Re: [vserver] assigning less than /64 to individual guests

To: Michael Richardson <mcr@sandelman.ca>, debian-ipv6@lists.debian.org
Subject: Re: [vserver] assigning less than /64 to individual guests
From: Eugen Leitl <eugen@leitl.org>
Date: Tue, 17 May 2011 20:55:49 +0200
Message-id: <[🔎] 20110517185549.GI24232@leitl.org>
In-reply-to: <[🔎] 27236.1305652240@marajade.sandelman.ca>
References: <[🔎] 20110517132915.GM24232@leitl.org> <[🔎] 27236.1305652240@marajade.sandelman.ca>

On Tue, May 17, 2011 at 01:10:40PM -0400, Michael Richardson wrote:
> 
> >>>>> "Eugen" == Eugen Leitl <eugen@leitl.org> writes:
>     Eugen> Just sent that to the vserver list, but figured this is at
>     Eugen> least as relevant.
> 
>     Eugen> So am I in the clear to parcel out a /64 in /80s, as long as
>     Eugen> all the /80 are all on the same LAN or VLAN? No autoconfig
>     Eugen> breakage ensues? Is 48 bits really enough for anybody?
> 
> If you are saying that you will allocate /80s to each vserver, but
> actually they will not be layer-2 isolated from each other, this is just
> an administrative partition, then I think it's a good idea.

The Linux vserver patch is a very lightweight virtualization. It doesn't 
share the network stack, shares the physical NIC MAC and only recently
were the vserver guests given 127.0.0.1 that is distinct from the
host's localhost -- as far as I known ::1 hasn't been given that
treatment yet.

> You can't use autoconfig for the parts that are in the /80s.
> You can arrange for your /80s to never overlap the autoconfigured stuff.
> OUI-64s, when generated from OUI-48s (i.e. mac addresses) always have
> ff:fe as the middle 16 bits. 

How much autoconfig do I need? Each physical host will be given a private
/64 (out of the /56 I have total), just the guests will be given an /80, 
allocated from a different /64.

> In addition, bit 6 in the OUI-64 (which is bit 1 in little bit-endian,
> the bit after the "broadcast" bit) will be set if the OUI-64 is believed
> to be globally unique.  Note that if you have IPv6 Privacy Extensions
> on, then autoconfig will not necessarily set bit 6.  
> I would have to lookup to determine in fact privacy extensions will set 
> the middle 16 bits in any predictable fashion.

I'm not really familiar with IPv6 advanced uses, at the moment I'm
treating it just like a bigger version of IPv4, at least as far as
guests are concerned. I don't really know what users would want to
run on their own /80s

> Permitting autoconfig to work seems like a nice thing to retain.

If the guests can all use the host's (different) /64, will that work?

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Reply to:

Follow-Ups:
- Re: [vserver] assigning less than /64 to individual guests
  - From: Michael Richardson <mcr@sandelman.ca>

References:
- [vserver] assigning less than /64 to individual guests
  - From: Eugen Leitl <eugen@leitl.org>
- Re: [vserver] assigning less than /64 to individual guests
  - From: Michael Richardson <mcr@sandelman.ca>

Prev by Date: Re: [vserver] assigning less than /64 to individual guests
Next by Date: Re: [vserver] assigning less than /64 to individual guests
Previous by thread: Re: [vserver] assigning less than /64 to individual guests
Next by thread: Re: [vserver] assigning less than /64 to individual guests
Index(es):
- Date
- Thread