DigitalOcean home
  • Droplets
  • Spaces
  • Kubernetes
  • Tools & Integrations
  • One-click Apps
  • API Documentation
  • Community
  • Tutorials
  • Q&A
  • Projects
  • Meetups
  • Customers
  • Pricing
  • Docs
  • Support
  • DigitalOcean home
  • Products
    • Droplets

      Scalable compute services.

    • Spaces

      Simple object storage.

    • Kubernetes

      Run managed Kubernetes clusters.

    • Tools & Integrations

      Automate your infrastructure.

    • One-click Apps

      Deploy pre-built applications.

    • API Documentation
  • Customers
  • Community
    • Community Overview

      Connect, share and learn

    • Tutorials

      DevOps and development guides

    • Questions & Answers

      Development and systems Q&A

    • Projects

      Community-built integrations

    Get Involved
    Write for DOnations
    Join us at a Meetup
    Featured Post
    An Introduction to Kubernetes

    by Justin Ellingwood

  • Pricing
  • Docs
  • Support
    • Documentation

    • Contact Support

    • Network Status

  • Home /
  • DO-I-1029 /
  • New idea
12 Vote

Implement rfc4193 ULAs for private networks and assign IP addresses to Droplets with both IPv6 and Private Networking.

In order to use DigitalOcean to test software compatibility in an IPv6 only environment, one will need to have rfc4193 Unique Local Addresses (fc00::/8) for DigitalOcean private networks. Since DO assigns non-routable IPv4 addressing on private networks, complete IPv6 support on par with IPv4 would also require IPv6 local addresses.

Link local (fe80::/10) addresses are not sufficient for multi homed Droplets (private networking enabled). Since all link-local addresses share the same numerical prefix, the routing choice of which interface to transmit on for any given fe80::/10 address is ambiguous, and targeting those addresses requires a sender interface selection, and therefore cannot be tracked centrally by DNS. Not all software accepts IPv6 address numbers with a local interface identifier suffix.

RFC4193 provides a standard way to do this. DO tenants *could* implement this with a tiny droplet providing a private rfc4193 prefix via SLAAC, but this leaves a lot of complexity to those tenants, specifically managing which rfc4193 sec. 3.2 Global ID to select per account and which sec. 3.1 Subnet ID to assign for each private network provided by each region.

I would suggest that DO generate an rfc4193 sec. 3.2 Global ID attribute for each account, and also an rfc4193 sec. 3.1 Subnet ID for each region, and then implement SLAAC on DO router infrastructure to assign interfaces to droplets. Optionally, the DO router interface for the IPv6 ULA private networks could be metered as a public interface, and optionally configured to forward packets to other IPv6 ULA networks bearing a prefix matching the DO generated rfc4193 sec. 3.2 Global ID.

Currently, DO private networks do not support IPv6 on par with support for IPv4. I believe implementing rfc4193 ULAs for private networks and assigning IP addresses to Droplets with both IPv6 and Private Networking would close that gap.

  • Jeremy McMillan
  • Sep 11 2018
  • Future consideration
VPC
  • Comments (3)
  • Votes (12)
  • Attach files
  • Emma Brightblade commented
    5 Mar 07:39am

    I am adding my support for IPv6 prefixes, but please use global addresses. ULAs are not necessary for this when plenty of global space already exists.

    ×

    Attachments Open full size

  • Jeremy McMillan commented
    11 Sep, 2018 04:39pm

    The suggestion to add a pfSense droplet kernel/image is apparently quite popular:
    http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/4118042-provide-pfsense-as-an-option-for-droplets

    If I could make a pfSense droplet, I could provide my own rfc4193 IPv6 ULA on private DO networks.

    ×

    Attachments Open full size

  • Christian Kratzer commented
    11 Sep, 2018 04:39pm

    Please use globally valid ipv6 addresses for private networks and assign at least a /64 per data center for the customers private network.

    There are much more use cases for globally valid ipv6 addresses on the private network than there are for ULA.

    ×

    Attachments Open full size

Log in / Sign up

Identify yourself with your email address

Subscribe

You won't be notified about changes to this idea.

Related ideas

DigitalOcean home

© 2018 DigitalOcean, LLC. All rights reserved.
Proudly made in NY

  • Twitter
  • Facebook
  • Instagram
  • YouTube
  • LinkedIn
  • Glassdoor
Company
About
Leadership
Blog
Careers
Partner Network
Referral Program
Events
Press
Legal & Security
Products
Droplets
Spaces
Kubernetes
Tools & Integrations
One-click Apps
API
Pricing
Documentation
Release Notes
Community
Tutorials
Meetups
Q&A
Write for DOnations
Droplets for Demos
Hatch
Shop Swag
Research Program
Currents Research
Open Source
Support
Contact Support
FAQ
Network Status