But apart from that, IPv6 at DO is indeed pretty useless without floating ip support - I'm still not able to use IPv6 on the droplet for application that need failover
It's not uncommon to have multiple layers of virtualization (e.g. lxc/docker running inside qemu/kvm). You'd need top-level hypervisor to passthrough (bridge?) nested VMs requests back to the router, but then you don't have same level of isolation.
Configurable prefix length when nesting (/64 at first level, /80 at 2nd, /96 at 3rd if needed) and automated NDP proxying could solve it, though.
NDP is the abominable child of ARP and an IGP and doesn't scale well. Using huge address spaces everywhere is a good way to let it crush your network.
im also confused as to what this paper is talking about in terms of new features.../64 and per host is already a thing in linux. RADVD for example allows you to delegate upstream prefixes to additional interfaces in linux routing. these /64 delegations are handled by the linux host that delegated them and are only known one step above that router as a singly delegated prefix from the "gateway." prefix delegation was designed explicitly for the /64.
if anything home ISP's need a slap on the wrist for their stingy DHCPv6 delegations of what basically amount to a SINGLE ipv6 address or some weird less-than /64. splitting a 56 is a better idea here.
This is the single most infuriating issue with IPv6 rollout in the US. CenturyLink is starting to roll out native IPv6 support (instead of 6rd which they've been using for years), the only issue is you get a single /64. I mean, I have no use for giving every single host a /64, but I've got five or six VLAN's and without at least a /56 I've got no way of actually deploying IPv6 on my network. By the way, this is a business DSL connection too - so it's not like they shouldn't expect something more than your typical flat home network where everything sits on a single broadcast domain.
Why can't you subnet the /64? CenturyLink isn't doing dot1q tagging to you, so you must have a router with tagged interfaces on your network.
Edit: Imagine this is because you want to use SLAAC.
Not just because of SLAAC, prefixes smaller than /64 are likely to mess with all sorts of assumptions built into networking gear. It may not be "correct" since there are valid reasons for subnets as small as a /127 (though they are used infrequently enough at least), but a lot of networking gear cheats with IPv6 routes to keep the amount of TCAM memory needed down. Why spend 128-bits per route and quadruple the memory required when you can double it and go 64-bits per route and dump the longer ones to slower DRAM (I mean, you only use /127's for point-to-point links that don't need link-rate switching anyway)?
Regardless of anyone's philosophy of address assignment strategies, prefixes smaller than /64's in IPv6 are un-wise unless you want to degrade into worst-case routing paths on your network gear.
Good example: The SRX300, a desktop router/firewall implemented on a MIPS based Cavium Octeon (both control and data plane) can handle up to 256K IPv6 routes:
The Trident series SOC's can do 8K by default, and 64K with ALPM enabled:
>(I mean, you only use /127's for point-to-point links that don't need link-rate switching anyway)?
/126's and /127's are often used for PTP's for peering/transit. Line rate is table stakes. Bear in mind that the gear used in these situations has plentiful lookup memory (SRAM, RLDRAM, HMC, or HBM).
From the article:
"Provides a very simple mechanism for a single host or interface to be able to run 2^64 virtual machines"
That equates to AT LEAST 2^64 NDP entries. And when the L3 domain is scoped to that of a single hypervisor, router redirects are not relevant.
Maybe I have this wrong, but I think the idea here is talking more on layer 3, whereas you are imagining everything sharing the same layer 2 network?
We could do zero downtime, 1 or 2 packets lost live migration of workloads from one hypervisor host to another and had full ECMP capabilities.
We did this with both IPv4 and IPv6. There is nothing special about IPv6, but it does make it easier to aggregate routes.