ipv6 only hosting
play

IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts - PowerPoint PPT Presentation

Aug 06, 2023 •336 likes •593 views

IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts What's wrong with IPv4? 2005: One IP per server. 2010: One IP per VM. Single server now requires ~ 50 IPs. 2015: Ideally one IP per container. Single VM now requires

  1. IPv6 Only Hosting Pete Stevens Mythic Beasts Ltd mythic beasts

  2. What's wrong with IPv4? ● 2005: One IP per server. ● 2010: One IP per VM. Single server now requires ~ 50 IPs. ● 2015: Ideally one IP per container. Single VM now requires 30+ IPs. Single server can consume 1000+ IPs. ● This is unafgordable – Overlay networks on overlay networks. RFC1918 inside RFC1918. NAT inside NAT. mythic beasts

  3. The seven(ish) layer OSI model ● Layer 1 : physical ● Layer 2 : ethernet ● Layer 3 : UDP ● Layer 2 : overlay ethernet / VXLANS ● Layer 3 : UDP ● Layer 2 : overlay fmannel / dockernet etc. ● Layer 3 : TCP ● Layer 4+ : HTTP et al mythic beasts

  4. Economics ● A new hosting company can get a /22 of address space. ● VM prices are ~ £10/month. ● A new VM hosting company is limited to £100kpa income per year before it runs out of IPv4 addresses ● We could ofger £1/month virtual servers / containers if IPv4 addresses were free. ● IPv6 addresses efgectively are free! mythic beasts

  5. Computers get cheaper ● 93.93.128.1 This IP address costs $10 This computer costs $5 mythic beasts

  6. IPv6 ● Our VMs can talk IPv6 or IPv4, there's both on the network. ● IPv4 allocated statically and via a static dhcp server. ● Allocate customers a block of IPv6 addresses ● SLAAC doesn't give predictable server addresses – hopeless for inbound services ● SLAAC makes every machine auto-confjgure IPv6 even if they don't want it – customers go mad. mythic beasts

  7. IPv6 only hosting ● Initially static addressing ● Need IPv6 resolvers so you can download updates ● Advertise gateways with IPv6 route advertisements ● Problems with mirror services – not all package mirrors have IPv6, the mirror directors aren't protocol aware ● Many other services don't have IPv6 (twitter, akismet, newrelic, anything in AWS/Azure etc.) ● Not very useful unless everything you talk to is also IPv6 mythic beasts

  8. NAT64 ● Normal resolver ● dig AAAA www.cam.ac.uk – no answer ● NAT64 ● dig AAAA www.cam.ac.uk +short – 2a00:1098:0:80:1000:3a:836f:9619 ● Our resolver proxies 131.111.150.25 ● Outbound to IPv4 hosts works! mythic beasts

  9. Inbound Proxy ● proxy.mythic-beasts.com ● Haproxy, auto confjgured from our control panel ● IPv4 / IPv6 connections terminate on our load balancers, we forward them to the IPv6 only back end. ● Forwards any SSL service that uses SNI ● Forwards HTTP ● Doesn't yet forward ssh mythic beasts

  10. DHCP6 ● T yping v6 addresses is very annoying ● Confjgure a DHCP6 server to auto allocate addresses to machines ● Virtually all client implementations expect to get IPv6 + DNS servers + gateway from the DHCP6 server ● If you don't supply the gateway and expect it to pick it up from the router advertisements mostly it doesn't ● This is very annoying, back to VRRP for a fjxed gateway mythic beasts

  11. Useful ● We have an IPv6 only VM ● It has full outbound via NAT64 ● It has inbound for SSL & HTTP via our proxy service ● You can host real websites with it ● Like this one, https://www.raspberrypi.org/ ● 40+ VMs, we don't have to route a layer 2 private network between data centres – they can talk to each other over IPv6 +SSL. mythic beasts

  12. Management services ● We back up managed customer machines ● Enable IPv6 on the backup service, add an AAAA record – easy. ● We monitor customer machines. ● Add control panel functionality to put IPv6 addresses in ● Update libwww-mechanize for perl to a version that supports IPv6 mythic beasts

  13. Management Services ● Munin graphing ● Update munin to the latest version ● Add v6 to the munin server ● Watch all of your graphs break ● Add the ACL to munin-node.conf on every customer machine to allow our v6 address to communicate with the agent and update ip6tables. ● Add “allow ^::fgfg:a\.b\.c\.d$” for syntax hilarity ● This was a boring few days mythic beasts

  14. Management Services ● Update our code that auto-magically generates all of our munin confjg to correctly escape IPv6 addresses ● Address a.b.c.d ● Address [e:f:g:h:i:j:k:l] ● Find the other bits in the control panel where people had asserted that each machine had at least one IPv4 address and fjx them ● T urn on IPv6 by default on all new customer installs mythic beasts

  15. Management Services ● We log reporting data daily ● The source address identifjes the machine it came from ● We already had a horrifjc blob of code to deal with machines behind NAT fjrewalls ● Now another nasty blog of code to match up reports coming from v4 and v6 addresses that belong to the same host mythic beasts

  16. Management Services ● Jump box ● Automatically picks the correct customer key for logging into a host ● Hosts now have multiple addresses – need to mine the database further ● Since all requests go via our jump box, once our jump box has IPv6 we can access every IPv6 only server even if we don't currently have IPv6 natively. mythic beasts

  17. Let's Encrypt ● Free SSL certifjcates ● IPv6 support due tomorrow ● Out of the box works perfectly with NAT64 + v4 Proxy ● Probably works with our DNS API pure v6 only but haven't yet tried it mythic beasts

  18. Deploying new services ● Setting up scripted customer installations ● Logic for single stack v4, dual stack v4/v6, single stack v6 was getting twisted. ● Simple solution, only support single stack v6. ● Add a v4 address at the end only if required. ● New management services can be v6 only. mythic beasts

  19. Customer incentives ● We itemise IPv4 connectivity at £20 per server per year ● We're starting to get accounts departments asking 'if they really need IPv4' ● Increasingly the answer is no ● The easiest way to persuade a techie to deploy IPv6 is make the alternative explaining to the accounts department why the additional expense is necessary mythic beasts

  20. Customers ● T echnical professionals learning IPv6 – proper supported testbed. ● DNS anycast services, BGP etc. ● Non technical managed customers who want the discount ● Roughly 5% of our servers are now IPv6 only mythic beasts

  21. April Fools Pi mythic beasts

  22. Gwiddle ● Joshua Bayfjeld ● CEO Gwiddle Web Hosting ● Free accounts for educational use ● Age 15 mythic beasts

  23. Asking for help & reply ● “ ● I am approaching you today to enquire about the possibility of Mythic Beasts supporting Gwiddle's mission...” ● “All your services run on IPv6 only VMs fronted by our IPv6 proxies, we'll give you a single IPv4 address for logging in for management reasons...” mythic beasts

  24. Questions? ● http://blog.mythic-beasts.com/ – We blog all of our updates ● https://twitter.com/Mythic_Beasts ● Ask me directly pete@ex-parrot.com mythic beasts

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer

Outline IPv6 IPv6 Header IPv6 Addressing IPv6 Neighbor Discovery Jyh-Cheng Chen Department of Computer Science and IPv6 Autoconfiguration Institute of Communications Engineering National Tsing Hua University jcchen@cs.nthu.edu.tw

783 views • 11 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6

IPv6 Ready Logo Aiding IPv6 Deployment Timothy Winters LACNIC 27 May 2017 IPv6 Forums IPv6 Ready Logo Goal 2001-Present: Conformance and Interoperability test program intended to increase user confidence and promote IPv6 deployment.

403 views • 11 slides
IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already

IPv6 Deployment at Monash University John Mann Agenda IPv6 is Coming IPv6 is Already Here Monash IPv6 Progress Addressing End Systems Monitoring Network Address Usage Traffic Monitoring Problems IPv6 is Coming

779 views • 41 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA <keiichi@iijlab.net> IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6

Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 S-38.121 / S-03 / N Beijar IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

617 views • 20 slides
IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6

IPv6 Deployment WG in IPv6 Promotion Council and its Deployment Guideline 2005.2.23 IPv6 Deployment WG Chair Takashi Arano (Intec NetCore, Inc.) IPv6 Deployment Guideline solves barriers for deployment I cant see IPv6s

319 views • 7 slides
Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6

Introduction to IPv6 (Chapter 4 in Huitema) S-38.121 / Fall-04 / N Beijar IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A =

556 views • 20 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 & IPv6 IPv6-only

675 views • 25 slides
IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides
1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

1 IPv6 Packet Format IPv6 Packet Format 40 Byte minimum 0 8 16 31 Mandatory fields

IPv6 IPv6, MPLS History Next generation IP (AKA IPng) Intended to extend address space and routing limitations of IPv4 Requires header change Attempted to include everything new in one change IETF moderated Based

506 views • 5 slides
Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA IPv6 Transition Manager Outreach Chair, Federal IPv6 Task Force Major

382 views • 13 slides
IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and

IANA IPV6 Workshop A View From the Trenches (Some thoughts on IPV6 deployment in enterprise and ISP networks) Joel Jaeggli Nokia This talk is focused on the issues faced by network operators in deploying IPV6 Most of these observations are

548 views • 50 slides
IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu

IPv6 IPv6 IIJ IPv6 Home Networks and IPv6 Appliances Progress and Potential Moderator Kazu Yamamoto, IIJ

338 views • 9 slides
IPv6 Addressing and IPv6 Addressing and Implementation Implementation Rodolfo Kohn Software

IPv6 Addressing and IPv6 Addressing and Implementation Implementation Rodolfo Kohn Software

IPv6 Addressing and IPv6 Addressing and Implementation Implementation Rodolfo Kohn Software Architect Intel Software de Argentina rodolfo.kohn@intel.com IPv6 - Agenda Why IPv6? No business case Different drivers IPv6 main

440 views • 28 slides
The Internet Protocol (IP) Part 2: IPv6 JeanYves Le Boudec Fall 2009 1 1 Contents 1. IPv6

The Internet Protocol (IP) Part 2: IPv6 JeanYves Le Boudec Fall 2009 1 1 Contents 1. IPv6

COLE POLYTECHNIQUE FDRALE DE LAUSANNE The Internet Protocol (IP) Part 2: IPv6 JeanYves Le Boudec Fall 2009 1 1 Contents 1. IPv6 2. NATs 3. Interworking IPv4 / IPv6 4. Routing Implications 5. Recap Some slides come from:

911 views • 73 slides
Framework Li, Bao, and Baker Outcome from the Montreal Interim Basically, merging NAT64 and

Framework Li, Bao, and Baker Outcome from the Montreal Interim Basically, merging NAT64 and

IPv4/IPv6 Translation: Framework Li, Bao, and Baker Outcome from the Montreal Interim Basically, merging NAT64 and IVI to produce a common translation technology Not to exclude other documents, but these form the basis Described

487 views • 14 slides
Research Issues for Software Testing in the Cloud Leah Muthoni Riungu, Ossi Taipale, and Kari

Research Issues for Software Testing in the Cloud Leah Muthoni Riungu, Ossi Taipale, and Kari

Research Issues for Software Testing in the Cloud Leah Muthoni Riungu, Ossi Taipale, and Kari Smolander Software Engineering Laboratory Lappeenranta University of Technology 1 Outline Introduction Motivation Cloud computing

286 views • 13 slides
Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet Steven M.

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet Steven M.

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet Steven M. Bellovin https://www.cs.columbia.edu/smb Join work with Matt Blaze, Sandy Clark, Susan Landau 1 Steven M. Bellovin December 22, 2013 A Note on

366 views • 36 slides
Multi-Context Voice Communication Controlled By Using An Auditory Virtual Space Yasusi Kanada

Multi-Context Voice Communication Controlled By Using An Auditory Virtual Space Yasusi Kanada

Multi-Context Voice Communication Controlled By Using An Auditory Virtual Space Yasusi Kanada Hitachi Ltd., Central Research Laboratory Japan Background History of voice communication media (VCM) Telephone has been used for about 130

436 views • 9 slides
IPv6 at Yahoo IPv6 at Yahoo: growth, disparity Large content network: we see traffic from eyeball

IPv6 at Yahoo IPv6 at Yahoo: growth, disparity Large content network: we see traffic from eyeball

IPv6 at Yahoo IPv6 at Yahoo: growth, disparity Large content network: we see traffic from eyeball networks Two main datasets I watch: HTTP logging Mobile data reporting to Splunk IPv6 at Yahoo: growth, disparity Countries: Mobile:

259 views • 4 slides
STRINT Summary Slides Thanks! We knew we could depend on you for discussion!

STRINT Summary Slides Thanks! We knew we could depend on you for discussion!

STRINT Summary Slides Thanks! We knew we could depend on you for discussion! Dan/Telefonica for hosting! Summary#1 Crypto works, do more, raise-the-bar as Russ said? Tor stinks :-) Crypto is not free, but is worth it,

683 views • 5 slides
Real World IPv6 Presentation at AusNOG 01, Sydney November 2007 1 The Sky is falling ...

Real World IPv6 Presentation at AusNOG 01, Sydney November 2007 1 The Sky is falling ...

Real World IPv6 Presentation at AusNOG 01, Sydney November 2007 1 The Sky is falling ... Regional registry IPv4 address exhaustion predicted at 3 July 2011 Getting IPv4 address space from the registries will get progressively harder

398 views • 22 slides
ARC-CE IPv6 TESTBED Barbara Kraovec, Jure Kranjc ARNES www.egi.eu www.egi.eu

ARC-CE IPv6 TESTBED Barbara Kraovec, Jure Kranjc ARNES www.egi.eu www.egi.eu

EGI-InSPIRE ARC-CE IPv6 TESTBED Barbara Kraovec, Jure Kranjc ARNES www.egi.eu www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE RI-261323 Why ARC-CE over IPv6? - IPv4 exhaustion - On Friday 14 th , RIPE NCC has announced that

609 views • 19 slides

More recommend