Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Routing a /96 prefix to external servers?  (Read 6945 times)

smoochict

  • Newbie
  • *
  • Posts: 26
Routing a /96 prefix to external servers?
« on: January 24, 2011, 02:41:17 AM »

Hello

I've got a /48 prefix and would like to route them to my other servers (They are VPSes).

How could i do this?
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2736
Re: Routing a /96 prefix to external servers?
« Reply #1 on: January 24, 2011, 06:04:46 AM »

Are they on the same network?  Just change the routing table on your tunnel machine
Logged

smoochict

  • Newbie
  • *
  • Posts: 26
Re: Routing a /96 prefix to external servers?
« Reply #2 on: January 24, 2011, 09:37:49 PM »

No
Logged

antillie

  • Full Member
  • ***
  • Posts: 104
Re: Routing a /96 prefix to external servers?
« Reply #3 on: January 24, 2011, 10:51:19 PM »

The only way to route a chunk of your /48 to an external server would be to setup some sort of tunnel over IPv4 from your tunnel device to the remote external server. 6in4, GRE, IPSec VPN, or whatever. It would probably be easier to just setup a separate tunnel to HE on each VPS host. Or pester your VPS provider to add IPv6 support to their hosting offerings.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Routing a /96 prefix to external servers?
« Reply #4 on: January 24, 2011, 10:55:15 PM »

Or if they're in an infrastructure which can support IPv6 routing, just set it up on your router(s) and carve out subnets out of your /48.  But since they're VPS, I imagine the network is run by the provider.
Logged

smoochict

  • Newbie
  • *
  • Posts: 26
Re: Routing a /96 prefix to external servers?
« Reply #5 on: January 25, 2011, 12:11:26 AM »

How could i route it using a custom ipv6 in ipv4 tunnel?

Logged

antillie

  • Full Member
  • ***
  • Posts: 104
Re: Routing a /96 prefix to external servers?
« Reply #6 on: January 25, 2011, 12:43:32 AM »

That would depend on the type of router you are using to terminate your current 6in4 tunnel to HE and what type of device you would be using to terminate the new tunnel to the VPS site.

If you were using a Cisco router for your original tunnel to HE and had a Cisco router in front of your VPS hosts and your assigned /48 was, say, 2001:0db8:f00::/48 you would use something like this:

"Main" Router:

interface Tunnel0
description Hurricane Electric IPv6 Tunnel Broker
no ip address
ipv6 address 2001:0db8:beef:cafe::2/64
ipv6 enable
tunnel source <Main router IPv4 address>
tunnel destination <HE.net tunnel server address>
tunnel mode ipv6ip

interface Tunnel1
description Tunnel to VPS site
no ip address
ipv6 address 2001:0db8:f00:10ad::1/64
ipv6 enable
tunnel source <Main router IPv4 address>
tunnel destination <VPS router IPv4 address>
tunnel mode ipv6ip

ipv6 route 2001:0db8:f00:bee5::/64 2001:0db8:f00:1oad::2
ipv6 route ::/0 2001:0db8:beef:cafe::1

VPS site router:

interface Tunnel0
description Tunnel to main office
no ip address
ipv6 address 2001:0db8:f00:10ad::2/64
ipv6 enable
tunnel source <VPS router IPv4 address>
tunnel destination <Main router IPv4 address>
tunnel mode ipv6ip

int f0/0
ipv6 address 2001:0db8:f00:bee5::/64 eui-64
ipv6 enable
ipv6 nd prefix 2001:0db8:f00:bee5::/64

ipv6 route ::/0 2001:0db8:f00:10ad::1

Now since you are talking about a VPS hosting environment I doubt that you will be able to place an IOS router in front of your VPS boxen. So you will probably need to build a separate tunnel to each VPS host individually. In which case, why not just build a tunnel from each VPS host directly to HE.net and call it a day?
« Last Edit: January 25, 2011, 02:18:39 PM by antillie »
Logged

smoochict

  • Newbie
  • *
  • Posts: 26
Re: Routing a /96 prefix to external servers?
« Reply #7 on: January 25, 2011, 12:54:27 AM »

The routed /48 is a assigned to a VPS

I don't have access to a router of any kind
Logged

antillie

  • Full Member
  • ***
  • Posts: 104
Re: Routing a /96 prefix to external servers?
« Reply #8 on: January 25, 2011, 12:57:44 AM »

Where is this /48 routed from? I am assuming that this /48 is routed to your existing HE.net 6in4 tunnel.

If your VPS provider doesn't offer IPv6 I'm not sure how you could have a /48 assigned to a VPS host. Or are you terminating your tunnel to HE on one of your VPS hosts? If that is the case then you could just build 6in4 tunnels from that VPS host to the others. But as I said earlier it would probably easier to just use a separate tunnel directly to HE from each host at that point.
« Last Edit: January 25, 2011, 01:03:44 AM by antillie »
Logged

smoochict

  • Newbie
  • *
  • Posts: 26
Re: Routing a /96 prefix to external servers?
« Reply #9 on: January 25, 2011, 01:22:28 AM »

Theres two reasons i don't want to just create another tunnel for my vpses:
1. Its wasting resources allocating loads of ips from HE for each VPS
2. I want the ips to be in the same range, e.g. 2001:470:89ae::/48 instead of multiple /48s or /64s

I do have one VPS which has native ipv6 but only has a /96 ipv6, it'd be hard to allocate them to others

Is there a tutorial on how i could route a HE assigned ipv6 range into multiple /96s to external vpses
Logged

antillie

  • Full Member
  • ***
  • Posts: 104
Re: Routing a /96 prefix to external servers?
« Reply #10 on: January 25, 2011, 01:38:04 PM »

Theres two reasons i don't want to just create another tunnel for my vpses:
1. Its wasting resources allocating loads of ips from HE for each VPS

I'm not so sure about that. This is IPv4 thinking. HE.net wouldn't be offering free tunnels to everyone if they were seriously worried about running out of IPv6 address space. They need IPv6 space for their paying customers too. Honestly, 2^128 is an awfully big number.

In fact, if you built a new tunnel to HE.net for each VPS host and just used your assigned /64 for each tunnel then you would be using far less address space than if you took a /48 on your first tunnel and re-routed bits of it to your VPS hosts. So unless you have more than 32,768 VPS hosts using a separate tunnel to HE.net for each of them is actually a more efficient use of the IPv6 address space. (Two /64's per tunnel, one for the tunnel itself, and one for your routed /64. Compared to the 65,536 /64's in a /48.)

2. I want the ips to be in the same range, e.g. 2001:470:89ae::/48 instead of multiple /48s or /64s

I guess this makes sense if you need to write firewall rules that encompass all of your VPS hosts. But unless we are talking about hundreds or thousands of hosts and not just 10 or 20 I'm not sure what the advantage would be.

I do have one VPS which has native ipv6 but only has a /96 ipv6, it'd be hard to allocate them to others

That /96 leaves you with 32 bits to break into additional networks via subnetting. That's as much address space as the entire IPv4 internet. (its actually more if you consider RFC1918 and other reserved IPv4 blocks like multicast and loopback) So you have more than enough room to split your /96 into smaller subnets and route them to your other VPS hosts via tunnels.

Is there a tutorial on how i could route a HE assigned ipv6 range into multiple /96s to external vpses

What operating system are your VPS hosts running? HE's site provides examples of how to setup a 6in4 tunnel on most OS's including Windows, Linux, OSX, BSD, Solaris, and Vyatta. So you could probably use HE's example as a template to build 6in4 tunnels between your VPS hosts.

But no, I don't think there are any such tutorials as people generally just build a new tunnel to HE.net since its easier than messing around with re-routing bits of one of HE's /48 ranges.
« Last Edit: January 25, 2011, 02:30:53 PM by antillie »
Logged

smoochict

  • Newbie
  • *
  • Posts: 26
Re: Routing a /96 prefix to external servers?
« Reply #11 on: January 28, 2011, 02:07:24 AM »

The OS is ubuntu 10.10
Logged

antillie

  • Full Member
  • ***
  • Posts: 104
Re: Routing a /96 prefix to external servers?
« Reply #12 on: January 28, 2011, 11:01:55 AM »

One of the Linux templates should work then.
Logged