Hosting provider allocation advice
Wouter de Jong
wouter at widexs.nl
Thu Oct 15 12:32:53 CEST 2009
Hi,
We're a Hosting provider and basicly we have (for now)
3 different product-groups we want to launch IPv6 on.
1 - Shared Hosting
These servers (Linux), are all in 1 vlan.
Each server has 1 IPv4 address from the subnet that's configured on the
vlan.
Then we have an IPv4 /24 routed to each of the servers
(each server has 1 /24 to host sites on).
Here I'd assign a single /64 and use static addressing.
And perhaps additionaly take this single /64 and divide it up like IPv4
:
One subnet (/112?) for the 'main' server IPv6 addresses,
and route a /112 per server to the main IPv6 address.
2 - Premium Managed & Unmanaged Hosting (Co-location).
Each customer has one (or more) dedicated subnets and vlans.
Here I'd assign a /64 per vlan.
I'd do static addressing for Managed, but probably provide
RA (EUI-64) for Unmanaged.
3 - Managed and Umanaged Hosting (Co-location).
These servers are in 'shared' subnets, ranging from /23 to /26,
and each customer get's assigned at least 1 IP from this subnet
and more if they can justify. For customers needing 'large' subnets,
we'd route a different subnet to their server of choice.
Here, I'm not sure what to do...
You should at least assign a /64 per customer, but how would one do that
when they are in shared subnets/vlans... ?
If for every server I'd need to assign a /64 secondary to our vlan
interfaces,
I'd trip the maximums
(Nortel Passport 8600 used for these customers has quite some
limitations on IPv6).
It would be nice though, cause once IPv4 is no longer used (...) we
could
move customers to another/dedicated vlan.
We've also fiddled with the idea of assigning one /48 to each of these
vlans,
and let each 'server' use a /64 out of it. This still seems a bit weird
though...
Also, since we do IP based billing here,
we'd never know if one has 'hijacked' some IP space.
Yes, we'd know for un-assigned addresses
(not assigned but has traffic -> alert),
but I don't expect a customer to use all addresses out of 'their' /64,
so the not used addresses could be easily be abused.
For IPv4, all addresses are usually really used and the customer
who's IP's are hijacked, would almost definitely hang on the phone in
no-time.
Some advice would be very appreciated, cause I'm banging my head against
the
wall to find the best options and then we're ready to roll.
We already provide it to some customers on a 'beta' request basis,
but we would like to setup a good policy and then provide all customers
with IPv6
by default as well.
Many thanks & best regards,
Wouter de Jong
WideXS
More information about the ipv6-ops
mailing list