Understanding IPv6 subnetting in a commercial VPS scenario

Continuing the discussion from IPv6 address is not appearing in 'lxc list' output:

I have a commercial VPS with the following address configuration:

$ ip a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether da:54:75:aa:84:a8 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a05:8b81:1000:1::b0bf:7e86/48 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::d854:75ff:feaa:84a8/64 scope link 
       valid_lft forever preferred_lft forever

@tomp wrote:

I’m new to using IPv6, so if I start saying things that don’t make sense, do feel free to correct me.

This blog post (“How to assign IPv6 addresses to lxd containers on a VPS”) describes a situation similar to my own. Ryan writes:

So far, every VPS seller I’ve purchased from assigns each customer an entire /64 “prefix” (or a small subset of a prefix, or even a single address), but instead of using prefix delegation to advertise and route this prefix—as an Internet provider or cellular operator with native IPv6 would—they unceremoniously dump your server, and the servers of your “neighbors,” onto a common /48 prefix with a static gateway.

The following table, copied verbatim from my VPS provider’s network configuration page, suggests this is the result of a misguided attempt to translate a legacy IPv4 configuration into IPv6-speak…

This seems to fit my case. The provider has given me an address with a /48 mask, while telling me that I only have a single address. There are 65536 /64 networks on this /48 network, so telling me I can only have one single IP address seems ridiculous, which is what I meant by “miserly”.

If the provider says that I have only the one address, are they telling the truth? Pinging an immediately adjacent address from the host gives this:

$ ping6 -c 4 2a05:8b81:1000:1::b0bf:7e85
PING 2a05:8b81:1000:1::b0bf:7e85(2a05:8b81:1000:1::b0bf:7e85) 56 data bytes
From 2a05:8b81:1000:1::b0bf:7e86 icmp_seq=1 Destination unreachable: Address unreachable
From 2a05:8b81:1000:1::b0bf:7e86 icmp_seq=2 Destination unreachable: Address unreachable
From 2a05:8b81:1000:1::b0bf:7e86 icmp_seq=3 Destination unreachable: Address unreachable
From 2a05:8b81:1000:1::b0bf:7e86 icmp_seq=4 Destination unreachable: Address unreachable

--- 2a05:8b81:1000:1::b0bf:7e85 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3070ms

The chances are extremely high that the host doesn’t exist, but then I would expect the ping requests to time out. I assume they are only routing the addresses that they have actively assigned to prevent Wild West-like conditions on their internal network.

Best thing to do is ask them what you have and ask if they can route you a dedicated subnet.

1 Like