6

So I have a vps provider for a linux server, it states this in my network dashboard on their site:

2607:f840:0044:0022:0000:0000:0000:0000/64 is routed to this server (2607:f840:0:3f:0:0:0:eaa)

2607:f840:0:3f:0:0:0:eaa/64 is the address assigned to the eth0 interface and says GLOBAL next to it.

I understand only a little about IPv6. Each address is 128 bits long, written in hexadecimal form, shortened by omitting leading zeroes or using :: one time. What I don't understand is what it means to have 2607:f840:44:22::/64 'routed' to my IPv6 assigned address 2607:f840:0:3f:0:0:0:eaa/64.

So I can't change a single bit in 2607:f840:0:3f:0:0:0:eaa but I can chose anything from 2607:f840:44:22:0000:0000:0000:0000 to 2607:f840:44:22:FFFF:FFFF:FFFF:FFFF? That'd give me 2^64 possible addresses to work with, but for what purpose?

Hope this question isn't too vague or off topic, thanks for insight.

user66779
  • 153
  • 1
  • 1
  • 7

3 Answers3

10

Welcome to the wonderful world of having far more IP addresses than you'll ever know what to do with. (And good on your VPS provider for doing it right and assigning you a /64 instead of something smaller, which a lot of misguided providers seem to be doing...)

One purpose, as you may have guessed, is so that nobody ever runs out of IP addresses, ever. Or at least not for a very long while...

So this is how it's going to work for you:

  1. Your IP address assigned to eth0 interface is 2607:f840:0:3f::eaa. This is on the upstream provider's /64. When packets come in for your subnet, 2607:f840:44:22::/64, your upstream provider routes them to your eth0 interface.

  2. What you do with the packets when they arrive is entirely up to you. Since you're on a VPS you probably don't need a whole lot of addresses, so you could just start assigning them from ...::1 to your existing eth0 interface.

    For example:

    ip addr add 2607:f840:44:22::1/64 dev eth0
ip addr add 2607:f840:44:22::2/64 dev eth0
ip addr add 2607:f840:44:22::3/64 dev eth0
ip addr add 2607:f840:44:22::deca:fbad/64 dev eth0
ip addr add 2607:f840:44:22:feed:face:dead:beef/64 dev eth0

    If you're further dividing your VPS into containers (e.g. OpenVZ or LXC) then you could route the /64 to the network bridge which will serve the containers, and assign addresses to the containers.

See also the closely related question, How does IPv6 subnetting work and how does it differ from IPv4 subnetting?

Community
  • 1
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Great explanation. If i were using this server as an ipv6 tunnelbroker for example, what would my public facing ip be when web browsing etc? – user66779 Dec 19 '12 at 07:40
  • Typically it would be the first global address assigned to the interface, e.g. your upstream address in the case of this VPS. I'm not sure how you can cause your outgoing IP address to default to one of the other addresses (it's something to look up, I suppose...) – Michael Hampton Dec 19 '12 at 07:43
3

Let me answer by quoting from RFC 5375: IPv6 unicast address assignment considerations

Using a subnet prefix length other than a /64 will break many features of IPv6, amongst other things Neighbor Discovery (ND), Secure Neighborship Discovery (SEND) [RFC3971], privacy extensions [RFC4941], parts of Mobile IPv6 [RFC4866], PIM-SM with Embedded-RP [RFC3956], and SHIM6 [SHIM6]. A number of other features currently in development, or being proposed, also rely on /64 subnet prefixes.

Your provider is simply sticking to safe standards. You get a huge address space to work with, but that is a good thing. It makes things future proof.

Hennes
  • 4,772
  • 1
  • 18
  • 29
  • The whole point of IPv6 was to eliminate address scarcity. Now, we all have to learn to stop thinking of public addresses as a scarce resource. – David Schwartz Dec 19 '12 at 07:30
  • 1
    I got a /48 for my _home_, just for the asking. I cannot wait for the rest of the world to catch up. – Michael Hampton Dec 19 '12 at 07:34
  • Using a /64 prefix on the LAN is not related to routing a different /64 prefix to the server – Sander Steffann Dec 19 '12 at 08:10
  • But surely with some basic networking one could have a way for forwarding that /64 to eth0 then out to the internet. Otherwise it's kind of pointless. You have one globally accessible ip, and a zillion for your lan? – user66779 Dec 19 '12 at 08:19
  • 2
    All the IPs for your LAN are globally accessible. It specifically says that /64 is routed to you. – David Schwartz Dec 19 '12 at 15:19
0

What I don't understand is what it means to have 2607:f840:44:22::/64 'routed' to my IPv6 assigned address 2607:f840:0:3f:0:0:0:eaa/64.

It means they are treating your server like a router.

When a device wants to send a packet it looks up the destination in it's routing table.

A route can point at just an interface. An example of this is the implicit route create by the subnet mask but at least on linux such routes can be added explicitly too. In this case the destination IP address is taken as the next hop IP address.

Alternatively a route can point at a combination of an interface and a next-hop IP address. In this case the specified next hop Ip address is used

For IPv6 6 the next hop IP address is then resolved to a MAC address using neighbour discovery (IPV4 uses ARP).

So what it means is when the provider's router looks up any address in 2607:f840:44:22::/64 it will do neighbour discovery for 2607:f840:0:3f:0:0:0:eaa and send the packet to the MAC address that it finds.

Peter Green
  • 4,056
  • 10
  • 29