[AusNOG] UK server hosting

Karl Auer kauer at into6.com.au
Thu May 2 12:04:42 EST 2013


On Thu, 2013-05-02 at 10:44 +1000, Sean K. Finn wrote:
> As for IPv6 , school’s still out on assigning /64’s to customers.

The basic rule is, never assign a subnet smaller than a /64 unless you
have a very good technical reason for doing so. /64 is the standard.

> I’ve got carrier links with IPv6 and for each one, by carriers, I’m
> assigned a /126 (not a /127), which gives them one IPv6-ip, and me one
> IPv6-ip.  I don’t need a whole /64 to connect to points.

/127 is actually OK now for the specific case of a point to point link,
and provided the routers at each end are up to date. /126es are often
assigned to take older or less up-to-date routers into account, which
may not yet follow the latest RFCs.

> If I’m providing a server to a customer with, lets say, 32 IP’s for
> hosting, or whatever their requirement, do they really need more than
> a corresponding 32 IPv6 IP’s to achieve the same goal?

The trick is to drink the KoolAid and relax. Stop worrying about how
many addresses are in a subnet. Count subnets, not addresses. It doesn't
matter how many addresses people need - with a /64 they will have
"enough" - now and forever (for some value of forever :-)

> My easiest solution is, if I provide a customer with a /24, then I’ll
> provide them with a matching /120 of address space, at least for the
> time being.

The right correspondence is /24 -> /64. You are making a rod for your
own back if you start allocating non-/64 leaf subnets.

> It keeps the usage simple to begin with, and also aids in identifying
> single hosted compromised sites.

It's not simpler- in fact it is more complicated, because you have
several different subnet sizes to work with. That's necessary with IPv4,
but it is emphatically NOT necessary with IPv6. I'm tempted to say "and
it doesn't help identify compromised sites", but perhaps I shouldn't
until you've explained how it does :-)

> (Do I REALLY want to figure out which of the four billion IP’s a
> client is using to host their compromised site on?)

Clients won't use four billion addresses - they can't. Let alone the 18
billion+ in a  single /64. There are practical limits to how many hosts
can be on a single subnet, and those limits are hit far earlier than the
address limitation. Without subnet size limitations, and due to the use
of multicast vs broadcast, you can generally get more hosts into a
subnet with IPv6 than with IPv4, but it's not orders of magnitude more.

> If you want a /64, sure, why not, go nuts, do your own thing with it,
> but it *IS* overkill for non nerdy customers who
> just-want-their-bloody-hosting-to-work.

Their hosting will work just as well with a /64 as with a /120. Stick
with the standard - that way you have one size fitting all. Worrying
about address "overkill" is IPv4-think. There are enough addresses. Use
them.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer                                          tel  +61-2-64957435
kauer at into6.com.au                                 mob  +61-428-957160
                                         
Into6 - IPv6 design, support, training                www.into6.com.au

GPG/PGP fingerprint: D8A4 A65A EE32 286F 1E36 55A4 0901 EEAF A785 1684




More information about the AusNOG mailing list