New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Inexpensive Xen/KVM VPS with routed /64 IPv6 prefix (US East preferred)
Hi,
I am looking for an inexpensive VPS with a routed /64 (or better) IPv6 prefix. Either Xen/KVM would be fine and disk space is not a determining factor. I would prefer something on the US east coast. A single public IPv4 should be fine - no NAT.
The intended end use is a personal MX gateway + IPv6 IPSec VPN. Minimal disk space requirements (<5GB), but full disk encryption is a must have.
My target budget is $20-$30/yr with annual payment.
I have reached out directly to a couple of providers that offer IPv6 and was surprised to find that even those that provision a /64 prefix do not support a routed IPv6.
Thanks.
Comments
A routed subnet is not impossible but difficult to do securely for a VPS.
I'd suggest you to use NAT for IPv6, else you're going to have a bad time. And maybe consider a bigger budget if you need this VPS to be reliable.
May I ask why it is difficult to do securely? I've done it for our OpenVZ package just using veth device and ebtables to filter traffic based on MAC, but maybe I missed something.
Wat. A routed subnet is not much different security-wise than a non-routed one (in fact it's somewhat better).
You can in effect turn a non-routed subnet into a routed one with ndppd.
As for ones which provide routed subnets without the need for such hacks, I know that Linode does.
@exception0x876 @rm_
I was under the assumption that routing the /64 as a /64 is not possible due to the way ebtables prevents IP stealing. So either you are limited individual /128s (even if the whole subnet is available to the customer) of you don't have protection.
With routed subnets the client gets one IP from a shared network, e.g. 2001:db8:sharednet::123, then the provider sets up their router in effect similar to:
So the only place where the ISP has to apply stealing prevention, is that single "123" IP. As long as that IP is corresponding to the proper MAC of the client's dedi/VM, it is not possible to steal any of the IPs in the "customernet".
Actually I've used this setup with one KVM I have, silly me.
Given the enormous response this request has generated - Any offers/recommendations if I relax the US East preference?
I am loathe to go the ndppd route but thanks for the information as well as the info on Linode. I guess I have to patient and wait for any specials.
I know that tunnel broker is an option (and I use it right now) but I was trying to find native IPv6 support.
Thanks again.