On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <mitch@illuminati.org> wrote:
Does the best practise switch to now using one IPv6 per site, or still the same one IPv6 for multi-sites?
Certainly it would be nice to have IPv6 address per vhost. In many cases, this will be practical. It also sometimes will NOT be practical. Imagine that I am one of the rather clueless hosting companies who are handing out /64 networks to any customer who asks for one, and using NDP to find the machine using each address in the /64. Churn problems aside, if you have any customer doing particularly dense virtual hosting, say a few thousand IPv6 addresses on his one or more machines, then he will use up the whole NDP table for just himself. You probably won't want to be a customer on the same layer-3 device as that guy. Now that there might be dozens of VMs per physical server and maybe 40 physical servers per each top-of-rack device, you can quickly exhaust all of your NDP entries even with normal, legitimate uses like www virtual hosting. Now imagine the hosting company has decided the "stacking" trend is a good idea, and stacked up a row of 10 EX4200s so they can all share the same configuration, uplinks, etc. They also share the same NDP table, so it will be quite easy to run out of NDP (there is only room for a few thousand entries) not just on one top-of-rack switch, but on the whole row. Further, imagine you decided to use a 6500 for a room full of customers, or even your whole datacenter, which will often work just fine for IPv4. Suddenly it won't for IPv6, because each customer may want to make hundreds of NDP entries for his various virtual-hosts. Just one busy customer with a lot of virtual hosting will run out a resource shared by every other customer. So yes, having an IPv6 address per each www virtual-host is certainly a nice idea. If you have to use NDP to get your addresses to your web server, though, it might not be practical. It certainly will be foolish in a "dedicated server" type of environment where you are renting individual machines or VMs and not owning your own layer-3 box. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts