On Sep 24, 2012, at 21:08 , Jeff Wheeler <[email protected]> wrote:
> On Mon, Sep 24, 2012 at 6:52 PM, John Mitchell <[email protected]> wrote: >> Does the best practise switch to now using one IPv6 per site, or still the >> same one IPv6 for multi-sites? > > Certainly it would be nice to have IPv6 address per vhost. In many > cases, this will be practical. > > It also sometimes will NOT be practical. > > Imagine that I am one of the rather clueless hosting companies who are > handing out /64 networks to any customer who asks for one, and using > NDP to find the machine using each address in the /64. Churn problems > aside, if you have any customer doing particularly dense virtual > hosting, say a few thousand IPv6 addresses on his one or more > machines, then he will use up the whole NDP table for just himself. > You probably won't want to be a customer on the same layer-3 device as > that guy. Now that there might be dozens of VMs per physical server > and maybe 40 physical servers per each top-of-rack device, you can > quickly exhaust all of your NDP entries even with normal, legitimate > uses like www virtual hosting. > That's not the best way to stand up /64s for vhosts. If you're smart, the customer gets a /64 for machine addresses (put your interfaces in this /64) and each machine gets a /64 for vHosts (put your vhost addresses on the loopback interface of the applicable machine). Then, you route the /64 to the machine address for the applicable machine and the vhosts never hit your neighbor table. [snip] Deleted a whole bunch of additional reasons you really want to do things the way I suggest above [/snip] Owen
