Server addressing for renumbering ease

George Bonser gbonser at seven.com
Sun Nov 7 00:06:54 CET 2010



> According to [1], they used EUI-64 addressing on their servers so that
> they could renumber easily. The common objection to that is that you
> wouldn't want to change DNS anytime you swapped a NIC (and thus a mac
> address). The obvious alternative is static addressing, but that makes
> renumbering a pain. There's also DDNS, but that seems like a bigger
> headache than either of the above [2]. What are people here doing?

For production operations where stability is not optional, static addressing is used even for v6.  There really is no alternative.  Relying on DNS updates, etc. places too many moving parts in the works and certain things such as load balancer configurations require an IP address of the "real" servers in the rotation in order to work.  Relying on DNS for that configuration to work presents a potential nightmare scenario where some issue with internal DNS results in the entire site going unavailable.  When the Internet path is the path to your revenue generation, it *must* be operational without exception and the fewer "moving parts" involved in keeping that path operational, the better.



> Some other options:
>  * Solaris lets you configure just the host-part, and it takes the
> network-part from RAs. This seems ideal, but it only works on solaris.

Yeah, I really like that.  I wish Linux supported it, too.  In fact, I wish that option was incorporated in the standard as an option for anyone to use.  If that were the case, renumbering would be easy and I would be willing to accept the prefix(s) from the RA.


>  * Use a configuration management system (puppet, chef, cfengine, etc)
> to assign addresses, so you can do find/replace in one place during
> renumbering. This would require being very careful as you risk
> breaking the connection to the config server itself.

Yeah, more "moving parts".  One screwup and you risk making your site unavailable.  Not an option.



More information about the ipv6-ops mailing list