On Sep 24, 2012, at 21:08 , Jeff Wheeler <jsw@inconcepts.biz> wrote:
On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch@illuminati.org> wrote:
Does the best practise switch to now using one IPv6 per site, or still the same one IPv6 for multi-sites?
Certainly it would be nice to have IPv6 address per vhost. In many cases, this will be practical.
It also sometimes will NOT be practical.
Imagine that I am one of the rather clueless hosting companies who are handing out /64 networks to any customer who asks for one, and using NDP to find the machine using each address in the /64. Churn problems aside, if you have any customer doing particularly dense virtual hosting, say a few thousand IPv6 addresses on his one or more machines, then he will use up the whole NDP table for just himself. You probably won't want to be a customer on the same layer-3 device as that guy. Now that there might be dozens of VMs per physical server and maybe 40 physical servers per each top-of-rack device, you can quickly exhaust all of your NDP entries even with normal, legitimate uses like www virtual hosting.
That's not the best way to stand up /64s for vhosts. If you're smart, the customer gets a /64 for machine addresses (put your interfaces in this /64) and each machine gets a /64 for vHosts (put your vhost addresses on the loopback interface of the applicable machine). Then, you route the /64 to the machine address for the applicable machine and the vhosts never hit your neighbor table. [snip] Deleted a whole bunch of additional reasons you really want to do things the way I suggest above [/snip] Owen