I will never buy hosting (and trust it with personal data) from a website with no information on the company behind it. All legal information you provide are in a Notion file?! The place which would make the company address public is the Data Processing Agreement, which is "talk to us". It seems like you want to intentionally hide your legal entity, which isn’t very trustworthy.
Edit: The ToS say "The Website is offered by canvay.io, located in Karlsruhe, Germany". Dude, with all due respect, get your shit together. As a German citizen/company, you MUST publish an imprint with a company address, a VAT etc. [1].
It looks like a genuinely nice service, but it is just a matter of time until someone sends you a cease-and-desist order, which will be a lot more expensive than getting a proper imprint. And also, you'll earn more trust.
If you incorporated as a sole proprietator and want to protect your private address, sign up for a desk at a local coworking space and put that address online.
Thank you so much for this news! I have completely missed it. I've been scaling with terraform for so long, I didn't login to the dashboard to see the news pop-up.
This is great, not only can you drop IPv4, you can also drop both IPs and have a private network only VPS. I've got my weekend work cut-out :)
In case someone is wondering, the price reduction for dropping IPv4 (no price change in dropping IPv6) is 0.60 EUR (including 19% VAT)
I experimented with an IPv6-only home network some time ago. It's worth remembering that DNS64 + NAT64 only help you connect to IPv4-only hosts that you resolved through DNS. Anything that gets its IPs another way, say a BitTorrent client that gets peer IPs from trackers / DHT, or something that insists on using DNS-over-HTTPS to some other unforgeable DNS server, will be unable to connect to v4 IPs.
That said, it's not clear if these VMs have outbound NAT for IPv4 or not. If they do, then what I wrote above won't be a problem.
I'm no datacenter host but NAT64 solutions exist (and have existed for a long time, actually). More recently, 464XLAT seems to be actively implemented, fixing many of the shortcomings of individual workarounds.
Your server won't be reachable over IPv4 from the outside, but it'll work to access most IPv4 exclusive services.
Alternatively, simple carrier grade NAT, possibly using 4over6, can also work. You would provide servers with an internal IPv4 address that would get NAT'ed just like on residential homes.
I did notice that about half of the connections on a regular bittorrent session seems to be IPv6, so I'd expect it to work fine, although perhaps a bit slower since there are less hosts you can connect to.
Another thing to consider is that if you're torrenting you might already be going through a VPN so if you can get a v6 address to tunnel through you can get v4 traffic going through the VPN interface that way. I use WireGuard forwarding with v6-only boxes (they don't torrent, though)
It looks like they're based on Hetzner. I would guess they are building on Hetzner's dedicated servers. Not that that's a bad thing, I'm a big fan of their dedicated servers.
Source: The IP listed in one of their examples is 2a01:4f8:a0:380b::1. If you lookup the ASN it points to Hetzner.
I asked RCN for IPv6 every year or two since 2010 at dslreports. They've changed their name to Astound, since then. It may be Astounding, but they still have no IPv6.
It's OK. I've decided that even when my house has IPv6 native, the Hurricane Electric tunnel is still quite useful to me. Static addresses are always nicer than dynamic.
I understand the sentiment, but I won’t accept the latency penalty. ISPs shouldn’t be doing dynamic prefix assignments anyway because it breaks too much.
Depending on lots of things, it's easily possible that IPv6 via a he.net tunnel gets you better routing than via your carrier directly. I haven't tested, but my current ISP is stingy at peering, and HE.net is well connected on ipv6. They've got a tunnel endpoint at the large internet exchange in the big city near me and my ISP runs all of my traffic through there anyway. Of course, my ISP doesn't run native IPv6, so 6rd vs a configured tunnel is the same overhead; if there were native v6, you do save 20? bytes per packet, which can be significant.
Mythic Beasts have been offering v6 only for years on their virtual and dedicated hosts - I've got a VPS with them with only v6, no point in paying for v4 if I don't need it.
They point out that offering v4 as a separate line item leads to conversations with accountants about "what's this line item, and do you actually need it?"
>They point out that offering v4 as a separate line item leads to conversations with accountants about "what's this line item, and do you actually need it?"
"Yes, if we don't have it, we can't reach ~60% of the world's Internet users."
Maybe it is still a fair question for machines that should only be reachable by other machines you fully own (like database servers and so on)? Just thinking out loud.
Hetzner VPS instances don't need to have public IP addresses.
>Assign Primary IPs to your server to establish a connection to the internet. Or create a private-network-only cloud server by not adding any Primary IPs at all. You can change the selected network option at any time.
Yeah, most people assume that pods are not exposed to the Internet so you'd probably want to block that. But using GUA addresses for pods is a good idea because it eliminates NAT and overlapping IPs.
Doesn't mean you have to expose it. V6 direct to ClusterIP/LoadBalancerIP/ExternalIP makes more sense and CNIs like Calico have this functionality as a first-class citizen.
Why would you not firewall those off? You could use different subnets for internal traffic and exposed deployments just like you can on IPv4. It's all just a naming scheme more than anything, though it's one which you can make work across firewalls if you disable enough firewall rules on both sides.
Functionally, there's little difference between a private /8 or a DHCPv6 /64 except that you can serve even more hosts.
This would be pretty amazing if you could price it right.
I don’t think AWS will maintain its dominance organically forever. Cracks are already showing. There are too many expensive managed services; maybe fine if you have the budget, but for cash starved startups? Maybe a dead simple cloud provider that goes 90% of the way is good enough.
Yeah, I just looked into setting up a private CA to avoid having to store the private key manually, and it’s like $400 per month. I’m just not going to pay that. Comes in cheaper to pay someone to take a USB stick to a bank safe and fetch me that anytime I need to sign a cert…
Having just gone through that for the company I work for, a cloud based HSM that is compliant and attested for the key storage and an API around issuing/revoking/auditing certificates would cost a lot more.
So you're not paying for the private key storage, you could do that in AWS KMS for like $1/month. You're paying for the CA API.
But what if I don’t even need a HSM, but just somebody to store a CA certificate for me? Even if they just put it onto some storage and encrypt it with a KMS key, that’s more than enough for a vast amount of use cases. I don’t need government grade security. I just have some internal services that need to use a trusted certificate, and don’t want to maintain a server with storage myself, just for that.
Your website says you're planning to put servers in the U.S. - wanted to plug Dedipath: https://dedipath.com/
I'm completely unaffiliated but I had a chat with their CTO Ernie Quick a few weeks back. They seem like a cool team, are pretty reasonable with how they approach billing and network, and they cover the initial rack and stack if you mail them the hardware. They're also the only colo provider I found servicing my area that offers upfront pricing in a Digital Ocean style web UI which I thought was cool!
The reverse proxy is a nice idea. Any reason not to offer a "get a TCP port redirected to you" in a similar fashion? E.g. I run a VPN server for my mobile clients (wireguard), which sometimes only have IPv4 connectivity (e.g. office wifi). A 9 Euro node with an IPv6 and one random-but-static IPv4 TCP port would be enough for that, while the pure IPv6 node sadly wouldn't work for that.
You could put it in tiers: S gets 1 port, M 4, L 16, XL 64,...; or something like "get a chunk of 50 ports for 1 Euro/y extra"; or combination of both.
@canvayio I tried to signup, but it kept complaining about me coming from a VPN... eventually I had to enable a VPN to a customer-network to actually be able to signup, instead of originally, without VPN from my home (with v6-tunnel though)
Granted I was using IPv4, but I've had a lot of trouble using Wireguard to my Linode server for casual browsing. Google became unusable with repeated captchas, several gaming apps blocked my login. I wish web owners wouldn't automatically classify datacenter IPs as malicious. There must be better ways to block spam/bad actors than by the classification of their source IP.
It's sad that we still need NAT64 at this point, especially for a server that's only serving IPv6 requests anyway. At least it brags a complex DS-lite setup at the cloud provider, I suppose.
Hetzner Cloud introduced this feature lately too. Public Ipv4 and ipv6 are optional (you can connect the servers to a vnet). Not requiring an ipv4 gives you 0,50€ discount per month.
In American English and the Queen's English, "I don't have IPv6, how to access my node?" is bad grammar and should be "I don't have IPv6, how do I access my node?". As a German selling things in Euro, you are clearly using International English and are free to make your own rules - (I do see this sentence structure a lot with non-native speakers). If that is the standard, us Americans will happily mind our own business. Not sure about the Brits.
One thing I would find useful in the situation is a shared IPv4 machine that will do host-based HTTP(S) proxying. This way, I can have an AAAA directly to my IPv6 and an A pointing towards the shared machine for those who can only do IPv4.
Github works just fine, all VMs come preconfigured with a NAT64/ DNS64 nameserver server so you can reach IPv4 only systems as long as you try to resolve them via a domain.
Alright, that’s totally understandable. As a service provider grows, it needs to obtain more and more IP blocks. Are there ongoing costs to owning a block of IPv4 addresses, or is it just a one-time purchase fee?
There technically is an ongoing fee to keep your membership (at least with ARIN there is) but it's so small to be meaningless.
Some providers rent their ipv4 blocks rather than purchase them, because the smallest volume you can buy in is 1024 addresses which is pretty expensive, especially for newcomers. In that case there would be an ongoing cost.
You can get /24's (256 addresses), you don't need to get a /22. Anything with a longer prefix is not generally allocated by regional internet registries, and won't usually be accepted over BGP.
Edit: The ToS say "The Website is offered by canvay.io, located in Karlsruhe, Germany". Dude, with all due respect, get your shit together. As a German citizen/company, you MUST publish an imprint with a company address, a VAT etc. [1].
It looks like a genuinely nice service, but it is just a matter of time until someone sends you a cease-and-desist order, which will be a lot more expensive than getting a proper imprint. And also, you'll earn more trust.
If you incorporated as a sole proprietator and want to protect your private address, sign up for a desk at a local coworking space and put that address online.
[1]: https://de.wikipedia.org/wiki/Impressumspflicht