| ▲ | bonyt 5 hours ago |
| Does each container network of the 256 really need its own /64? Is there some constraint that doesn't let them work on a /72? |
|
| ▲ | yrro 4 hours ago | parent | next [-] |
| In practice this can be made to work but a networking expert can probably explain better than me why splitting a prefix into chunks smaller than a /64, and assigning them to virtual networks within a host is a bad idea. In Hetzner's specific case: they won't give me one or more additional /72s: only a /56 if I pay for it. Per server. |
| |
| ▲ | kazen44 an hour ago | parent [-] | | splitting things out in a smaller prefix then a /64 breaks a couple of things.
SLAAC will not work, and slaac is actually a really neat usecase for containers.
Not having the overhead of DHCP for container addressing is neat.
Also, smaller blocks then /64 makes things like prefix delegation (usually) also break from a provider. |
|
|
| ▲ | matt-p 4 hours ago | parent | prev [-] |
| A container should absolutely not even need a /72. The traditional reason for /64 is for slaac but you most certainly don't need that for one container (if at all honestly). |
| |
| ▲ | yrro 4 hours ago | parent [-] | | Indeed, a host should be able to request a /64 via DHCPv6-PD and split that between millions of container networks. But you can't do that on Hetzner (or anywhere else). | | |
| ▲ | matt-p 4 hours ago | parent [-] | | Yeah that obviously only works on /56 and above because networks should be a minimum of /64. I use k3s and each host has a /64; cilium just gives each pod a /80 and the host does NDP and stuff. Works fine, no need to require dhcp6. |
|
|
