Support for IPv6-only with private networking

October 15, 2015 1.2k views
IPv6 DigitalOcean Deployment Networking

Feature Request: implement rfc4193 ULAs for private networks and assign IP addresses to Droplets with both IPv6 and Private Networking.

In order to use DigitalOcean to test software compatibility in an IPv6 only environment, I will need to have rfc4193 Unique Local Addresses (fc00::/8) for DigitalOcean private networks. Since DO assigns non-routable IPv4 addressing on private networks, complete IPv6 support on par with IPv4 would also require IPv6 local addresses.

Link local (fe80::/10) addresses are not sufficient for multi homed Droplets (private networking enabled). Since all link-local addresses share the same numerical prefix, the routing choice of which interface to transmit on for any given fe80::/10 address is ambiguous, and targeting those addresses requires a sender interface selection, and therefore cannot be tracked centrally by DNS. Not all software accepts IPv6 address numbers with a local interface identifier suffix.

RFC4193 provides a standard way to do this. DO tenants could implement this with a tiny droplet providing a private rfc4193 prefix via SLAAC, but this leaves a lot of complexity to those tenants, specifically managing which rfc4193 sec. 3.2 Global ID to select per account and which sec. 3.1 Subnet ID to assign for each private network provided by each region.

I would suggest that DO generate an rfc4193 sec. 3.2 Global ID attribute for each account, and also an rfc4193 sec. 3.1 Subnet ID for each region, and then implement SLAAC on DO router infrastructure to assign interfaces to droplets. Optionally, the DO router interface for the IPv6 ULA private networks could be metered as a public interface, and optionally configured to forward packets to other IPv6 ULA networks bearing a prefix matching the DO generated rfc4193 sec. 3.2 Global ID.

Currently, DO private networks do not support IPv6 on par with support for IPv4. I believe implementing rfc4193 ULAs for private networks and assigning IP addresses to Droplets with both IPv6 and Private Networking would close that gap.