Failed Digital Ocean deployment

So... I was going to use Digital Ocean. As it turns out they have some filtering on IPv6. When I started the switch the first thing I noticed was the lack of ability to freely setup rDNS. For the most part this was a non-issue but it would of been nice. Instead rDNS is automatically set to the droplet name.

Next part I get everything setup. Gateway server is up. Production server is up. Development server is up.

Mail stuff is tested and working ok. Then I later come across an issue. Apparently Digital Ocean pipes through Hurricane Electric. Well there is an issue there. Hurricane Electric blocks outbound smtp and irc by default and I just checked... They don't even unblock smtp unless you email them with justification now. It only affects accounts created over the past few years though. Luckily mine predates that so I can unblock freely if I want but that doesn't seem to apply to others.

Anyways it looks like Digital Ocean inherits it due to a number of factors.

Their assignment pool is a /124. That's 16 addresses. It would be enough for most users but due to certain assumptions and (apparently) RFC standards (feel free to correct me here) mail servers will block a whole /64 if an IPv6 address goes awry. I think it is because a /64 is the minimum recommended allocation to end users from ISPs.

I'm assuming they block outbound IRC as well although it hasn't been throughly tested. The servers I connect on used non-standard ports anyways like 6697.

Regardless after finding this out I decided to make the quick move back to Linode and here we are. The server is running on the lowest droplet end. That's 2GB ram and 24GB SSD storage. Should be plenty eh?

Oh don't get me wrong. I did pickup a few new tricks with my short stay on Digital Ocean. One of them involved learning that I could do zfs on a file and it does work on Linode however btrfs may be a better option. Currently on Linode I have to do a distribution kernel for zfs and I don't think Linode will be adding support for it anytime soon (it isn't mainline yet). Btrfs however is and support is there already. This is mostly for LXD however and I'll only be setting up LXD over on my development server so it won't affect production. Good grief!

Either way when I tried to enable zfs on Digital Ocean it essentially froze the droplet and prevented it from booting... Only affected it during boot though.

Source(s):
http://pixelschatten.net/blocked-ipv6-ports/
https://sunweavers.net/blog/node/38
https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/5914490-give-users-ipv6-64-blocks-when-you-roll-out-ipv6

Robert Pendell

A techie with several years of private experience in the industry. I've dabbled in many things with tech and server administration. Oh and I love my anime so I might mention it once or twice here.

Newburg, PA, USA