Credit to Digital Ocean for ipv6 offering
I have not tried it out, this makes it look like DO beat Azure to market on ipv6 http://venturebeat.com/2014/06/17/digitalocean-ipv6/ Speaking of Azure and ip adresses http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-m...
Not impressed at all. DO customers have been asking for IPv6 for around two years now with responses of, "It's coming". Now they are getting press because they are rollingit our ONLY in their Singapore market which is its newest data center. Those of us here in the US are still getting the same ole, "It's coming" responses. There are other VPS's out there that are already givinf IPv6 addresses. I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses. On Tue, 17 Jun 2014 07:06:49 -0700 Ca By <cb.list6@gmail.com> wrote:
I have not tried it out, this makes it look like DO beat Azure to market on ipv6
http://venturebeat.com/2014/06/17/digitalocean-ipv6/
Speaking of Azure and ip adresses
http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-m...
I think that's a bit harsh. I congratulate them for getting the first step done in the process of making it available for all customers. Jared Mauch
On Jun 17, 2014, at 10:35 AM, "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
Not impressed at all. DO customers have been asking for IPv6 for around two years now with responses of, "It's coming". Now they are getting press because they are rollingit our ONLY in their Singapore market which is its newest data center. Those of us here in the US are still getting the same ole, "It's coming" responses.
There are other VPS's out there that are already givinf IPv6 addresses. I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses.
On Tue, 17 Jun 2014 07:06:49 -0700 Ca By <cb.list6@gmail.com> wrote:
I have not tried it out, this makes it look like DO beat Azure to market on ipv6 http://venturebeat.com/2014/06/17/digitalocean-ipv6/ Speaking of Azure and ip adresses http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-m...
I don't think it is harsh when they lead their customers on with no progress. https://www.digitalocean.com/community/questions/is-ipv6-available digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2639897-ipv6-addresses Take note of the original post dates and the responses. Original questions were in 2012 with responses of Q4 2012 to Q1 2013. Robert On Tue, 17 Jun 2014 11:17:41 -0400 Jared Mauch <jared@puck.nether.net> wrote:
I think that's a bit harsh. I congratulate them for getting the first step done in the process of making it available for all customers.
Jared Mauch
On Jun 17, 2014, at 10:35 AM, "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
Not impressed at all. DO customers have been asking for IPv6 for around two years now with responses of, "It's coming". Now they are getting press because they are rollingit our ONLY in their Singapore market which is its newest data center. Those of us here in the US are still getting the same ole, "It's coming" responses.
There are other VPS's out there that are already givinf IPv6 addresses. I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses.
On Tue, 17 Jun 2014 07:06:49 -0700 Ca By <cb.list6@gmail.com> wrote:
I have not tried it out, this makes it look like DO beat Azure to market on ipv6 http://venturebeat.com/2014/06/17/digitalocean-ipv6/ Speaking of Azure and ip adresses http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-m...
On Jun 17, 2014, at 11:26 AM, rwebb@ropeguru.com wrote:
I don't think it is harsh when they lead their customers on with no progress.
https://www.digitalocean.com/community/questions/is-ipv6-available
digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2639897-ipv6-addresses
Take note of the original post dates and the responses. Original questions were in 2012 with responses of Q4 2012 to Q1 2013.
Sure, I've seen the same thing with OpenSRS and others with things like IPv6 glue and DS records for DNSSEC, but when they make it public/supportable, I still congratulate the engineers who made it happen. Could they have done it harder/better/faster/stronger [1]? Sure. We've been doing IPv6 for over a decade as a commercial service. I still am happy when networks get IPv6 enabled. There's a long road, and Digital Ocean is just one party that needs to make things happen. Wayport/attwifi, TWCable, and even Comcast who is a leader here in the USA could do more but it's all gated on internal criteria that I'm not aware of. - Jared - Jared [1] - http://www.najle.com/idaft/idaft/
On Tue, 17 Jun 2014 11:26:16 -0400 "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
I don't think it is harsh when they lead their customers on with no progress.
https://www.digitalocean.com/community/questions/is-ipv6-available
digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2639897-ipv6-addresses
Take note of the original post dates and the responses. Original questions were in 2012 with responses of Q4 2012 to Q1 2013.
Robert
To add on to this, it appears that DO now considers the request for IPv6 as now being "COMPLETE" because they have rolled it out in a single DC in Singapore, when the request was made by a lot of people BEFORE the Singapore DC was ever avaiable. Great lack of respect to your customer base.... http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/263...
Of course, one could also read the giant paragraph written by the CEO and see exactly what's going on, including the info about the other data centers and the new ones coming up. I love how people whine that operators don't deploy IPv6 quickly enough, and they cry even harder when it's actually being deployed because it's not perfect and everywhere on the first day. Really, give it a break. On 2014-06-18 13:44, rwebb@ropeguru.com wrote:
On Tue, 17 Jun 2014 11:26:16 -0400 "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
I don't think it is harsh when they lead their customers on with no progress.
https://www.digitalocean.com/community/questions/is-ipv6-available
digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2639897-ipv6-addresses
Take note of the original post dates and the responses. Original questions were in 2012 with responses of Q4 2012 to Q1 2013.
Robert
To add on to this, it appears that DO now considers the request for IPv6 as now being "COMPLETE" because they have rolled it out in a single DC in Singapore, when the request was made by a lot of people BEFORE the Singapore DC was ever avaiable.
Great lack of respect to your customer base....
http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/263...
Yep, same with Linode, they've had IPv6 live in their locations for a couple years now. I spun up an ipv6-enabled VM about 18 months ago and have had no issues since. David -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of rwebb@ropeguru.com Sent: Tuesday, June 17, 2014 10:35 AM To: Ca By; nanog@nanog.org Subject: Re: Credit to Digital Ocean for ipv6 offering Not impressed at all. DO customers have been asking for IPv6 for around two years now with responses of, "It's coming". Now they are getting press because they are rollingit our ONLY in their Singapore market which is its newest data center. Those of us here in the US are still getting the same ole, "It's coming" responses. There are other VPS's out there that are already givinf IPv6 addresses. I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses. On Tue, 17 Jun 2014 07:06:49 -0700 Ca By <cb.list6@gmail.com> wrote:
I have not tried it out, this makes it look like DO beat Azure to market on ipv6
http://venturebeat.com/2014/06/17/digitalocean-ipv6/
Speaking of Azure and ip adresses
http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighte d-as-microsoft-runs-out-of-us-address-space.html
On Tue, Jun 17, 2014 at 10:35:17AM -0400, rwebb@ropeguru.com wrote:
Not impressed at all. DO customers have been asking for IPv6 for around two years now with responses of, "It's coming". Now they are getting press because they are rollingit our ONLY in their Singapore market which is its newest data center. Those of us here in the US are still getting the same ole, "It's coming" responses.
There are other VPS's out there that are already givinf IPv6 addresses. I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses.
On Tue, 17 Jun 2014 07:06:49 -0700 Ca By <cb.list6@gmail.com> wrote:
I have not tried it out, this makes it look like DO beat Azure to market on ipv6
http://venturebeat.com/2014/06/17/digitalocean-ipv6/
Speaking of Azure and ip adresses
http://www.pcworld.com/article/2363580/need-to-move-to-ipv6-highlighted-as-m...
Agreed as well. It isn't hard to dual stack, maybe they bought some junk gear that has issues in the older datacenters? :) Howevveeerrr.... they are also the cheapest thing going (other than Vultr.com) so you also get what you pay for :) -- Bryan G. Seitz
On Jun 17, 2014, at 12:30 PM, Bryan Seitz <seitz@bsd-unix.net> wrote:
Agreed as well. It isn't hard to dual stack, maybe they bought some junk gear that has issues in the older datacenters? :)
We all have junk kicking around that we wish we didn't have.
Howevveeerrr.... they are also the cheapest thing going (other than Vultr.com) so you also get what you pay for :)
Even Facebook who has talked publicly about their IPv6 deployments and issues they have encountered has faced major hurdles in operation of networking and host behaviors. (start on page 11) http://www.internetsociety.org/deploy360/wp-content/uploads/2014/04/WorldIPv... - Jared
On Jun 17, 2014, at 7:35 AM, rwebb@ropeguru.com wrote:
There are other VPS's out there that are already givinf IPv6 addresses.
Yep, I use rootbsd.net and arpnetworks.com and have been happy with both.
I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses.
Wait. What? Do you mean 8 /64s? Regards, -drc
There are other VPS's out there that are already givinf IPv6 addresses.
Yep, I use rootbsd.net and arpnetworks.com and have been happy with both.
I have two with www.peakservers.com where I get one IPv4 and 8 IPv6 addresses.
Wait. What? Do you mean 8 /64s?
No, 8 individual IPv6 addresses. There have also been reports from some DO users of HE tunnels being blocked. Not sure what the status of that is.
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses.
Wow. Harsh. I burn more than that just in my living room.
I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
On 6/17/14, 1:29 PM, rwebb@ropeguru.com wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses.
Wow. Harsh. I burn more than that just in my living room.
I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
This is a joke, right? AlanC
On Tue, Jun 17, 2014 at 11:25 AM, Alan Clegg <alan@clegg.com> wrote:
On 6/17/14, 1:29 PM, rwebb@ropeguru.com wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses.
Wow. Harsh. I burn more than that just in my living room.
I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
This is a joke, right?
AlanC
Addresses are a scarce resource; one shouldn't waste them needlessly. I'm sure if more addresses are needed, customers can purchase additional IPs on a monthly basis. Matt
On 6/17/2014 3:19 PM, Matthew Petach wrote:
On Tue, Jun 17, 2014 at 11:25 AM, Alan Clegg <alan@clegg.com> wrote:
On 6/17/14, 1:29 PM, rwebb@ropeguru.com wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses. Wow. Harsh. I burn more than that just in my living room. I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses. This is a joke, right?
AlanC
Addresses are a scarce resource; one shouldn't waste them needlessly.
I'm sure if more addresses are needed, customers can purchase additional IPs on a monthly basis.
Matt
It's offered at a low low price of $.00000000000001 per IPv6 address[1]. [1] /64 minimum of course.
Robert, On Jun 17, 2014, at 10:29 AM, rwebb@ropeguru.com wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses. Wow. Harsh. I burn more than that just in my living room. I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
In the case of my 3 VPS's, I've received /64s from both RootBSD.net and Arp Networks or 55,340,232,221,128,654,848 addresses. I'm not sure I see a rationale for assigning 8 addresses. That is, I could understand assigning a single address or a /64 but 8 addresses? I'd think that'd be more complicated/error prone than either the /128 or /64 options. A bit odd. Regards, -drc
On 2014-06-17 21:46, David Conrad wrote:
No, 8 individual IPv6 addresses. Wow. Harsh. I burn more than that just in my living room. I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses. In the case of my 3 VPS's, I've received /64s from both RootBSD.net and Arp Networks or 55,340,232,221,128,654,848 addresses. I'm not sure I see a rationale for assigning 8 addresses. That is, I could understand assigning a single address or a /64 but 8 addresses? I'd think that'd be more complicated/error prone than either the /128 or /64 options. A bit odd.
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing. /64 for one customer seems to be too much, on the other side 8 IP's can be not enough in some cases. I think 65536 out of shared /64 for one server can be enough. You can easily automate provisioning and reverse DNS assuming you assign /112 for each server. If you block SLAAC and provide connectivity to only the static IP's, your abuse folks should appreciate it (yes, I know you can spoof v6). -- Grzegorz Janoszka
On Jun 17, 2014, at 12:55 PM, Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing.
Wouldn't that argue for /64s?
/64 for one customer seems to be too much,
In what way? What are you trying to protect against? It can't be address exhaustion (there are 2,305,843,009,213,693,952 possible /64s in the currently used format specifier. If there are 1,000,000,000 customer assignments every day of the year, the current format specifier will last over 6 million years). Regards, -drc
On 2014-06-17 22:13, David Conrad wrote:
On Jun 17, 2014, at 12:55 PM, Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing.
Wouldn't that argue for /64s?
/64 netmask, but not /64 for a customer. There are application which break if provided with /80 or /120, but I am not aware of an application requesting /64 for itself.
/64 for one customer seems to be too much,
In what way? What are you trying to protect against? It can't be address exhaustion (there are 2,305,843,009,213,693,952 possible /64s in the currently used format specifier. If there are 1,000,000,000 customer assignments every day of the year, the current format specifier will last over 6 million years).
Too much hassle, like too big config of your router. If you have 1000 customers in a subnet, you would have to have 1000 separate gateway IP's on your router interface plus 1000 local /64 routes. -- Grzegorz Janoszka
On 2014-06-17 22:36, Grzegorz Janoszka wrote:
On 2014-06-17 22:13, David Conrad wrote:
On Jun 17, 2014, at 12:55 PM, Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing.
Wouldn't that argue for /64s?
/64 netmask, but not /64 for a customer. There are application which break if provided with /80 or /120, but I am not aware of an application requesting /64 for itself.
Except for SLAAC that requires a /64 due to it using EUI-48 to make up the address, which "applications" are these, as those applications are broken by design. An application (unless it is a protocol like SLAAC or something else similarly low-level) does not need to know about prefix sizes nor routing tables. Thus, can you please identify these applications so that we can hammer on the developers of those applications and fix that problem?
/64 for one customer seems to be too much,
In what way? What are you trying to protect against? It can't be address exhaustion (there are 2,305,843,009,213,693,952 possible /64s in the currently used format specifier. If there are 1,000,000,000 customer assignments every day of the year, the current format specifier will last over 6 million years).
Too much hassle, like too big config of your router. If you have 1000 customers in a subnet, you would have to have 1000 separate gateway IP's on your router interface plus 1000 local /64 routes.
Wow, you really stuff all the customers in the same VLAN and thus the same routed IP.... lots of fun those other customers will have with that, especially as a lot of folks simply do not know that IPv6 is already there and has been enabled in their distribution, applications and kernels for many many years... As for "why" VPSs are doing the limited number of IPs per VM, simply: https://www.youtube.com/watch?v=YcXMhwF4EtQ And if you want more, you can buy more... hence if you want more, vote with your money and take your business elsewhere... Greets, Jeroen
On Tue, Jun 17, 2014 at 2:13 PM, Jeroen Massar <jeroen@massar.ch> wrote:
On 2014-06-17 22:36, Grzegorz Janoszka wrote:
On 2014-06-17 22:13, David Conrad wrote:
On Jun 17, 2014, at 12:55 PM, Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing.
Wouldn't that argue for /64s?
/64 netmask, but not /64 for a customer. There are application which break if provided with /80 or /120, but I am not aware of an application requesting /64 for itself.
Except for SLAAC that requires a /64 due to it using EUI-48 to make up the address, which "applications" are these, as those applications are broken by design.
An application (unless it is a protocol like SLAAC or something else similarly low-level) does not need to know about prefix sizes nor routing tables.
Thus, can you please identify these applications so that we can hammer on the developers of those applications and fix that problem?
I tried to configure my FreeBSD box at home to use a /120 subnet mask. It consistently crashed with a kernel panic. I eventually gave up and just configured it with a /64. Not really an application per se, but since the OS died, I couldn't actually tell if the applications were happy or not. :( Matt
On 2014-06-18 00:02, Matthew Petach wrote: [..]
I tried to configure my FreeBSD box at home to use a /120 subnet mask. It consistently crashed with a kernel panic.
Where is the bug report? I am fairly confident that that really should not be an issue, with the BSD stack being one of the oldest IPv6 stacks around (thank you itojun and the rest of KAME!) Greets, Jeroen
On Tue, Jun 17, 2014 at 3:04 PM, Jeroen Massar <jeroen@massar.ch> wrote:
On 2014-06-18 00:02, Matthew Petach wrote: [..]
I tried to configure my FreeBSD box at home to use a /120 subnet mask. It consistently crashed with a kernel panic.
Where is the bug report?
I am fairly confident that that really should not be an issue, with the BSD stack being one of the oldest IPv6 stacks around (thank you itojun and the rest of KAME!)
Greets, Jeroen
Didn't file a bug report; just used it as proof of why a bigger IPv6 allocation was needed, and worked around the problem that way. If you're curious, I can change /etc/rc.conf.local back and recreate the problem. Not sure who I'd file the bug with, though. Matt
On 17/06/14 23:13 , Jeroen Massar wrote:
Thus, can you please identify these applications so that we can hammer on the developers of those applications and fix that problem?
I haven't done extensive testing. I have just tried to divide a /64 into smaller subnets and to run Debian and Windows on it (as Matthew Petach did with his FreeBSD). I think I have tried /112 or /120. Debian was mostly fine, just one torrent or newsgroups client couldn't do v6 (can't recall which one), with Windows it was a different story and basically nothing really worked. It was some time ago and I haven't tried Windows 7 SP1, maybe it has been fixed till now. Does anyone have Windows with IPv6 and netmask > /64? -- Grzegorz Janoszka
On 2014-06-18 12:31, Grzegorz Janoszka wrote:
On 17/06/14 23:13 , Jeroen Massar wrote:
Thus, can you please identify these applications so that we can hammer on the developers of those applications and fix that problem?
I haven't done extensive testing. I have just tried to divide a /64 into smaller subnets and to run Debian and Windows on it (as Matthew Petach did with his FreeBSD). I think I have tried /112 or /120. Debian was mostly fine, just one torrent or newsgroups client couldn't do v6 (can't recall which one), with Windows it was a different story and basically nothing really worked.
Why would a torrent client care about the prefix length? But anyway, you had some random application that nobody uses that was broken, seems to be a problem with that specific application, not anything else.
It was some time ago and I haven't tried Windows 7 SP1, maybe it has been fixed till now. Does anyone have Windows with IPv6 and netmask > /64?
I've only played with the NT4, Win2k, XP, and Vista stacks, and these work fine in every scenario (/64 SLAAC, or /128 static config). Hence you'll need to provide a lot more details than "it didn't work"... Greets, Jeroen
On Wednesday, June 18, 2014 12:31:49 PM Grzegorz Janoszka wrote:
I haven't done extensive testing. I have just tried to divide a /64 into smaller subnets and to run Debian and Windows on it (as Matthew Petach did with his FreeBSD). I think I have tried /112 or /120. Debian was mostly fine, just one torrent or newsgroups client couldn't do v6 (can't recall which one), with Windows it was a different story and basically nothing really worked.
That's interesting. I've run /112's on OpenSUSE, FreeBSD (from 7.0 up to 10), Windows 7, Windows 8 and Mac OS X (since Tiger) and haven't had any issues worth remembering. Mark.
On (2014-06-17 23:13 +0200), Jeroen Massar wrote:
Except for SLAAC that requires a /64 due to it using EUI-48 to make up the address, which "applications" are these, as those applications are broken by design.
Strictly speaking SLAAC standard does not care about network size, you could specify standard using SLAAC for arbitrary media with arbitrary network size. In Ethernet EUI-64 is used, but that is not hard technical limitation, infact Cisco IOS happily will accept any prefix size in Ethernet and SLAAC will work fine. SLAAC never makes any guarantees of uniqueness which implies network can be arbitrarily small, as some other method (DAD) is needed for uniqueness guarantees. -- ++ytti
On Jun 17, 2014, at 13:36 , Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
On 2014-06-17 22:13, David Conrad wrote:
On Jun 17, 2014, at 12:55 PM, Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing.
Wouldn't that argue for /64s?
/64 netmask, but not /64 for a customer. There are application which break if provided with /80 or /120, but I am not aware of an application requesting /64 for itself.
/64 for one customer seems to be too much,
In what way? What are you trying to protect against? It can't be address exhaustion (there are 2,305,843,009,213,693,952 possible /64s in the currently used format specifier. If there are 1,000,000,000 customer assignments every day of the year, the current format specifier will last over 6 million years).
Too much hassle, like too big config of your router. If you have 1000 customers in a subnet, you would have to have 1000 separate gateway IP's on your router interface plus 1000 local /64 routes.
-- Grzegorz Janoszka
This is actually pretty easy. If I were structuring a VPS environment, then I'd put a /56 or possibly a /52, depending on the number of virtuals expected on each physical server. Then, for each customer who got a VPS on that server, I'd create a bridge interface with a /64 assigned to that customer. Each VPS on that physical server that belonged to the same customer would get put on the same /64. The router would route the /56 or /52 to the physical server. The hypervisor would have connected routes for the subordinate /64s and provide RAs to give default to the various VPSs. Very low maintenance, pretty straight forward and simple. Why would you ever put multiple customers in the same subnet in IPv6? That's just asking for trouble if you ask me. Owen
Once upon a time, Owen DeLong <owen@delong.com> said:
The router would route the /56 or /52 to the physical server. The hypervisor would have connected routes for the subordinate /64s and provide RAs to give default to the various VPSs.
Doing anything that ties networks to physical servers is a poor design for a VPS environment. That would mean that any VM migration requires customers to renumber (so no live migration allowed at all). -- Chris Adams <cma@cmadams.net>
On Tue, 17 Jun 2014 16:26:47 -0500, Chris Adams said:
Doing anything that ties networks to physical servers is a poor design for a VPS environment. That would mean that any VM migration requires customers to renumber (so no live migration allowed at all).
Why? Two hypervisors tossing a subnet route to a VM back and forth is *exactly* the same problem as two routers using VRRP to toss a subnet route back and forth. And somehow, we all manage to do that *all the time* without machines on the subnet having to renumber.
On Jun 17, 2014, at 12:55 , Grzegorz Janoszka <Grzegorz@Janoszka.pl> wrote:
On 2014-06-17 21:46, David Conrad wrote:
No, 8 individual IPv6 addresses. Wow. Harsh. I burn more than that just in my living room. I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses. In the case of my 3 VPS's, I've received /64s from both RootBSD.net and Arp Networks or 55,340,232,221,128,654,848 addresses. I'm not sure I see a rationale for assigning 8 addresses. That is, I could understand assigning a single address or a /64 but 8 addresses? I'd think that'd be more complicated/error prone than either the /128 or /64 options. A bit odd.
There are still applications that break with subnet smaller than /64, so all VPS providers probably have to use /64 addressing.
/64 for one customer seems to be too much, on the other side 8 IP's can be not enough in some cases. I think 65536 out of shared /64 for one server can be enough. You can easily automate provisioning and reverse DNS assuming you assign /112 for each server. If you block SLAAC and provide connectivity to only the static IP's, your abuse folks should appreciate it (yes, I know you can spoof v6).
There's no problem with assigning at least a /64 per customer even for VPSs. There are plenty of /64s to go around. Please stop trying to push the IPv4 scarcity mentality into IPv6. Subnet where it makes sense to subnet and assign a /64 to each subnet, whether it has 2 hosts or 2,000 hosts does not matter. In reality, the difference in waste between a /64 with 2,000 hosts on it and a subnet with 2 hosts on it is less than 0.00001%. Owen
+1+1+1 re living room On Jun 17, 2014 12:32 PM, "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses.
Wow. Harsh. I burn more than that just in my living room.
I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
In article <CABL6YZT7sSFxdBL1_UDVc2_t3X1drW0_AToHE51o2Pd=obDVrw@mail.gmail.com> you write:
+1+1+1 re living room
My cable company assigns my home network a /50. I can figure out what to do with two of the /64s (wired and wireless networks), but I'm currently stumped on the other 16,382 of them. R's, John
On Jun 17, 2014 12:32 PM, "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses.
Wow. Harsh. I burn more than that just in my living room.
I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
announce them so folks can use the space as darknets… /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 17June2014Tuesday, at 15:39, John Levine <johnl@iecc.com> wrote:
In article <CABL6YZT7sSFxdBL1_UDVc2_t3X1drW0_AToHE51o2Pd=obDVrw@mail.gmail.com> you write:
+1+1+1 re living room
My cable company assigns my home network a /50. I can figure out what to do with two of the /64s (wired and wireless networks), but I'm currently stumped on the other 16,382 of them.
R's, John
On Jun 17, 2014 12:32 PM, "rwebb@ropeguru.com" <rwebb@ropeguru.com> wrote:
On Tue, 17 Jun 2014 13:25:37 -0400 Valdis.Kletnieks@vt.edu wrote:
On Tue, 17 Jun 2014 13:14:04 -0400, "rwebb@ropeguru.com" said:
No, 8 individual IPv6 addresses.
Wow. Harsh. I burn more than that just in my living room.
I don't think that is too harsh as all 8 are assigned to a single server. So if I have three VPS's, I have 24 total addresses.
On 17 June 2014 23:39, John Levine <johnl@iecc.com> wrote:
In article <CABL6YZT7sSFxdBL1_UDVc2_t3X1drW0_AToHE51o2Pd= obDVrw@mail.gmail.com> you write:
+1+1+1 re living room
My cable company assigns my home network a /50. I can figure out what to do with two of the /64s (wired and wireless networks), but I'm currently stumped on the other 16,382 of them.
R's, John
I've got a /56 which I'm then delegating /60s from - so, for example, I've got a laptop which I run things like Virtualbox and Docker on. This laptop has a /60 and it can hand out /64s for virtual networks. I figure that with the larger allocations to homes or offices the question isn't "how do I allocate all of these" but "how do I delegate chunks of this in a hierarchical manner." Dan
My cable company assigns my home network a /50. I can figure out what to do with two of the /64s (wired and wireless networks), but I'm currently stumped on the other 16,382 of them. ...
I figure that with the larger allocations to homes or offices the question isn't "how do I allocate all of these" but "how do I delegate chunks of this in a hierarchical manner."
Or even, how do I allocate them at all. My D-Link wifi router can pick up a /64 and route it to its own LAN (wired and wifi bridged) and that's about it for IPv6 other than port filters to enable some inbound connections. It runs Linux so I suppose I could put dd-wrt onto it, but that's more fun than I have time for this week.
On Jun 18, 2014, at 09:07 , John Levine <johnl@iecc.com> wrote:
My cable company assigns my home network a /50. I can figure out what to do with two of the /64s (wired and wireless networks), but I'm currently stumped on the other 16,382 of them. ...
I figure that with the larger allocations to homes or offices the question isn't "how do I allocate all of these" but "how do I delegate chunks of this in a hierarchical manner."
Or even, how do I allocate them at all. My D-Link wifi router can pick up a /64 and route it to its own LAN (wired and wifi bridged) and that's about it for IPv6 other than port filters to enable some inbound connections.
It runs Linux so I suppose I could put dd-wrt onto it, but that's more fun than I have time for this week.
Yes, but let's please not make network design decisions based on the limitations built into one of the cheapest routers on the market intended for the lowest of the lowest common denominators. There are many other examples of CPE that can make use of properly sized prefixes (/48 per end site) and there is no reason not to deploy these. I find the /50 particularly odd as it's not a nibble boundary and very close to /48. It's almost certain this is an operator who fails to grasp that they could have easily gotten a larger allocation from their RIR if they just asked for it and provided the appropriate justification in terms of giving /48s to their customers. OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s. Sad, really. Owen
I find the /50 particularly odd as it's not a nibble boundary and very close to /48. It's almost certain this is an operator who fails to grasp that they could have easily gotten a larger allocation from their RIR if they just asked for it and provided the appropriate justification in terms of giving /48s to their customers. OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
It's Time-Warner, and they are not ignorant. I think they're experimenting. They are still working out bugs in their internal routing, since my v6 routes have an annoying habit of disappearing inside their network if I don't do a ping that passes through them every couple of minutes. Also, it may not actuallly be a /50. That's what their rwhois says, but I haven't done a tcpdump so I don't know what size they're actually offering me. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
On 6/18/14 2:44 PM, "John R. Levine" <johnl@iecc.com> wrote:
I find the /50 particularly odd as it's not a nibble boundary and very close to /48. It's almost certain this is an operator who fails to grasp that they could have easily gotten a larger allocation from their RIR if they just asked for it and provided the appropriate justification in terms of giving /48s to their customers. OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
It's Time-Warner, and they are not ignorant. I think they're experimenting. They are still working out bugs in their internal routing, since my v6 routes have an annoying habit of disappearing inside their network if I don't do a ping that passes through them every couple of minutes.
Also, it may not actuallly be a /50. That's what their rwhois says, but I haven't done a tcpdump so I don't know what size they're actually offering me.
It's either a /64 or a /56 or a misconfiguration. Lee
On 18 June 2014 19:05, Owen DeLong <owen@delong.com> wrote:
OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
Sad, really.
Owen
Is giving a /56 to residential customers REALLY "screwing them over"? It may be a failure of imagination on my part, but I'm struggling to come up with use cases for the home which would take up even 10% of the networks available in a /56. And if the vast, vast majority of home users will never come close to needing the whole of a /56 then I don't see why every home should be given a /48. Dan
On Jun 18, 2014, at 7:37 PM, Daniel Ankers <md1clv@md1clv.com> wrote:
On 18 June 2014 19:05, Owen DeLong <owen@delong.com> wrote:
OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
Sad, really.
Owen
Is giving a /56 to residential customers REALLY "screwing them over"?
It may be a failure of imagination on my part, but I'm struggling to come up with use cases for the home which would take up even 10% of the networks available in a /56. And if the vast, vast majority of home users will never come close to needing the whole of a /56 then I don't see why every home should be given a /48.
Dan
Responding to Dan, The costs incurred in managing variable subnetting based on user type have been clearly demonstrated in almost two decades of IPv4 networking. If I can assign a /48 to each and every customer (not considered a large enterprise) then my deployment costs plummet because I do NOT need to spend engineering time on address assignment. I only need to get out my Network Engineer’s binary knife to slice the address pie once. The same front office that takes the order can at the same time assign the IPv6 Prefix - sort of like Ma Bell does with phone numbers. Since one of my goals as a network provider is to be competitive in price, minimizing extraneous labor costs helps me to still make a modest profit. James R. Cutler James.cutler@consultant.com PGP keys at http://pgp.mit.edu
On Wed, Jun 18, 2014 at 11:37 PM, Daniel Ankers <md1clv@md1clv.com> wrote:
On 18 June 2014 19:05, Owen DeLong <owen@delong.com> wrote:
OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
Sad, really.
Owen
Is giving a /56 to residential customers REALLY "screwing them over"?
Maybe, maybe not (it is, as much else, about perceptions) but /60 certainly seems to be "screwing them over", and a /56 is the minimum would should see (with the ability to request at least up to a /48) IMHO. HIPnet ( http://tools.ietf.org/html/draft-grundemann-homenet-hipnet ) suggests that a /56 is the minimum one should expect in order to support multiple sub-delegations within the residence. Some $CABLECOs$ appear to be delegating only a /60 to residential customers (even though some of those same $CABLECOs$ have participated in the project; I guess that just proves the left hand and the right hand do not talk). Gary
On Jun 18, 2014, at 4:37 PM, Daniel Ankers <md1clv@md1clv.com> wrote:
On 18 June 2014 19:05, Owen DeLong <owen@delong.com> wrote: OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
Sad, really.
Owen
Is giving a /56 to residential customers REALLY "screwing them over"?
It may be a failure of imagination on my part, but I'm struggling to come up with use cases for the home which would take up even 10% of the networks available in a /56. And if the vast, vast majority of home users will never come close to needing the whole of a /56 then I don't see why every home should be given a /48.
Dan
Yes… It’s not about the number of subnets, it’s about having enough bits wide to automate a hierarchy. 8 bits only allows 1x8 or 2x4, while 16 bits allows significantly more flexibility in topology. Owen
On 18 June 2014 19:05, Daniel Ankers <md1clv@md1clv.com>replied:
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Daniel Ankers Sent: Wednesday, June 18, 2014 6:37 PM To: Owen DeLong; nanog@nanog.org list Subject: Re: Credit to Digital Ocean for ipv6 offering
On 18 June 2014 19:05, Owen DeLong <owen@delong.com> wrote:
OTOH, it's far better than those ridiculous providers that are screwing over their customers with /56s or even worse, /60s.
Sad, really.
Owen
Is giving a /56 to residential customers REALLY "screwing them over"?
It may be a failure of imagination on my part, but I'm struggling to come up with use cases for the home which would take up even 10% of the networks available in a /56. And if the vast, vast majority of home users will never come close to needing the whole of a /56 then I don't see why every home should be >given a /48.
Dan
I have to agree with Dan on this one, Look at the numbers (especially for small to mid-sized business and residential): /56 = 256 /64's subnets /60 = 16 /64's subnets http://www.sixscape.com/joomla/sixscape/index.php/ipv6-training-certificatio... At 18,446,744,073,709,551,616 per /64, that is a lot of address. Right now I cannot get IPv6 at home so I will take getting "screwed" with a /56 or /60 and be estatic about it. Curtis
On Thu, 19 Jun 2014 07:18:36 -0500, "STARNES, CURTIS" said:
At 18,446,744,073,709,551,616 per /64, that is a lot of address. Right now I cannot get IPv6 at home so I will take getting "screwed" with a /56 or /60 and be estatic about it.
My WNDR3800 running cerowrt is quite able to use up the /60 Comcast hands me (it burns 6 /64s by default the instant you turn it on, and can burn more if you start doing VLAN'ing or other config stuff). If I had a second one that wanted to auto-delegate via PD, I'd need a /56 and be screwed with just the /60. Fortunately for my home networking needs, none of my 3.9 cats are particularly internet-savvy....
On 19 June 2014 18:19, <Valdis.Kletnieks@vt.edu> wrote:
My WNDR3800 running cerowrt is quite able to use up the /60 Comcast hands me
(it burns 6 /64s by default the instant you turn it on, and can burn more if you start doing VLAN'ing or other config stuff).
How does it use those 6 /64s? That seems to be getting towards the interesting times where the way devices work with v6 is very different to how they would have worked with v6
On 06/19/2014 02:07 PM, Daniel Ankers wrote:
On 19 June 2014 18:19, <Valdis.Kletnieks@vt.edu> wrote:
My WNDR3800 running cerowrt is quite able to use up the /60 Comcast hands me
(it burns 6 /64s by default the instant you turn it on, and can burn more if you start doing VLAN'ing or other config stuff).
How does it use those 6 /64s? That seems to be getting towards the interesting times where the way devices work with v6 is very different to how they would have worked with v6
- Public IP - DMZ IP - Management IP - Russian backdoor IP - Chinese backdoor IP - NSA backdoor IP :)
On 19 June 2014 14:07, Daniel Ankers <md1clv@md1clv.com> wrote:
How does it use those 6 /64s? That seems to be getting towards the interesting times where the way devices work with v6 is very different to how they would have worked with v6
Bridging between (slow) 802.11 and (fast) ethernet is hard to do right, so CeroWRT configures all interfaces as separate LANs and routes between them instead. It does this on the IPv4 side too; it's not specific to IPv6. This breaks a lot of things (like Apple Bonjour), so I'm not convinced it's a *useful* technique for home networks. -- Harald
On Jun 19, 2014, at 11:48 , Harald Koch <chk@pobox.com> wrote:
On 19 June 2014 14:07, Daniel Ankers <md1clv@md1clv.com> wrote:
How does it use those 6 /64s? That seems to be getting towards the interesting times where the way devices work with v6 is very different to how they would have worked with v6
Bridging between (slow) 802.11 and (fast) ethernet is hard to do right, so CeroWRT configures all interfaces as separate LANs and routes between them instead. It does this on the IPv4 side too; it's not specific to IPv6.
This breaks a lot of things (like Apple Bonjour), so I'm not convinced it's a *useful* technique for home networks.
Bonjour can be fixed for the IPv6 environment simply by changing it's packets to be sent to ff05::... instead of ff02::... I presume that the CeroWRT (and any other properly functioning router) can be configured so that ff05:: packets are delivered to all interfaces within the site however the administrator defines "within the site". Owen
On Thu, 19 Jun 2014 19:07:48 +0100, Daniel Ankers said:
How does it use those 6 /64s? That seems to be getting towards the interesting times where the way devices work with v6 is very different to how they would have worked with v6
If I remember right, it's: Private net on the 2.4ghz radio Guest net on the 2.4ghz radio Private net on the 5ghz radio Guest net on the 5ghz radio Private net on the wired Ethernet Guest net on the wired Ethernet (It's a Linux kernel, 'ip link show' reports 22 interfaces. Yowza. ;)
On 19 June 2014 13:18, STARNES, CURTIS <Curtis.Starnes@granburyisd.org> wrote:
I have to agree with Dan on this one, Look at the numbers (especially for small to mid-sized business and residential):
/56 = 256 /64's subnets /60 = 16 /64's subnets
http://www.sixscape.com/joomla/sixscape/index.php/ipv6-training-certificatio...
At 18,446,744,073,709,551,616 per /64, that is a lot of address. Right now I cannot get IPv6 at home so I will take getting "screwed" with a /56 or /60 and be estatic about it.
Curtis
One of the key things with IPv6 (IMHO) is to stop thinking about addresses, and instead just think about networks. Judging by Owen's earlier mail I may not have that quite right and the key might even be to think about hierarchies - in either case counting the number of individual addresses is something we just don't need to do any more. Dan
On Jun 19, 2014, at 2:02 PM, Daniel Ankers <md1clv@md1clv.com> wrote:
One of the key things with IPv6 (IMHO) is to stop thinking about addresses, and instead just think about networks. Judging by Owen's earlier mail I may not have that quite right and the key might even be to think about hierarchies - in either case counting the number of individual addresses is something we just don't need to do any more.
Dan
s/think about networks/think about subnetworks (colloquial: LAN Segments)/ With IPv6, the number of hosts in a subnet is (should be) no longer a driver for addressing.
On Jun 19, 2014, at 12:18 PM, "STARNES, CURTIS" <Curtis.Starnes@granburyisd.org> wrote:
At 18,446,744,073,709,551,616 per /64, that is a lot of address. Right now I cannot get IPv6 at home so I will take getting "screwed" with a /56 or /60 and be estatic about it.
Curtis
Would be nice if everyone kept it simple and just stuck to /48s though. It's complicated enough without everyone deploying different prefix sizes. Even the /64 net/host split isn't standard enough. Think of something like DHCP - if there's an understanding that it's 'standard' then you can build software/hardware around this assumption and provide an easy to use system, without forcing the user to make sub-netting decisions. Making software that works with this necessarily has to involve a complex UI and if certain unusual combinations don't work then people cry that it doesn't support IPv6. The way that it's standard to receive one IPv4 address by DHCP and you can just plug in a laptop, imagine if in a few years it was standard to receive a /48 IPv6 prefix on the local router and end user devices can request as many /64s as they want. You could assign a /64 to each app on your cell phone or computer.. and this could happen automatically when possible. Maybe an app wants many /64s, that's fine too. We've gotten used to multiplexing everything onto a single overloaded address because it's a scarce resource. In IPv6 addresses are not scarce and in time this can be leveraged to simplify applications. Yes, you can overload a single address, we do it all the time in IPv4 with proxies and NATs. There are even hacks for having multiple SSL websites on one IPv4 address. These things came about because the addresses are scarce but it's not correct to use the same justifications in IPv6 where the unique addresses are practically unlimited. If we have to assume that /64s might be scarce and they have to be manually managed, then applications end up having to ask that question and configuration becomes complex. If we know we can get at least a few hundred of them dynamically anywhere we go, then we only have to bother the user when we run out, and things 'just work'. -Laszlo
There have also been reports from some DO users of HE tunnels being blocked. Not sure what the status of that is.
It was all rumors. All the tunnel providers have been never blocked us or anyone who wanted to previously add a tunnel to our virtual servers. HE has been generously peering with us for both ipv6 transport and their 6to4 nats for awhile. There was a misunderstanding with SiXXS when we first started to announce v6 addresses, once cleared up it wasn't a customer offering things went back to normal. And it wasn't blocked, they just didn't allow people to get tunnels for our ipv4 addresses and 1 or 2 got caught it having their tunnels removed when they went to switch the ip they were connected to. If you know of other examples, it's not being reported to us and please let us know so we can look into it.
Those of us here in the US are still getting the same ole, "It's coming" responses.
There will be something in the US and EU with v6 in a reasonable amount of time (although I'm sure not fast enough for some people). we're not listing a date because we got stuck behind some scale and non-technical things that delayed it in the past. A more in depth answer is we're migrating our backend code to a newer revision and it was faster to not try to support v6 on both revisions and concentrate on the migration and v6 (and other coming features) on the newer version. It's just faster to get it rolled out everywhere going this direction. Bryan Socha Network Engineer DigitalOcean
participants (31)
-
Alan Clegg -
Bryan Seitz -
Bryan Socha -
Ca By -
Chris Adams -
Daniel Ankers -
David Conrad -
David Hubbard -
Gary Buhrmaster -
gp -
Grzegorz Janoszka -
Harald Koch -
James R Cutler -
jamie rishaw -
Jared Mauch -
Jeroen Massar -
John Levine -
John R. Levine
-
Laszlo Hanyecz -
Lee Howard -
manning bill -
Mark Tinka -
Matthew Petach -
ML -
Owen DeLong -
Peter Kristolaitis -
rwebb@ropeguru.com -
Saku Ytti -
Simon Perreault -
STARNES, CURTIS -
Valdis.Kletnieks@vt.edu