Hacker News new | past | comments | ask | show | jobs | submit login
An IPv6-only VPS that costs less (gandi.net)
96 points by amybe on Nov 29, 2013 | hide | past | web | favorite | 80 comments

Sounds like an interesting solution for back end servers and compute clusters. Your front end or control server has IPv4 to talk to the world, but all your database and back end compute servers that only talk to the front end server can be IPv6 servers to save money.

If you use Cloudflare (and maybe other CDNs though I don't know any) they can proxy you an ipv4 address to your ipv6 only backend, so you don't really need your own ipv4.

> "Due to this situation, the market value of IPv4 addresses is rising... "

This is fantastic news. I have a private network full of them.

True, but private networking solves that issue too.

But notice that private networking is more complex. If you want to reach non-public server, either you have to log in into a public server in the same network and then open another connection, or you need VRF routing (ouch!).

With IPv6 you can just ssh into the box directly.

That's a lot of surface area you're exposing.

Yeah, this unfettered inter-networking sounds like a really bad idea. If only there was a way to control access besides fragmented addressing islands...

Some people put public v4 addresses on machines already. I would if they weren't so scarce.

That's what firewalls and packet filters are for.

For reference, that shaves between 1 and 2€/month and makes a small instance 17% cheaper: https://www.gandi.net/hosting/iaas/prices

It's also worth noting that a lot of the pay4botnet sites masquerading as stress testing services can't/won't do ipv6, which offers slightly more availability with ipv6 linked or dual-stack services - at least for now.

Unrelated to the ipv6 subject, but does anyone else just find the whole concept of "credits" that gandi is using absolutely irritating?

I know that it lists "or about $xx.xx per month" next to the credit cost, but why in the hell even have the credits in the first place? It's easier to just use the actual costs in the customer's local currency than have them try and figure out what exactly a credit/"coin" is worth.

Good lord yes. They introduced it as a much easier way to calculate billing but it's actively turned me off renting a server there. Just tell me how much per hour and per month. Even if it's broken down by resource, it works for Rackspace - that's all I need.

Considering their motto is "No bullshit" you'd have thought they'd just give you the prices and leave you to it

This concept answers to many issues Gandi faced.

* Being "cloud-ish" and have a pay-as-you-go system * Computing a price to use a 256MB of RAM for 3 hours in real currency was too complicated (like, for example : 0.0000174€) * Having no surprise at the end of the month, as some hosting providers compute the global use and bill the consumption at the end of the month (you may have surprise) * Using credits, to create a new server, adding a new network interface, etc, you do not need to buy 'resources' like it was before * There are two interfaces : historic usage of credits by resources, display the credits consumption as what you use in real currency * No multiple expiration date by product/resource * ...

Many of those advantages are described here : http://wiki.gandi.net/en/iaas/references/billing/credits

As usual, any enhancement/improvement is welcome :-)

I prepay for many services that are still able to list prices in real currency:




The latter two do keep track of fractional charges. They deduct $0.01 from prepaid credits once that much is owed. Since you accept multiple currencies, this becomes a bit more complex but still doable. For example, let the user choose the currency to display, or pick a single standard currency (euros?) and use it as your units.

Tarsnap and NFSn choose to refund your prepaid credits if and only if you close your account with them. Not every prepaid system lets you get your prepayments back at all. I am fine with this: I am willing to pay a bit more (prepayment without refund) in order to limit my liability to the amount I intend to pay.

I get what you're saying, but other providers (e.g. Amazon) manage to solve this problem without prepaid credits.

According to [1] French law means they can't store credit card information or directly debit bank accounts. So I can see why a prepay account would appeal to them.

[1] http://wiki.gandi.net/en/billing/faq/direct-debit

we can not store, but we also do not want to store this information (credit card) for our customers safety

BUT, our bank does it for us, so you can now auto-credit your prepaid account using probe (no more credit, auto credit every month, ...)

By probe, you mean scripting? It sounds a bit complicated compared to a checkbox on the payment screen.

No, he meant that it makes it automated to add money to the prepaid from the CB when some conditions are reached. It is indeed just a simple process to register the card at the bank and configure the minimum amount before adding money.

Prepaid doesn't mean you have to deal with credits, though. My phone is prepaid, but the carrier still lists the price in real currency, not fake money.

advantage of credits vs local money is that the cost of credits is lower as you buy it by larger batch. It's a way to reward bigger buyers which would be confusing when using local money ("get credited of €215 when paying €180" ? what about refund ? invoicing unit ?)

And as resources can be micromanaged (per hour, via their api), you'd end up with tiny fractions of local currencies and rounding issues while all credit operations are done on integer afaik.

And also a way for me to have wasted money left over when I stop using the service and can't use up all my credits.

Yes, it is the only reason I don't use them for hosting, even though I've had my domains with them for over a decade. For a company with a motto of "no bullshit", it is really disappointing. Sketchy credit nonsense is about as bullshit as you can get.

One of the big reasons we didn't implement IPv6 on our domain servers https://en.wikipedia.org/wiki/IPv6_brokenness_and_DNS_whitel...

Alternative: http://www.opendns.com/technology/ipv6/

So you didn't implement because of a problem that affects 0.03% of people worldwide?

At the time, 90% of our clients constituted that 0.03%. We're no longer in the specialty networking/server scope.

What exactly led them to all having such misconfigured networks?

Back around the early 2000's we were running something of an ad-hoc VPN of dynamically connected servers. It was somewhat similar to the way Napster worked with one central server and many connected nodes. These connections relied on manual configuration, for the most part, and that did involve a fair amount of tunneling.

Heh. Our infrastructure guys did this to us recently.

Someone thought it would be cool to publish AAAA addresses before the networky folks had configured v6. In production. Laffs were had.

We designed Brightbox Cloud with the scarcity of public IPv4 addresses in mind since day one. Running out of addresses shouldn't be a surprise to anyone! http://brightbox.com/blog/2012/01/11/ipv6-servers/

We're not as cheap as gandi though, heh :)

cheap enough to piggyback/freeload on their frontpage HN appearance...

haha, indeed. I guess I must be the first to do that!

As a side note, I heard rsync.net have ipv6 too, and offer a special HN discount! https://news.ycombinator.com/item?id=6766478

I was going to post a link to Redstation, a UK hosting provider, whom offered a discount of £5/month (approx 10% for their cheapest server) if you took IPv6 only. However, it seems that option has now been pulled sadly!

>who~~m~~ offered a discount

Anybody has experience with Gandi VPS? Let's say compared to Linode or DigitalOcean?

This was a while ago, but Gandi disabled my account - with no warnings - for running a Tor node on one of my VPSes. I then had to send a copy of my passport to eventually get it reenabled. The frustrating thing was that they were also my domain registrar, so during that time I lost all access to my domains as well.

I transferred my domains away after that and decided it wasn't wise to mix services together due to this risk. So now I have domains with Tucows, DNS with Hurricane Electric and VPS with a provider that only does VPS. And I don't bother running Tor nodes any more.

Maybe not for running a Tor node, but Gandi may have received complaints about traffic on this node ?

Gandi allows any service to be run on its platform, abuse is not allowed as it isn't on other provider.

Thus, they must do the necessary legal operations according to the law, policies and their contract.

Not quite. Gandi has a morals clause in their ToS.

From the Gandi blog: (http://www.gandibar.net/post/2007/01/11/Gandi-fights-back-ag...)

  Domains registered with Gandi must be used in accordance with the rights of third parties (copyrights, intellectual property rights, personality rights, etc.), and current applicable laws and regulations. 

  For example, Gandi does not tolerate activity that is morally objectionable or that poses a threat to public order, that spreads Computer Contaminants (Viruses, Trojans, etc.), and/or that engages in fraudulent activity such as Identity Theft.
Some of these things are fairly broad and vague. There's the whole grey area of speech that may or may not violate the rights of a third party. Then you have the whole "public order" thing. Plus, you're potentially dealing with French legal standards, which may be very different than the US standards that I'm used to.

Yes, I had severely underestimated the amount of bad traffic that would pass through a Tor exit node.

Thanks! This is actually very important as I do use them for my 'important' domains as well. Even though I can't foresee any problem like this, it's something to keep an eye on.

Can you provide more details about your situation ?

Here's the email exchange with Gandi: http://pastebin.com/raw.php?i=ra00BxXM

I've used Gandi for the last 3 years and DigitalOcean for about six months. I like both of them but for mostly non-overlapping reasons.

DigitalOcean has excellent documentation and very fast responses to my support queries. Their prices are lower. I'll keep using them and recommending them to others.

Gandi gives me very good performance as well as a few extras that keep me interested. They also offer a broader range of services (like domain registration) and have an excellent track record of supporting good causes. I'll keep using them and can recommend them as well.

If I (maybe unfairly) divide user skill levels up into thirds, I'd recommend DigitalOcean to an average user, and Gandi to those with above & below average needs. Basically, Gandi has simpler products for those new to hosting and also rolls out new things like IPV6 and DNSSEC faster if you really want to test them. These aren't always supported (you break it, you may be on your own) but are available early compared to other hosts.

Rather than look at this as a zero sum proposition, take a look at Gandi's 'supports'[1] page, realise that they continue to thrive despite no advertising, and think about whether you want in on that deal.


I've spent around US$15/month with them for over 10 years and have been very happy with their service and (when necessary) support.

not yet on their VPS offer (but that is my platform for all of my future projects). On every other gandi products I used, I've been amazed by the technical aspect and their support.

I've used their VPSes for a long time, and I must say I really like both their services and the company.

> "RIPE, the organization in charge of delegating IP addresses in Europe, ended the distribution of new IPv4 blocks about a year ago."

This is not true. All new LIRs can still receive a /22 - http://www.ripe.net/lir-services/resource-management/allocat...

Subject to conditions:

> This means that an LIR can only receive a one-time /22 allocation (1,024 IPv4 addresses) if it can justify the need and already has an IPv6 allocation

Interesting deal, but where can I buy one? Can't seem to find a "buy now" button anywhere.

Yay some initiative. It's about time we had the option of saying screw IPv4.

Does anyone know if gandi uses ECC in their servers? This is possibly my biggest problem with the VPS fad, nobody will give you a straight answer about whether or not you can actually rely on them to not silently corrupt data.

As a general principle, just treat no answer as no. Companies that use ECC advertise it. You can also look in /proc/cpuinfo to see if it's a Xeon/Opteron or not.

A few providers seem to use ECC. I know prgmr.com does, although they're not very good at advertising it: http://prgmr.com/xen/

I know for sure that Gandi use ECC in their servers.

Do you work there or know someone who does? If so, can you get them to make that explicit in their documentation?

Yes I work there. You can easily verify it.

Can you get them to make that explicit in their documentation? I can't get the higher ups to approve it without something official.

My opinion: IPv6 is used by nobody, nobody cares about IPv6 except for us tech nerds and in five years it will still be nowhere.

But still, nice if you want to try it out and test with it.

> nobody cares about IPv6 except for us tech nerds

Nobody cares that your app is written in Rails of NodeJS. People care that it works and does what matters to them. IPv4 is doomed to not work at some point so we "tech nerds" have to care and do something about it.

> IPv6 is used by nobody

From the top of my mind, many of the french ISPs have IPv6 ready on the customer side, a radio button click away, while some are even on by default. I can readily assume that today, every worthwhile machine connected to a LAN supports at least IPv6 local scope. Also, every single Mac out there uses an IPv6 VPN (over IPwhatever) when (at least) Back to my Mac is active (ifconfig utun0).

> in five years it will still be nowhere

Unless you settle for impractical definitions of "nowhere" as "not ubiquitous", it is definitely there already. IPv6 does solve real problems today, locally and globally.

> From the top of my mind, many of the french ISPs have IPv6 ready on the customer side, a radio button click away, while some are even on by default.

I think this is one of the key points that certain people end up missing.

Windows Vista and later can do IPv6 by default, recent versions of OS X will do it by default as well. All an ISP needs to do is send a user a router which can handle IPv6 traffic - and suddenly the entire network will start doing IPv6 traffic with places like Google who are IPv6 ready.

It will just happen! Add the IPv6 ready equipment and the traffic will flow. The only problem is certain ISPs who are still stuck with their heads in sand, not providing IPv6 connectivity, and still providing customers equipment which can't deal with IPv6 traffic - some of which might not be possible to upgrade.

Nobody, except for between 2 and 2.5% of Google's users (http://www.google.com/ipv6/statistics.html).

And doubling every year:

January 2011: 0.24%

January 2012: 0.41%

January 2013: 1.07%

Not-quite January 2014: 2.54%

Which means that it will be ubiquitous within 5 years, if it carries on this trend.

2015: 5%

2016: 10%

2017: 20%

2018: 40%

2019: 80%

Not quite ubiquity. Also, expect some flattening of the growth rate.

I actually expect it to accelerate. Once it has significant takeup you start to look bad if you don't support it, which will add to the drivers for ISPs to implement it.

I know of several German ISPs (Kabel Deutschland, MNet) that don't even give you a dynamic IPv4 IP anymore, but use Dual-Stack Lite (that is, IPv6, and carrier-grade NAT to access public IPv4 addresses). Oh, and they limit the ports (and thus connections) you can have open at a time, to something like 1000. I wouldn't want to have such a connection.

They started rolling out IPv6 in some regions Q1/Q2 2013 [1]. I for example still can't use IPv6 :/

I'd also like to mention that we do not have a static IP, it just changes less often than it did with DSL.

[1] http://www.kabeldeutschland.de/portal/faq/article/id/631 (German)

How do you get an IPv6 address from Kabel Deutschland? I'm in Berlin and it's still IPv4 only.

I'm on Kabel Deutschland and have a static IPv4. Is that a regional thing only?

Could be regional (I know it from Nürnberg area), or new vs. old customer.

If you intend to host your service behind something like CloudFlair it doesn't matter that some users don't have IPv6 yet: they'll contact the cache service via IPv4 and it'll contact your servers as needed via IPv6. The end user doesn't have to care, or even know at all, and you have just made a saving by not having to pay for IPv4 addresses.

People will start to care when IPv6 takeup hits critical mass and we start seeing services optimised for it. When people start seeing services they want to use not working as well through layers of NAT, they start asking their ISPs why they are having a problem and their friends on other ISPs aren't. Maybe at some point services will start charging a premium for IPv4 access (so IPv6 users aren't subsidising those who haven't moved forward yet) like on retail business did for IE6/7 users (http://www.bbc.co.uk/news/technology-18440979) then people will care. That seems extreme though and might alienate users, less severe option would be to serve more adverts.

There are some places where things are already heading towards being IPv6 only. A friend of mine noticed this when out east for a work related trip, the hotel he was in provided Internet access but IPv6 only internally. They provided a 6-to-4 gateway so IPv4 only sites worked fine (with everyone from several places looking to be coming from the same address) but your device had to speak IPv6 to connect to the network in the first place (which his phone didn't).

I'm just waiting for when we get to the point where there are thousands of users behind the same ipv4 address and one of them gets the ip banned from something popular. I'm sure customers would start caring then.

Or worse, someone does something incredibly wrong from that address (arranges a bombing, posts kiddy porn, or so forth) and the police arrest everybody associated with the address just-in-case...

In same way, no one except 'us tech nerds' care about IPv4. Why would anyone who does not have to work with it, or have an interest in tech, care about protocols?

I wonder who else but tech nerds should be interested in IPv6?

I'm quite sure Gandi targets who you call "tech nerds" - and they promote v6 also in that move. IPv6 has a future, I bet

(For what it's worth, I should disclose the fact that I work for Gandi, as requested by a colleague wrt our policy. Thanks Amy, I believe the point is still valid as-is and we followed the no bullshit stuff ;)

I have an IPv6 ISP in Canada (Teksavvy), and quite happy with it (except for the lack of reverse-DNS). I'm too cheap to pay for a static IPv4 netblock at home, but IPv6 works fine to manage the ton of publicly-accessible VMs and other services (wifi mesh network) I run from home.

When I'm working from outside home, I use a tinc VPN to access my IPv6 services, and also redirect my IPv6 traffic through my home network.

Other fun experiment: if you are ipv6-enabled, look at the percentage of bittorrent peers who are in ipv6 vs ipv4. IPv6 is growing.

I don't think so. Many people already use it even though they don't know they're using it.

It will be a deal in 1-2 years. The world rotates fast these days.

I'm seeing increasing numbers of IPV6 connections to our services. I wouldn't be surprised if it grows very rapidly now.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact