On Mon, 7 Feb 2011, Tom Mayer wrote:
Hi,
I am thinking about my deployment strategy for a relatively small v6 network.
Current Situation:
Several racks of dedicated servers. 240 servers per vlan (/24 v4 per
vlan) sharing their gateway, isolated from each other via pvlan
(+proxyarp) feature. Rest of addresses from /24 are used for services (3
vrrp routers + 1 virtual default gateway). If a server needs uncommonly
more than one address, it gets a /30 or /29 routed to his main address.
You can use pvlan with IPv6, but not the proxyarp. AFAIK similar proxy ND
is not implemented. In IPv6 I would not route to main address but assign
as much as address to the host as needed.
I am planning to assign a /64 v6 to each server.
I think it is not viable to map every /64 with it?s default gateway on the
router.
You can assign longer prefixes also to servers inside a single /64 if you
don't mind static configuration - which is advisable for server anyway
(you don't want to change IP addresses. in case of network card
replacement). You can rely on finding the default gateways with SLAAC RA
feature.
Is there a way to simply transfer the (I think simple, address conserving and
secure) v4 strategy to v6?
Now we have not a simple address per server, but a subnet.
We are using the following allocation strategy for the virtual server
environment:
in last 64 bit:
0080:vvww:yyzz:XXXX
where vv.ww.yy.zz is the IPv4 address of the host. XXXX is a sub-allocation
for IPv6 address from 0-ffff
What about assigning a link locale address to each server and routing its /64
to this?
e.g.: fe80::1 default gw (virtual vrrp)
fe80::2-f1 servers
fe80::fd vrrp1
fe80::fe vrrp2
fe80::ff vrrp3
Don't use link local addresses, they are only reachable on the same link.
Best Regards,
Janos Mohacsi
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
