Hosting provider allocation advice
Gert Doering
gert at space.net
Thu Oct 15 19:56:44 CEST 2009
Hi,
On Thu, Oct 15, 2009 at 03:11:53PM +0100, michael.dillon at bt.com wrote:
> To start with, it seems that a shared service would be good enough for
> most people since very few are pumping enough traffic to require a
> dedicated server or dedicated VLAN. That could be done on one /64.
The fundamental problem with shared service (as defined in: one shared
layer 2 network, multiple machines, real or VM, admin'ned by different
persons) is security. You see abuse coming from one specific IPv6
address - which machine is using it?
(Worse: you get complaints about abuse that happened yesterday, from
one specific IPv6 address, but that address is no longer visible anywhere
and has never been officially assigned to any of these servers...)
"One VLAN per customer" (+uRPF) nicely solves that part, but indeed
brings up some other problems (number of VLANs, etc.). This is the way
we decided to do that.
"Static neighbour configuration plus lots of L2 security" also helps, but
not all necessary gear is available yet. This is the way some of the
big "WeHostMillions" providers need to take.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 141055
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
More information about the ipv6-ops
mailing list