I would like to create a private network between multiple linodes in the same datacenter. I could obviously use something like OpenVPN to do that. But I was thinking a much simpler solution would be to get an IPv6 pool from linode, and just let the linodes communicate over that pool. As I understand it, linode makes it impossible for other servers to spoof an address in my IPv6-pool range. So if I firewall accordingly and drop any traffic outside the pool, it's not possible for other servers to communicate with my servers, or sniff/see my traffic.

Is this true, or am I missing something important here? I am planning on using multicast/unicast discovery for distributed services in the private network.

Thanks for any comments!

You could also use the private IPv4 addresses, you don't need IPv6 or a VPN to do this.

Although they may not need IPv6 to do this, they will need IPv6 for many other things going forward. It would be better to go ahead and get the IPv6 in play rather than mess around with RFC 1918 addresses. If you are going to take a reboot, you might as well go forward rather than backward.

It'll be a few years before IPv6 is required for any other things, let alone many other things. With current usage at about 1%, and IPv6 being of questionable utility until it hits 100%, it's not something to be concerned with at this point in time.

Or you could set it up now, be used to how it all works, and be ahead of the game. It's the difference between following the herd or being a trailblazer. The OP sounds like the latter to me. More power to them.

Except that the "game" is a vague and moving target with no real timeframe for viability and absolutely zero ROI for the foreseeable future.

Using your "idea", the TSA would have been setup and waiting at Kitty Hawk to make Wilbur take his shoes off for a security inspection.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Apparently mentioning terrorism is the new Godwin's Law. Thanks for killing that thread entirely.

As I understand it, yes, all traffic in the private network is isolated and secure. See Caker's comment on this thread: http://forum.linode.com/viewtopic.php?p=39528

The obvious advantage with IPv6 is the fact that you can request an ip pool and simply implement one firewall rule for all linodes within that pool. Simple, secure, easy. It's a lot more complex with IPv4.

I don't see any downside to going with ipv6.

Have fun!

Though I believe the traffic on the private network also doesn't count against bandwidth, but ipv6 traffic would. Could be a huge factor.

_________________
--
Chris Bryant

Ok, thanks for the answers.



I thought all linodes are in the same LAN? Using IPv4 I won't have my own subnet, hence I'll have to change firewall rules on each server, when I bring new servers up or shut some down. Without either my own subnet, or constantly managing firewall rules, I don't see how I can have secure multicast discovery, or even protect myself against port-sniffing from other linodes.

Yes that was my thinking. Just needed some reassurance that it's indeed secure...

Thanks

IPv6 traffic over the private network doesn't count against your bandwidth quota. See http://www.linode.com/IPv6/