Home / server / Questions / 569356
In Process
mr.b
Asked: 2014-01-24 06:10:33 +0800 CST

Routing single v6 /64 range to virtual machines

  • 772

I am building a virtualisation host, and I want my virtual machines to be available via both v4 and v6 IP address.

The host I have (Xen 4.1.3 with Debian Wheezy in dom0) has one physical eth0 interface:

10.0.0.2/30 dev eth0
default via 10.0.0.1
2000:1111:1111:11111::2/64 dev eth0
default via 2000:1111:1111:11111::1 (aka fe80::1)

My ISP has assigned me a 10.100.0.0/28 IPv4 range, statically routed via 10.0.0.2.

On the host, I have built xenbr0 virtual bridge interface:

10.100.0.1/28 dev xenbr0

On each guest VM, I set any of unused addresses from 10.100.0.0/28, i.e:

10.100.0.2/28 dev eth0
default via 10.100.0.1

As expected (since host acts like a classic router), VM's are able to talk to the v4 internet without a hitch.

That's where my lack of experience with IPv6 kick in. From my understanding v6 addresses are routed pretty much the same like their v4 counterparts, which means that what I want to accomplish is impossible with only one /64 range (at least while eth0 & v6 gw are configured the way they are).

Is it possible to make use of a single IPv6 /64 range, so that VMs can have static IPv6 addresses, without having to go and ask my ISP for another /64 range that (I guess) would have to be statically routed via 2000:1111:1111:11111::2?

I tried to "split" this /64 network in two /65 networks, then reconfigure xenbr0 like this:

2000:1111:1111:11111:8000:2/65 dev xenbr0

Also, eth0 was reconfigured (only network size has changed from 64 to 65):

2000:1111:1111:11111::2/65 dev eth0
default via 2000:1111:1111:11111::1

Host did not loose IPv6 connectivity. However, guest VMs were unable to contact anything outside of host when configured like this:

2000:1111:1111:11111:8000::2/65 dev eth0
default via 2000:1111:1111:11111:8000::1

Any ideas on how to proceed?

virtualization

1 Answers

  1. Getting a bigger block of addresses from your provider is the correct solution. It is very normal with IPv6 to give a customer a /56 or a /48, which corresponds to 256 or 65536 subnets. That is the great thing about IPv6: always plenty of addresses! :-)

    There are still plenty of people running IPv6 networks with an IPv4 mentality though, and they try to give as little as possible to their customers, thinking "A /64 contains so many addresses, it will be more than enough for then". And then you run into problems when you want multiple subnets... Network operators and service providers will have to change their mindset and always give bigger blocks (big ones like /56 or /48, you don't want to ask them for each and every extra subnet) to customers that want to use them.

    Running IPv6 networks can be so easy once people start to use the enormous amount of address space that it provides. No more planning, requesting extra addresses etc. Just:

    • Give every (yes, even residential) customer at least a /56, and a /48 should be default for business customers.
    • Use a /64 for every subnet. It will be more than you'll ever need, and that is the way it is supposed to be.
    • Even for each point-to-point links reserve a /64, although you could configure a /127 to avoid ND cache issues.
    • Give a host as many addresses as it wants. No problem putting each website on a separate address if you want to. It might be useful if you want to move things around, want to simplify billing or make it easier to detect and fight (D)DOS attacks.

    All of this makes your planning and operations much simpler, once you get used to the big numbers that are suddenly available :)

    • 3