How to correctly implement IPv6 on a hosting company

RouterOS General
1

Hello, we are a hosting company and I think we’re not implementing IPv6 correctly.

We provide VPS servers and our customers are able to enable IPv6

On routing level, we have a unique gateway: 2a00:c0c1::/32
We provide a /48 to every customer, like: 2a00:c0c1:aa::/48
And each customer can assign a /64 to each VPS, like: 2a00:c0c1:aa:1::/64

On the software virtualization level we have ebtables to restrict what /64 IPv6 can each VPS use

Then, a VPS can configure this IPv6: 2a00:c0c1:aa:1::1000
And with this gateway: 2a00:c0c1::/32

Also, on the routing level all is under vlan0

The problem, is that customers VPS receive “multicast” or some kind of “neighbor solicitation” and “router solicitation” traffic. (tcpdump).

We welcome any recommendations to improve this implementation.

Thank you.

This is what we see on the “switch” torch.

2

Please check out this article from one of our Senior Network Architects. It will give you a general idea. It is oriented to ISPs but the dual stacking and the DHCPv6 and Prefix Delegation apply to your case too. It is possible it will generate more questions than answers :slight_smile: but I think it is a good start for a conversation

https://stubarea51.net/2018/09/14/wisp-design-an-overview-of-adding-ipv6-to-your-wisp/

3

Hello IPAsupport, thanks for your reply.

In our case, is not a option to split each customer IPv6 /48 in a VLAN, we have around 5000 customers now, so it’s imposible to manage 5000 VLANS.
And also very dificult to manage when we want to move a VPS from one node to other node. Specially when a customer han a lot of VPS in different nodes.
We need to continue to use only the vlan0.

In the document, there is not any information about how to configure the gateways on each VPS, but I’m not sure if it’s relevant for my issue.

Thanks.

4

The VLANs are for managing your broadcast domains. In the article there is only one computer in the diagram but the VLAN is actually for the wireless tower. In your case I think You can assing a VLAN to each server rack, if we are talking about 5000 physical servers will be what? 100+ racks?