Yes you can use the whole /64 of IPv6 on OVH's Kimsufi

GoodHosting

@Magiobiwan said:

@rm_ said:

Well, if it were compressed; the common factor is the PREFIX. I'd assume that the IP addresses were stored in a non-retarded way such as how IPv6 is actually designed to be stored:

• SITE_PREFIX
• GLOBAL_PREFIX
• ULA
• G6_LINK

Etcetera.

raindog308

Microlinux said: Pretty much the only way to run of IPv6 before it becomes obsolete is human stupidity.

Hence it's inevitable.

linuxthefish

How do you save these IP's so they can be used after reboot? And how do I add them to proxmox, using vmbr0?

thharris

Is this still correct that you get more then one ipv6?

Ree

A fact about IPv6 size I read awhile ago was that if the IPv4 address space was the size of a credit card, the IPv6 address space would be the size of our solar system. Since I'm bored, I figured I'd try to verify that.

IPv6 = 2^128, IPv4 = 2^32. Divide one into the other and you see IPv6 address space is this many times bigger than IPv4:
79,228,162,514,264,337,593,543,950,336

A credit card is roughly 2x3 inches, or 6 square inches. So multiply the previous number by 6 to get the IPv6 size in square inches:
475,368,975,085,586,025,561,263,702,016

That's a big number, so let's convert to square miles:
118,413,303,421,083,971,810

Still too big, how about square Astronomical Units:
13,704

That's roughly the area of a circle with radius 66AU.

Pluto's orbit takes it as far as 50AU from the sun (roughly).

So we're talking a circle that is MUCH bigger than the orbit of Pluto (especially when you consider that Pluto has a very elliptical orbit).

So the next time you're worried that we're going to run out of IPv6 addresses...don't.

On a side note, http://joshworth.com/dev/pixelspace/pixelspace_solarsystem.html is a pretty cool page showing how big the solar system is.

mpkossen

Ree said: So we're talking a circle that is MUCH bigger than the orbit of Pluto (especially when you consider that Pluto has a very elliptical orbit).

Thank you. I now totally get how large the address space is, being an export on the size of Pluto and all (which apparently isn't a planet anymore...).

/sarcasm (<- for those that didn't get it)

rm_

thharris said: Is this still correct that you get more then one ipv6?

Why are you asking, did you try adding more than one and it didn't work?

I don't have a Kimsufi anymore to check, but I don't expect them to change anything in this aspect.

qrwteyrutiyoup

mpkossen said: being an export on the size of Pluto and all

He's talking about the size of Pluto's orbit, not the size of the oh-it-is-not-a-planet-anymore Pluto. It does makes a huge difference, but here's an image to help with the visualization, for the ones who didn't get it

Ree

@mpkossen said:
Thank you. I now totally get how large the address space is, being an export on the size of Pluto and all (which apparently isn't a planet anymore...).
/sarcasm (<- for those that didn't get it)

I know the comparison isn't for everybody. I found it interesting, so I thought I would share. I guess I figured the majority of the readers here will have taken elementary school science by now

ichilton

@rm_ said: However there's no way to define rDNS records for those additional IPs, so their usefulness remains somewhat limited.

Did anyone ever find a way of setting the reverse DNS for the other IP's in the /64?

Thanks,

Ian

linuxthefish

ichilton said: Did anyone ever find a way of setting the reverse DNS for the other IP's in the /64?

Not possible sadly.

Shot2

@linuxthefish said:
Not possible sadly.

Once you've successfully added a bunch of IPv6 addresses to your interface (and correctly set them in DNS), it IS actually possible to set the PTR (reverse) for any and all of them...

Hints:

• use a modern browser e.g. Firefox

• use the 'old Manager V3' interface, currently being phased out

• there, go to the (old) page where to create a reverse for an IPv6 address

• right-click + 'Inspect Element' on any of the - seemingly uneditable - last four hex digits

• watch the related html code: notice how each of the four "input" tags has a "readonly" attribute...

• ... now edit the html code wisely

OVH's terms of use yaddi yaddi yadda... Proceed at your own risk

raindog308

Shot2 said: ... now edit the html code wisely

That is amazing/horrifying.

ricardo

Always trust user input...eh.

Google had the same problem recently, letting someone register google.com momentarily using their own domain registration service.

I'd expect OVH would plug this quickly, if they care enough about it.

rm_

Shot2 said: use the 'old Manager V3' interface, currently being phased out

IIRC people ordering today only have a Kimsufi account, not an OVH account, and do not have ManagerV3.

vimalware

@rm_ said:
IIRC people ordering today only have a Kimsufi account, not an OVH account, and do not have ManagerV3.

Yeah, 16GB of RAM just twiddling thumbs on ks3.
Is the overhead for NAT ipv4 KVM that significant?

I want to use VMs for proper isolation against privilege escalation and containers for anything else.

Shot2

@ricardo said:
Always trust user input...eh.

Google had the same problem recently, letting someone register google.com momentarily using their own domain registration service.

I'd expect OVH would plug this quickly, if they care enough about it.

Not exactly similar in spirit though : abusing a weird security bug at Google's vs. circumventing an unexplainable limit as for OVH. I would personally feel bad in the first case, not in the second case.

Actually if OVH care enough about their service and the internets as a whole, they would let you use and set reverse records for the full /64 allocation (rather than the current nonsensical /128)

@rm_ good point, it works only for those pre-2014 (?) Kimsufi deals.

imok

Could we get "banned" because of using these IPv6 addresses without permission?

linuxthefish

@imok said:
Could we get "banned" because of using these IPv6 addresses without permission?

I've been doing this on my Kimsufi since late 2014 and never got banned, assigning a /64 per server is really the only sensible way and OVH know it.

othelloRob

@Maounique said:
Are you sure they wont notice?
I mean, this basically means unauthorized use of IP space. While it works and wont collide with others

It could conflict with others, just at the moment doesn't appear to. Its "works" in that the whole /64 is in the same vlan on switch that cables into your machine

Just because they've assigned you ::1/128 doesn't stop them assigning the ::2/128 to another user or splitting the /64 into /112s all in different vlans etc

rm_

othelloRob said: Just because they've assigned you ::1/128 doesn't stop them assigning the ::2/128 to another user

But they do not. They allocate a /64 per user, then tell you to only use the 1st IP. There is no technical reason for this, other than the fact they want to differentiate Kimsufi as unfit for more serious uses such as VMs, and they want you to buy SoYouStart if you want "multiple IPs". This is greedy and clueless. There is no issue for anyone if you start using more than one IP from the range that's been allocated to you, and the only reason they might start chasing you down for this is entirely commercial (i.e. the same greed), and really, I don't think they will bother.

KuJoe

Wow, a 2+ year old thread. I'm surprised it still works.

a-super-random-user

KuJoe said: Wow, a 2+ year old thread. I'm surprised it still works.

thx. debian.

---

I have tried this on one of my KS-2 and worked fine.

edan

Just setting up KVM VPS with IPV6 only and its work great (using Webvirtmgr).

I am using the regular bridge on CentOS 7 (host node).

ifcfg-eth0:

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0
HWADDR=ec:a8:6b:f1:xx:xx

Ifcfg-br0:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
IPADDR=151.xx.xx.xx
NETMASK=255.255.255.0
GATEWAY=151.xx.xx.254
DELAY=0
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR=2001:41d0:e:xxxx::/64

route6-br0:

2001:41d0:e:xxff:ff:ff:ff:ff dev br0
default via 2001:41d0:e:xxff:ff:ff:ff:ff

When installing the KVM guest OS we need to setup the IPV6 manually.

2001:41d0:e:xxxx::2/128

Spydar007

@rm_ how can we add rDNS for these IPs? The SOAPI fails to login (with both NIC Handle and email), the OVH API won't login, and the Kimsufi API says that the IP doesn't exist (because this API connects straight to the Control Panel, and only the ::1 IP is listed there. Have you figured out a way to have rDNS?

rm_

Spydar007 said: the Kimsufi API says that the IP doesn't exist

so

Spydar007 said: Have you figured out a way to have rDNS?

pretty sure that you can't.

Neoon

Make it belive it does exist.

Dies it support deep learning?

Droidzone

Has anyone had luck entering these into the proxmox control panel? It doesnt seem to be accepting the format. Someone's linked a tutorial above, but it's not accepting that format.

rm_

Note that while they allow more than 1 IPv6 address, it appears they do not allow more than one MAC address. I'm not sure if it's a recent limitation. So you will not be able to run VMs with bridging, only with routing (and using ndp proxy).

teamacc

From https://otacon22.com/2016/02/21/two-hosting-providers-ipv6-setups-compared-ovh-online-net/ it seems you can use the full /56, and as such you can fuck over 255 of your neighbors.

A friend of mine wrote me “you told me that the /128 is a /64, but I’m actually able to use the whole /56 !“. My friend was partially correct. You don’t have the whole /56, but nobody will stop you from stealing it. All servers of the same /56 seem to be in the same layer 2 network, and there is no protection in place preventing you to assign any address in the /56. The router will send a neighbor request for that address and you can reply to that. This is not an IPv6 security issue. This is a shitty setup issue.