23 Sep
2024
23 Sep
'24
6:59 p.m.
Hi,
On Mon 23 Sep 2024 01:08:15 GMT, Andy Smith via BitFolk Users wrote:
I expect to be reserving a /48 for each VM but as the
majority of people
use either zero or one IPv6 address, only one IPv6 address from the new
assignment will initially be routed to your VM. For those wanting more we
will add a feature to the Panel and/or Xen Shell to expand the routing to
a /64 or the full /48 (and maybe something in between there also). The
goal is for that to not require a support ticket.
This sort of thing is desirable to prevent neighbour table exhaustion
attacks, where someone cycles through many addresses in a /64 (or larger).
My 2ct are to route the /48 instead of bridging it, so you only have
one neigh regardless on how many IPs are used. So you get something like
this:
2a00:5884:8200::/48 via fe80::1453:2aff:fe33:a60c dev tap117i0 metric 1024 pref medium
2a00:5884:8204::/48 via fe80::c8fd:83ff:fe88:7052 dev tap116i0 metric 1024 pref medium
2a00:5884:8205::/48 via fe80::c84:fdff:fe9e:7678 dev tap121i0 metric 1024 pref medium
(and so on)
The fe80 is directly extracted from the MAC.
--
Alarig