Page 2 of 2

The major problem with SolusVM’s IPv6 implementation

SolusVM, the well-known VPS control panel, has supported IPv6 for a couple of years now. There has been one major problem, though: it’s terrible implementation and the consequences of that.

The implementation

SolusVM assigns IPv6 addresses to users by randomly handing out individual IPv6 addresses out of a larger range. Not an actual block; SolusVM requires you to give a set range of addresses from which to generate random ones. This allows the SolusVM Administrator or Reseller to assign up to 200 individual random addresses to an actual VPS.

IPv6 wasn’t designed for individual addresses, though. It was designed to give end users a block of addresses, the smallest one being a /64. The reason behind this being that the last 64 bits of the 128-bit IPv6 address are used as the interface identifier. It defines a unique interface inside a network, a subnet. This ensures that wherever an interface is, the last 64 bits should never have to change, only the first 64 bits, meaning an address inside a network is theoretically always available. This makes NAT completely unnecessary. More importantly, though, the last 64 bits are used for several IPv6 features: Neighbor Discovery (ND), Stateless Address Autoconfiguration (SLAAC), privacy extensions, and others. Not having a /64 assigned prevents people from using those features.

The problem

With SolusVM not assigning /64 blocks to end users they not only not get all the features of IPv6. They get a free problem with it: incompatibility with those that do use those features.

The best example of this is Google Mail. When you have VPS backed by SolusVM (no matter the virtualization technology) and with statically assigned random IPv6 addresses, you cannot send e-mail to Google Mail addresses using IPv6! Why not? Because the addresses you have come from a /64 (or worse, even smaller) and all your friendly neighbors who have a VPS with IPv6 addresses from that same block, will probably also try sending mail. Google Mail just looks at the /64 when receiving mail via IPv6 and notices that there is a lot of activity coming from that block. No wonder, because there could literally be hundreds of servers with an address from that block of IPv6 addresses. So, Google Mail considers it SPAM and starts blocking every address from that entire range. The result: you either have to disable IPv6 on mail sent to Google or you cannot send mail to Google using IPv6 (your mail server determines which address to use, IPv4 or IPv6).

And that’s just one example…

The solution

SolusVM should start implementing IPv6 the way it should have been years ago: giving users the option to assign a /64 to their VPS and then enable addresses from that /64 to the VPS (so they are actually available in the VPS). This way you don’t have to assign millions of unused addresses to the server and you give the users an address block that is in accordance with IPv6’s design and implementation. It will not only solve the Google Mail problem, but also other (and potentially future) problems.

Hello world!

Welcome to my blog! It’s been a while. I’ve decided to write blog posts regularly again, either long or short, on a variety of topics. This website will also contain some more information about who I am and what I do.

For now, this will have to as the first post.

Hello world!

© 2017 mpkossen.com

Theme by Anders NorénUp ↑