Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Yes you can use the whole /64 of IPv6 on OVH's Kimsufi
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Yes you can use the whole /64 of IPv6 on OVH's Kimsufi

rm_rm_ IPv6 Advocate, Veteran
edited May 2014 in Tutorials

Just a quick heads up to those who bought one the latest Kimsufi servers.

These servers are advertised to come with a /128 of IPv6 (one address).

However this address follows a specific format: 2001:41d0:x:abcd::1/128

If you are familiar with IPv6, this looks exactly like the first IP in a /64 (all remaining bits of the "host" part set to zero). Looks like everyone has their /128 IPv6 ending with ::1 (if that's not the case for someone, please post). So they seem to allocate a /64 per customer, then only configure one (first) IP out of it on the server by default.

Let's try adding a second IP to the interface:
ip addr add 2001:41d0:x:abcd::2/128 dev eth0
Yep, it works totally fine, pingable from the outside and everything.

So in case you just need 2-3 more IPv6 addresses, this is not a problem whatsoever, just add them in a similar form, they will work, and you don't risk "colliding" with another customer. However there's no way to define rDNS records for those additional IPs, so their usefulness remains somewhat limited.

«134

Comments

  • If you think about it, that makes sense to comply (sortof) with RFCs. Each customer gets a /64 BLOCK for their IPv6 address, so ratelimiting or filtering by /64 still works without affecting others. I'm not sure why OVH wouldn't just advertise it as getting the /64 though.

    Thanked by 1mpkossen
  • sc754sc754 Member

    @rm_ said:
    Just a quick heads up to those who bought one the latest Kimsufi servers.

    Just tried on my kimsufi 2013 atom server and it also works for that. So looks like you get a /64 with those as well :)

  • earlearl Member
    edited May 2014

    Maybe they are advertising it as /128 since technically if you tunnel their v6 you also get their Anti-DDoS? they probably don't want to give the idea of having /64 of v6 with Anti-DDoS protection for 5 euro/mo

  • rm_rm_ IPv6 Advocate, Veteran
    edited May 2014

    Magiobiwan said: I'm not sure why OVH wouldn't just advertise it as getting the /64 though.

    Maybe that's to create an impression that if you want to run any kind of VMs (even OpenVZ, even v6-only ones), you have to buy their more expensive SoYouStart servers.

    earl said: they probably don't want to give the idea of having /64 of v6 with Anti-DDoS protection for 5 euro/mo

    Even one IPv4 with DDoS protection is currently much more valuable than a /64 of IPv6 with DDoS protection. And you already get that IPv4 for 5 EUR. So one way or the other I don't think this was a major factor.

  • PwnerPwner Member

    @rm_ said:
    Even one IPv4 with DDoS protection is currently much more valuable than a /64 of IPv6 with DDoS protection. And you already get that IPv4 for 5 EUR. So one way or the other I don't think this was a major factor.

    I don't think it has to do with value, I think it has to do with the increased attacks via IPv6. If everyone knew that they could use IPv6 on their Kimsufis, they would be opening up more holes for increased chances of attacks. OVH will really be putting their re-known DDoS protection to the test.

  • IPv6 is confusing...

    So if my ipv6 is 2001:41d0:8:9304::1/128, i can keep adding like so?

    2001:41d0:8:9304::1/128
    2001:41d0:8:9304::2/128
    2001:41d0:8:9304::3/128
    2001:41d0:8:9304::4/128
    2001:41d0:8:9304::5/128

    2001:41d0:8:9304::200/128
    2001:41d0:8:9304::1/128

  • CoreyCorey Member

    @linuxthefish said:
    IPv6 is confusing...

    So if my ipv6 is 2001:41d0:8:9304::1/128, i can keep adding like so?

    2001:41d0:8:9304::1/128
    2001:41d0:8:9304::2/128
    2001:41d0:8:9304::3/128
    2001:41d0:8:9304::4/128
    2001:41d0:8:9304::5/128

    2001:41d0:8:9304::200/128
    2001:41d0:8:9304::1/128

    It's only because they 'really' assigned you a /64 to be RFC complaint..

    I was wondering about this guys .... I was wondering if I should really assign my customers the ENTIRE /64. I'll probably do something like this.

  • InfinityInfinity Member, Host Rep
    edited May 2014

    @Corey said:
    I was wondering about this guys .... I was wondering if I should really assign my customers the ENTIRE /64. I'll probably do something like this.

    Of course you should.. You don't need to add the whole block, just assign them the addresses and add when needed.

    Thanked by 1ucxo
  • sc754sc754 Member
    edited May 2014

    @linuxthefish said:
    IPv6 is confusing...

    So if my ipv6 is 2001:41d0:8:9304::1/128, i can keep adding like so?

    2001:41d0:8:9304::1/128
    2001:41d0:8:9304::2/128
    2001:41d0:8:9304::3/128
    2001:41d0:8:9304::4/128
    2001:41d0:8:9304::5/128

    2001:41d0:8:9304::200/128
    2001:41d0:8:9304::1/128

    Edit... I've no idea

    Thanked by 1linuxthefish
  • MaouniqueMaounique Host Rep, Veteran

    Are you sure they wont notice?
    I mean, this basically means unauthorized use of IP space. While it works and wont collide with others, it certainly wont please them.

  • rm_rm_ IPv6 Advocate, Veteran
    edited May 2014

    Maounique said: Are you sure they wont notice?

    They can notice, source/destination headers of an IP packet obviously aren't hidden. But if they really cared, they would make their router not to route the whole /64 to you; limiting the routed range to just that /128 on the router is trivial. And since this really shouldn't cause any issues to them or their other customers, I doubt they will care enough to even ask you to stop using those other IPs, let alone terminate the server or anything of that sort.

  • CoreyCorey Member

    @rm_ said:
    They can notice, source/destination headers of an IP packet obviously aren't hidden. But if they really cared, they would make their router not to route the whole /64 to you; limiting the routed range to just that /128 on the router is trivial. And since this really shouldn't cause any issues to them or their other customers, I doubt they will care enough to even ask you to stop using those other IPs, let alone terminate the server or anything of that sort.

    but then would it be harder for them to reserve the rest of the /64 to be rfc compliant?

  • @Corey said:

    It's not about being "compliant". If you spam / do anything stupid / blacklist / someone manages a lit to block IPv6 (guess what, lots of people do at the moment for IPv4 ...) a single /64 in IPv6 is treated as a SINGLE IPv4 . Therefore, multiple clients would be affected if you put them on the same /64 .

  • CoreyCorey Member

    GoodHosting said: It's not about being "compliant". If you spam / do anything stupid / blacklist / someone manages a lit to block IPv6 (guess what, lots of people do at the moment for IPv4 ...) a single /64 in IPv6 is treated as a SINGLE IPv4 . Therefore, multiple clients would be affected if you put them on the same /64 .

    So spamhaus and other blacklists would block the entire /64 if there was abuse?

  • rm_rm_ IPv6 Advocate, Veteran
    edited May 2014

    Corey said: but then would it be harder for them to reserve the rest of the /64 to be rfc compliant?

    Not any harder, they could still reserve it (as in: not assign IPs within it to any other customer), but configure their router only allowing the ....::1/128 destination towards your server, not anything else.

  • @Corey said:

    Spamhaus would probably block in the /48s given their history [ smallest provider size. ]

  • CoreyCorey Member

    GoodHosting said: Spamhaus would probably block in the /48s given their history [ smallest provider size. ]

    Wow that's ridiculous.... CoreXchange only wants to give me /56....

  • rm_rm_ IPv6 Advocate, Veteran

    GoodHosting said: Spamhaus would probably block in the /48s given their history [ smallest provider size. ]

    If they want to ban the whole provider? Sure. But a per-end-user ban should start at /64.

  • raindog308raindog308 Administrator, Veteran

    Well if I only get a /64 for ipv6 instead of a /128 then Kimsufi is completely useless to me.

  • @raindog308 said:
    Well if I only get a /64 for ipv6 instead of a /128 then Kimsufi is completely useless to me.

    /64 is much bigger.........

  • CoreyCorey Member

    GoodHosting said: /64 is much bigger.........

    I think he is being sarcastic.... I can't tell.

    Thanked by 1Maounique
  • You can set the rDNS through OVH's API

    https://www.ovh.com/soapi/en/?method=dedicatedReverseAdd

  • raindog308raindog308 Administrator, Veteran

    Corey said: I think he is being sarcastic.... I can't tell.

    I actually need multiple /256 blocks on all my VPSes.

  • RazzaRazza Member

    @chauffer said:
    You can set the rDNS through OVH's API

    https://www.ovh.com/soapi/en/?method=dedicatedReverseAdd

    I think that only work for server under the ovh range of server's such as soyoustart , not the kimsufi range

  • CoreyCorey Member

    raindog308 said: I actually need multiple /256 blocks on all my VPSes.

    :) Yea he's being sarcastic

  • rm_rm_ IPv6 Advocate, Veteran

    chauffer said: You can set the rDNS through OVH's API

    https://api.ovh.com/console/ is the online console for that API, and it doesn't seem to accept Kimsufi logins.

  • chaufferchauffer Member
    edited May 2014

    @rm_ @Razza

    those are different APIs.
    (it works for kimsufi.)

  • AmitzAmitz Member
    edited May 2014

    I just saw that I have a free /48 IPv6 at online.net!
    How many single IPs is that again?

    Wait... found this:

    Hell... What am I supposed to do with that amount of IPs?

  • rm_rm_ IPv6 Advocate, Veteran
    edited May 2014

    Amitz said: What am I supposed to do with that amount of IPs?

    For one, run a VPS provider and assign each customer's VPS a /64 as you should.
    One /48 is 65536 of /64s, and it's not that many if you think about it. But the main reason is that assigning a /48 is just easier, the next option they could go with is /56 (with a /52 subnetting is awkward actually both /52s and /56s suck about the same), but that's already too small, only 256pcs of /64s.

    It's really not useful to think about IPv6 in terms of "how many individual IPs do you get".
    "How many /64s" sounds more like it.

  • @rm_ said:
    "How many /64s" sounds more like it.

    That is precisely it. I wish more people would look at IPv6 for what it is, a completely and utterly different addressing scheme than IPv4.

    It's completely useless to try to draw direct comparisons between the two . . . and the leading cause for uninformed people to scream that we're going to run out of IPv6 for the same reason as IPv4, if we hand out /64s like candy.

Sign In or Register to comment.