[c-nsp] ipv6 internal deployment

[Mohacsi Janos]

On Mon, 7 Feb 2011, Tom Mayer wrote:

> Hi,
>
> I am thinking about my deployment strategy for a relatively small v6 network.
>
> Current Situation:
>
> Several racks of dedicated servers. 240 servers per vlan (/24 v4 per 
> vlan) sharing their gateway, isolated from each other via pvlan 
> (+proxyarp) feature. Rest of addresses from /24 are used for services (3 
> vrrp routers + 1 virtual default gateway). If a server needs uncommonly 
> more than one address, it gets a /30 or /29 routed to his main address.

You can use pvlan with IPv6, but not the proxyarp. AFAIK similar proxy ND 
is not implemented. In IPv6 I would not route to main address but assign 
as much as address to the host as needed.

>
>
> I am planning to assign a /64 v6 to each server.
> I think it is not viable to map every /64 with it?s default gateway on the router.

You can assign longer prefixes also to servers inside a single /64 if you 
don't mind static configuration - which is advisable for server anyway 
(you don't want to change IP addresses. in case of network card 
replacement). You can rely on finding the default gateways with SLAAC RA 
feature.

>
> Is there a way to simply transfer the (I think simple, address conserving and secure) v4 strategy to v6?
> Now we have not a simple address per server, but a subnet.

We are using the following allocation strategy for the virtual server 
environment:
in last 64 bit:

0080:vvww:yyzz:XXXX

where vv.ww.yy.zz is the IPv4 address of the host. XXXX is a sub-allocation 
for IPv6 address from 0-ffff


>
> What about assigning a link locale address to each server and routing its /64 to this?
> e.g.:  fe80::1 default gw (virtual vrrp)
>
>         fe80::2-f1  servers
>
>         fe80::fd vrrp1
>         fe80::fe vrrp2
>         fe80::ff vrrp3

Don't use link local addresses, they are only reachable on the same link.

Best Regards,
 	Janos Mohacsi