Virtualizor Hetzner IPV6 subnets

Question

I am trying to configure a Virtualizor instance on a Hetzner machine but I can't make it to work since I need to "nat" the IPV6 subnets.

I divided my /64 subnet by multiple /80 subnets and I added a few addresses to use with the machine. I tried to use the "routed network" option but it didn't work.

I am using ubuntu 18.04 LTS with a netplan brdige like this :

network:
  version: 2
  renderer: networkd
  ethernets:
    enp35s0:
      match:
        macaddress: 70:**:**:**:**:30
      dhcp4: no
      dhcp6: no
  bridges:
    viifbr0:
      macaddress: 70:**:**:**:**:30
      interfaces:
        - enp35s0
      dhcp4: no
      dhcp6: no
      addresses:
        - ***.***.85.132/32
        - 2a01:4f8:***:***::2/64
      routes:
        - to: 0.0.0.0/0
          via: ***.***.85.129
          on-link: true
      gateway6: fe80::1
      nameservers:
        addresses:
          - 213.133.100.100
          - 213.133.98.98
          - 213.133.99.99
          - 2a01:4f8:0:1::add:1010
          - 2a01:4f8:0:1::add:9999
          - 2a01:4f8:0:1::add:9898

I have no idea how i could make this work out and the support says it's not possible..

If i could use the NAT option like in IPV4 i don't think it would be an issue.

Answer 1

The subnet mentioned.

Is that the subnet assigned to your server by Hetzner?

In that case it is correct you cannot subnet the /64 subnet into smaller subnet.

However:

It is possible to get an unused /64 routed to your server, which you can split as much as you like.

But it is not the recommended way todo subnetting in IPv6, since the last 64 bit is normally reserved for host address.

SLAAC has privacy extensions that makes the host change its IPv6 address very often (like every 2 hours or shorter) and EUI-64 uses for instance a host MAC address to construct the static IPv6 address assigned to a given host.

Normally you will get an unused /48 block routed to your server, which you can divide the way you like into all the way down to /64.

An example how to split:

Say you have a main office and a number of remote branch offices.

You want the whole network accessible via IPv6.

You could then split a /48 subnet into multiple /56 subnets and assign a /56 to each office.

Using this scheme it is possible to have 256 offices reachable from the same /48 subnet.

Each office can in turn split the /56 subnet into /64 subnets and assign a /64 subnet to each VLAN in the office. That means each office can have 256 VLANs accessible via IPv6.

Where to get a /48 subnet you can play with?

The easiest way is to create a account at Tunnelbroker.net and and apply for a routed /48 subnet.

It is not straightforward to use this network with your Hetzner server, since it has its own IPv6 address, so you have to read up on how to configure sourced based routing, but it is doable.

But the solution how to do it is out of scope of this question.