1

On my Plesk virtual host I get a single IPv4 address and a /64 of IPv6 addresses. When hosting multiple domains on this server, would there be any advantage to using a separate IPv6 address for each domain?

Sander Steffann
  • 7,572
  • 18
  • 29
user440184
  • 13
  • 2

1 Answers1

1

I assume you are talking about hosting multiple websites with multiple domain names on a single server.

From a server configuration point of view just using a single IPv6 address is the easiest. It requires the least configuration, and hosting multiple websites on a single address has been done for ages now and works fine.

But using multiple IPv6 addresses can have some advantages. For example for accounting purposes. If you want to keep track of how much traffic each website uses then having each website on a separate address makes that easier. Also when dealing with DDOS attacks it can help. When defending against a DDOS it is common to (temporarily) drop all traffic to the IP address under attack. This will make the websites on that address unreachable, but it helps to prevent collateral damage to other websites on different addresses. Having a separate address per website helps you to manage that in a more fine-grained manner.

So it really depends on what you do. If you worry about accounting, blacklisting, DDOS management etc. it might be a good idea to use separate addresses. If you just run a few hobby websites then it's probably not worth the extra effort.

Sander Steffann
  • 7,572
  • 18
  • 29
  • Thanks for your answer, but ddos blacklisting would not be on the ipv4 address ? Because i tought i could use the same ipv4 adress for all websites, but different ipv6 adresses. – user440184 Oct 18 '17 at 09:34
  • One thing that is not addressed by this answer is that using separate IP addresses means you can support clients without SNI support. It also helps if you ever want to support any protocol that isn't hostname aware. – kasperd Oct 18 '17 at 09:42
  • 1
    @user440184 Of course clients that only have legacy addresses don't benefit from any of the advantages you get from having multiple addresses. But you should aim to do your IPv6 configuration in the best way that you can, it is not a problem if your IPv6 setup turns out to be better than what you can do with IPv4. – kasperd Oct 18 '17 at 09:45
  • I personally have found that the number of clients without SNI is starting to be negligible. And yes: don't make IPv6 worst just because that is what you do with IPv4 :) Even if your IPv4 address gets DDOSed, clients with IPv6 will still benefit. – Sander Steffann Oct 18 '17 at 09:51
  • @SanderSteffann If you have the statistics around: how many of the surviving non-SNI clients are using IPv6? I'd expect that to be even more negligible. – Gordon Davisson Oct 20 '17 at 00:27
  • @Gordon I don't have the numbers, but I think you are right. The main OS that couldn't do SNI is Windows XP, and that doesn't have IPv6 installed by default. There could be a handful of users who manually installed IPv6, but that would be a tiny group. – Sander Steffann Oct 20 '17 at 08:41