I have multiple of some of the services and I plan to get the most use out of the ip's using port forwarding like you suggested but it might not be enough. Even plan on hosting websites on ipv6 only then let cloudflare act as a cdn for them just so they can provide ipv4 addresses to customers.

These are all just hacks around the issue that the ipv4 address space was exhausted in europe Nov 2019 https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addr... we need to start moving to ipv6 and virgin are the biggest blocker for this in the uk at the minute.

right - but you have no control over VM deploying v6, whereas you do have control over how you deliver services.. deploy a layer 7 device (WAF) that can route traffic based on hostname, for example. so when customer A initiates an sftp connection at sftp.customera.com the WAF routes the traffic to on server on the back end and sends sftp.customerb.com to a different server.

for what it's worth, I agree - VM are dragging their feet and should have launched v6 a long time ago - it's lazy (imho) that they're lagging so badly here. but as someone maintaining a business that services VM customers, you have to work around it - it's on you.

I will work around it best I can. I can also try to moan at virgin the best I can to get them to be less crap. Not holding out much hope though.

Was thinking of starting a change.org petition but looks like someone beat me to it https://www.change.org/p/virgin-media-deploy-ipv6-to-your-customers signing up now encourage you to do the same.

Zen will give me a /29 or a block of 8 for £7 a month, I would have thought your DC leased line provider would be more than capable of giving you a block of 8 if they're giving you an Internet access service. I didn't have to pay anything for a /48 IPv6 prefix.

As for presenting various Internet services, you don't need a massive block of IP addresses because you have 50 sales people. You can NAT on the firewall to a block of servers using private IP addresses. DNS translation means you can have domain1.com and domain2.com on the same public IP and your firewall will translate the request to the correct private server.

I do agree VM should get sorted out and enable IPv6, but with your network I'm honestly questioning what you and your provider are doing. Why would you need to host on IPv6 addresses and then get a CDN like Cloudflare to do NATing for you?

I think you really need to speak to some professionals about this. I work in this business for a living, and while I can't know your specific business requirements offhand, nothing you've said seems complicated. On a scale of 1-10, what it seems like you want to accomplish I'd barely rate more than a 2 or a 3.

I have never heard of dns translation working like that. So if I wanted to run 2 smtp servers on the same public ip how would that work with dns translation on my firewall ? 

Zen already own a ton of addresses so can lease them to you. Any new providers are out of luck though as again we exhausted all our ipv4 addresses Nov 2019.

Cloudflare don't nat they are more of a proxy. If you tell them to cache for a subdomain they will present their local dc ip addresses to any client dns requests. Then they serve all requests for that subdomain and then proxy all traffic back to one of my ipv6 addresses if they don't have it in their cache or it was uncachable.

There are two guaranteed ways to fix things in computing. Turn it off and on again, add one more layer of indirection.

Also to the user that wants two devices to share the same ip address. Please don't do that , hacking away at keeping the status quo when ipv6 is the actual solution to all these issues.

Also sign https://www.change.org/p/virgin-media-deploy-ipv6-to-your-customers 

I'm not disputing that certain applications would definitely work better with multiple IP addresses, the idea of having to do policy based routing everywhere, or create millions of port forwarding rules makes me shudder.

For SMTP you'd have it so the DNS record for the mail server points to your public IP e.g. 1.2.3.4, and translate it so say mailserver1.yourcompany.com goes to 192.168.0.1, mailserver2.yourcompany.com goes to 192.168.0.2, and so on. Mail hosting providers provide a lot of mail servers behind only a few IP addresses just fine.

Going back, as I said, you should be easily able to get a block of IPv4 addresses from your Internet provider. If I was a business with a leased line and provided Internet access, I would expect to get a block of addresses from whoever I chose with no issues. There are no more unassigned addresses, there are plenty of spare ones. If Virgin Media had none spare for example, they'd be forced to run CG-NAT all over the place and you wouldn't get a de facto static IP address from them.

If you've gone with a new provider with no IP addresses to provide your data centre connectivity then to put it bluntly I can only say that's a very poor choice. Any reputable provider would scope this out as part of the solution. If I went to Virgin Media Business for an Internet access leased line and said "Virgin, I want a /29 subnet for my servers I'm hosting", the only response I'd expect is "no problem, it will cost you this much".

I find it very difficult to accept at face value you have a business leased line to your DC with Internet access, and a provider can only give you a /30 subnet. The only circumstances I would see this happening is you've gone for a cheap product instead of a leased line, like taking out a VM cable connection for business. In which case yes I can see the provider saying "sorry we only give these to people who pay us thousands a month".

Doesn't add up.

Still confused how does this dns translation work for smtp. Tcp doesn't connect using dns names just ip addresses so by the time it reaches my smtp server mail1.example.com and mail2.example.com are the same thing if pointing at the same ip address. 

Virgin leased lines don't do ipv6 so not a chance Im using them. I spent quite a few years being ignored by my virgin media business account manager as well so not going back to that. My provider has to buy ipv4 addresses from a broker which is why they are trying to give me as few as possible. This wasn't even an issue for ipv6 they went here have a /48 for free straight away.

Limiting the isp market to the incumbents because they have enough ipv4 addresses is a terrible idea. Ipv6 solves this issue completely but for some reason virgin don't want to support it. Wonder why ?

Again, if your provider can't give you IPv4 addresses then I honestly have to wonder who you've gone for. And why it wasn't scoped out as part of the solution. If I was designing your service it would be one of the first questions I would ask you - what are you trying to achieve. This is so basic I would expect to go to any provider on the market and not have any issues. I know (and have worked at) some truly awful providers and even then this would be child's play.

I was a bit mistaken with the DNS translation, you'd have to have a mail relay server which uses a public IP and internal DNS and passes it over to the correct mail server using RFC 1918 addressing. Been a while since I looked at this. In any event, multiple IPs would be far superior I agree.

I'm left scratching my head on how you can possibly end up in a situation like this.