PTR records for IPv6

Frank Bulk frnkblk at iname.com
Wed Sep 4 06:17:44 CEST 2013


If an ISP assigned a /64 to their mail server, they could assign each
customer a permanent unique IP on their MTA, perhaps hash-generated.  Every
message could be traceable without the X-Authentication header. =)

Frank

-----Original Message-----
From: ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de
[mailto:ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de] On Behalf Of
flavio-cluenet at zipman.it
Sent: Monday, September 02, 2013 3:48 AM
To: ipv6-ops at lists.cluenet.de
Subject: Re: PTR records for IPv6

Lorenzo Colitti wrote:
> On Mon, Sep 2, 2013 at 11:53 AM, <flavio-cluenet at zipman.it
> <mailto:flavio-cluenet at zipman.it>> wrote:
> 
>     I think it's really different. Having more services or more customers
on
>     a single IPv4 address is a "workaround" to eliminate the need of
>     multiple (now rare) addresses, while more customers on a /64, each one
>     with it's own IPv6, is common and can even be considered a "best
>     practice".
> 
> 
> I think you'll find that many reputation systems work on a per-/64
> basis. This is because:

Yes, they do, in the same way they actually do for many /24 on IPv4. But
it doesn't have to become "the rule".

> In a server environment where you control the OS and networking of
> course you can give individual users one /128 each, but why would you
> want to do this? Why not give each user a /64 so they can use all the
> addresses they want?

Because in many cases you can have one (a bunch of) server than manages
the services for a group of customers (maybe 1000-2000) and assigning a
/64 to each service is a waste of addresses, adds complexity for the
routing and don't add any benefit for the users or for the sysadmin.
Typical cases are the frontend MTAs, http balancers, reverse proxies,
etc. in hosting environments or for ISPs.

Giving a dedicated IP to each customer simplify the management and
allows for a "soft" separation of the different users, helpful for
example with the reputation systems but also to identify the traffic of
the single client without requiring protocol analisys.


-- 
Flavio Visentin

A computer is like an air conditioner,
it stops working when you open Windows




More information about the ipv6-ops mailing list