature of IPv6. Obviously I will never use the /64 or the /112 but from what I 've read providing less than a /64 feels wrong and doesn't provide any benefit.

It pottentially can cause problems since as I said in certain cases a /64 is considered one connection so if a /64 is split under multiple servers it can affect all of them.

Am I wrong in thinking that? Regardless of whether I am right or wrong would like to hear a more detailed explanation on how IPv6 allocation works per say individual.

Cheers

«1

Comments

  • Shot2Shot2 Member
    edited August 2015

    You're right, even though few people (and unfortunately, few ISP/hosting sellers) care about IPv6.

    A /64 block should be the minimum to provide any customer with... and still, it might prove problematic for some use cases, were some customer willing to implement IPv6-compatible services on their machine (a VPN for example, as it requires a /64 block for itself in order to function properly).

    As I said, few if any providers care, most of them get the whole IPv6 thing remarkably wrong (e.g. OVH offering a unique /128 address, while many consider a /112 block "plenty enough" even though it's barely usable...)

    Afaik only vstoike.ru VPS come with a decent IPv6 allocation (/56, IIRC)

    Thanked by 1Nihim
  • rm_rm_ IPv6 Advocate, Veteran

    You're absolutely correct, and a /112 per dedi is top silliness, and a sure sign that someone somewhere doesn't understand IPv6. Even giving out a /112 per VPS is questionable and can lead to various issues, but per a dedicated server, there's simply no excuse.

  • Before I made this post here I created a ticket @ leaseweb explaining my reasoning behind requesting a full /64 and implications that could arise from the /112.
    (well it was a bit silly ticket - monty pythons - as in it's short & I wrote it in a hurray)

    Will see how that goes.

  • @rm_ said:
    You're absolutely correct, and a /112 per dedi is top silliness, and a sure sign that someone somewhere doesn't understand IPv6. Even giving out a /112 per VPS is questionable and can lead to various issues, but per a dedicated server, there's simply no excuse.

    I can understand smaller blocks for LowEndSpirit providers, since they're ran on a very tight budget and don't have much choice in providers. Sometimes they have to run OpenVZ inside KVM/Xen limiting the options even further.

    The underlying problem, though, is providers refusing to hand out /48s. Even a /56 would do for most cases.

  • ClouviderClouvider Member, Patron Provider
    edited August 2015

    @mpkossen /48 should not be a problem. In fact it can be arranged as a PI, fairly easy in RIPE region at least. I do agree though with the case that some providers simply didn't bothered to read enough RFCs about IPv6, or even simple official guidelines and recommended addressing plan policies as in RIPE region.

  • @Clouvider said:
    mpkossen /48 should not be a problem. In fact it can be arranged as a PI, fairly easy in RIPE region at least. I do agree though with the case that some providers simply didn't bothered to read enough RFCs about IPv6, or even simple official guidelines and recommended addressing plan policies as in RIPE region.

    You don't have to tell me. Tell the guys at Hetzner, Leaseweb, and a whole bunch of other providers who don't seem to grasp the concept.

    It's disappointing that businesses the size of Hetzner and Leaseweb don't seem to understand something as basic and simple as IPv6 (which has been around for almost 20 years!).

    Thanked by 1Clouvider
  • MaouniqueMaounique Host Rep, Veteran
    edited August 2015

    /112 is a waste!!! Voxility, after a lot of begging, finally enabled IPv6 and gave me /128 per IPv4...
    Only when those stopped working they offered a /64 for 100 Eur fee... After 2 months, the /128s were still not working (I wonder why, it is so easy to carve /128s for each odd IPv4 allocated not even in order to various customers), so they finally gave in and allocated me a /64 without the ridiculous "routing fee". Only one, though, not one per IPv4 as it would have been a minimum, or a /56 to manage my own.

  • @Maounique are the IPv6 mitigated?

  • MaouniqueMaounique Host Rep, Veteran

    TBH, have no idea, I am not using their mitigation.

    Thanked by 1J1021
  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2015

    mpkossen said: I can understand smaller blocks for LowEndSpirit providers, since they're ran on a very tight budget and don't have much choice in providers.

    There's a difference between that, and the fat dumb Leaseweb sitting on a /32 (likely could extend to a /29 for free) but allocating a /112 per server because of some incompetent reasoning such as "64K IPs should be enough".

  • nexusrainnexusrain Member
    edited August 2015

    Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

    -revoked

  • MaouniqueMaounique Host Rep, Veteran

    @nexusrain said:
    Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

    I can understand this from a random guy on the net, but a big provider worth many millions cannot think like that, RFCs are there for a reason, also, recommendations from IANA and cubs.

  • @Maounique said:
    I can understand this from a random guy on the net, but a big provider worth many millions cannot think like that, RFCs are there for a reason, also, recommendations from IANA and cubs.

    Sure it's something else for providers, but for a "normal server owner" like the OP looks like that's just senseless.

  • IANA even suggests a /64 per home user @nexusrain

    As for me I don't need them, hell with just 2-3 I would be fine but a lot of stuff out there considers /64 as 1 IP, that is if a IP under that /64 gets blacklisted the whole /64 gets blacklisted.
    So if my server is under the same /64 with others that potentially can cause me trouble. And a /64 is nothing quantity wise since the ranges providers get are expondentially bigger.

  • @nexusrain said:
    Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

    I immediately know that someone didn't understand IPv6 when reading a statement like that.

  • https://tools.ietf.org/html/rfc6583 I'll just leave this here.

  • I don't think there's a solid standard that everyone wants to follow for allocating blocks of IPV6 address. Some just want to do 5 IPv6's, /96, /112, /118, /64, etc. It'll be very difficult to mitigate a ddos attack at the routing level without lots of collateral damage. Personally, I think the /64 guideline is outdated.

  • nexusrainnexusrain Member
    edited August 2015

    @Nihim said:
    if a IP under that /64 gets blacklisted the whole /64 gets blacklisted

    Oh, didn't know this. Alright then, a hole /64 makes more sense then. First comment in this thread revoked.

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2015

    DamienSB said: I'll just leave this here.

    Cave in phrase for a dumb lemming who saw some link somewhere and now goes around forums trolling with it in every vaguely related thread, not even understanding said link himself in the first place...

    Let me explain how subnet assignments are usually done. You get one IP (a /128), and the rest of whatever allocation you get (a /48, a /56, or even a /64) is routed via that /128 to you. And guess what. In a setup like this the issue described in the RFC you so helpfully "left here" for us does not apply what-so-ever.

  • @nexusrain said:
    Wtf. Why do you want 18.446.744.073.709.551.616 IPs, that's complete BS.

    Why do you want 65,536 ports on an IP? You could just have, like, 50 ports, leaving the rest to the world.

  • @msg7086 said:
    Why do you want 65,536 ports on an IP? You could just have, like, 50 ports, leaving the rest to the world.

    That's something completely else. And I already revoked my first comment.

    Thanked by 1NeoXiD
  • @msg7086 said:
    Why do you want 65,536 ports on an IP? You could just have, like, 50 ports, leaving the rest to the world.

    50? Why do you need 50? 20 is max. Just buy an LES

  • NeoXiDNeoXiD Member
    edited August 2015

    @nexusrain said:
    That's something completely else. And I already revoked my first comment.

    Thanks for adding "revoked" to the post instead of ripping everything away, many people don't act like you unfortunately.

    Thanked by 3Maounique Pwner ucxo
  • @NeoXiD said:
    Thanks for adding "revoked" to the post instead of ripping everything away, many people don't act like you unfortunately.

    I know, this annoys me as well when people do it so I don't :)

    Thanked by 1NeoXiD
  • rm_rm_ IPv6 Advocate, Veteran

    black said: I don't think there's a solid standard that everyone wants to follow for allocating blocks of IPV6 address. Some just want to do 5 IPv6's, /96, /112, /118, /64, etc.

    Some just want 50V in their outlets, some want 380V, some want maybe 150V or so. Surely that way it's more fun, plug your stuff in and you never know what happens.

    It'll be very difficult to mitigate a ddos attack at the routing level without lots of collateral damage.

    Why? Ban a /64, then extend by 8 bits first to a /56, then to a /48. Much simpler than IPv4, in fact.

    Personally, I think the /64 guideline is outdated.

    It is not going anywhere. Not towards the shrinking side, at any rate. Residential IPv6 deployments are all a /64 or more (requirement for SLAAC), due to this every blocklist, spamlist and connection ratelimit list will operate at a /64 granularity, not anything more precise. And nope, no one is going to special case a DC or a dedi provider ("Oh I know it's that special one, they assign a /112 per user, let's not ban their /64s..." -- nope, just too much effort and unmaintainable on a global scale).

    Thanked by 2NeoXiD ucxo
  • @rm_ said:
    Let me explain how subnet assignments are usually done. You get one IP (a /128), and the rest of whatever allocation you get (a /48, a /56, or even a /64) is routed via that /128 to you. And guess what. In a setup like this the issue described in the RFC you so helpfully "left here" for us does not apply what-so-ever.

    Many providers just slap a /64 on the vlan and call it a day. Many people dont even configure their switches properly in any environment. If that's a datacenter, a few racks in their office building, or shoved under a desk someplace.

    Nobody follows the "standard". Everyone is going to do whatever they want and what they feel works the best.

  • MaouniqueMaounique Host Rep, Veteran

    @black said:
    I don't think there's a solid standard that everyone wants to follow for allocating blocks of IPV6 address. Some just want to do 5 IPv6's, /96, /112, /118, /64, etc. It'll be very difficult to mitigate a ddos attack at the routing level without lots of collateral damage. Personally, I think the /64 guideline is outdated.

    TBH, I also dont like the IPv6 design, however, we have to live with this, once it was implemented, it will last forever. The citizen's network of the future will probably be ipless, addresses in almost human readable form, no more need for DNS, etc. Let's hope we will have a PoC next year.

  • @rm_ is there a RFC or something that states the "proper" etiquette for resindential deployments is a /64? Would be good to link to that since regardless if it is a rule or not, it's way too big for any DC to just say "I don't agree with this" and a good argument for my side!

  • UrDNUrDN Member

    IPv6 is very easy to deploy, the problem of most big ISPs is that they use proprietary garbage incapable of routing IPv6 which they can't update.

    Some policies such as the one to obtain a PI when you're not a LIR with the RIPE are really bad, but apart those issues there's really no difficulty in implementing IPv6.

    /56 should be given to sites or end-users who have the intention to route /64 to more devices.

    /64 are used for instance on a router so SLAAC can be used, it's so easy to setup, it's like two lines in the router advertisement daemon.

  • rm_rm_ IPv6 Advocate, Veteran

    Nihim said: is there a RFC or something that states the "proper" etiquette for resindential deployments is a /64? Would be good to link to that since regardless if it is a rule or not

    The main one is IPv6 Address Assignment to End Sites.

    The core rationale for /64s is that SLAAC is the de-facto way of providing IPv6 configuration to the actual endpoint devices (DHCPv6 is much less widely supported and is more complex), SLAAC requires a /64 per physical network, so you need at least one /64 as the bare minimum for it to work.

Sign In or Register to comment.