New IPv6 Allocation? Not Sure How To Slice It Up?

Many of us network engineers want to get IPv6 going on our networks, but there aren’t very many good guides on the actual subnetting that needs to be done. I’ve developed a plan that I have deployed, and I figured it would be a good idea to share it.

Of course, please keep in mind that this is only a general guide, and that your needs may vary.

For this example, we are going to use the RFC3849 IPv6 Prefix Reserved for Documentation, which is 2001:DB8::/32. This gives us:

   |         n bits (32)     |        m bits (32)      |       128-n-m bits (64)    |
   +-------------------------+-------------------------+----------------------------+
   | global routing prefix   |        subnet ID        |       interface ID         |
   +-------------------------+-------------------------+----------------------------+

From here, we subnet our /32 into /48′s. We will use one /48 for each site. This means for site A (site 0001) we will use 2001:DB8:1::/48.

Next, we break up each site’s /48 into subnets with a /64 prefix length. There have been many discussions about using different subnet sizes for point to point links, including /127 and even /112 (which makes for a nice clean address), but in the end there is no real reason to not follow the RFC and use /64s everywhere. Since we have a /48 per site containing /64 subnets, we have 16 bits (four digits) to subnet with.

Router ID and Point to Point Subnets

We will need to reserve a couple /64s for Point-to-Point links and router loopback addresses. For router loopbacks, we can reserve FFFF (which is the last available subnet). I personally chose to make my router loopback addresses match my IGP router-id. For example: 2001:DB8:1:FFFF:192:168:255:101/128 for the router with the router-id 192.168.255.101. At first glance, you might think it doesn’t make sense to use an IPv4 address in the IPv6 loopback address, however you must consider that the router-id is not an IPv4 address. It is simply a 32-bit number in dotted-decimal notation.

For point-to-point links, we will use the next highest subnet (FFFE). The number scheme is largely arbitrary here, but in my case I chose to use a simple link ID number. For example, I might make my two uplinks to my core switches 2001:DB8:1:FFFE:1::/64 and 2001:DB8:1:FFFE:2::/64. You get the idea.

General User Subnets

For user subnets, addressing can be done in one of two ways. The first is to simply use the VLAN number. For example, for VLAN 137 you might use 2001:DB8:1:137::/64. With the understanding that “137″ in this case is actually hexadecimal, and is equal to the decimal number 311. We simply use 0×137 because it makes things easy to read, with the understanding that this could have the potential for a lot of wasted address space. The issue with this method is that it is not possible to summarize.

The other way to subnet for users is to do something like 2001:DB8:1:bb00::/56 per building, where bb is building number. You would create your /64s using 2001:DB8:1:bb:ss::/64, where ss is service ID. In our case, we had our IPv4 set up in a hierarchy: 10.bb.0.0/16 per building, and 10.bb.ss.0/24 per service. By “service” I mean things like 10 = wireless, 20 = printers, 30 = faculty, 40 = labs, 50 = dorms, etc. So we might use the IPv6 subnet 2001:DB8:1:1320::/64 to represent building 13 printers (service ID 20). Again, this carries the caveat that obviously 0×1320 is not an accurate decimal representation, and again has the potential to waste a lot of precious address space. This method also breaks down once you have more than 99 buildings, however you can start playing with hexadecimal values if need be. Again, you get the idea.

Summary

Obviously every environment is different, but hopefully this gives you some general ideas of ways you could subnet your IPv6 address space. If you have any other suggestions, please feel free to leave a comment!

Filed under: Network by Chris Jones on January 15, 2011
3 Comments »

3 Responses to “New IPv6 Allocation? Not Sure How To Slice It Up?”

  1. Andrés Mijares, on January 16th, 2011 at 12:44 AM Said:

    Actually Operating systems are implemented following the standard /64 IPv6 network IDs so things could have a stranger behavior if you differ from that path.

    So far in my work experience I’ve realized that is a common practice to assign the same IDs to both (v4 & v6) which I think is not a bad idea (as you said is better for reading), for example:
    IPv4 address: 10.100.5.8/16
    IPv6 address: 2001:XXXX:XXXX:100::5:8/64
    (Network ID = 100, Host ID = 5.8)

    Each Company have their own politics so it’s up to you to decide it… the main point is whatever the method you choose, a solid plan and documentation are required, these days ISO20K auditors are very aggressive evaluating the justification for network addressing plan based on IPv6 than they used to on IPv4.

    This is a great topic, would be great to hear others opinions.

    Kind Regards

    @andrewkthx

  2. Chris Jones, on January 17th, 2011 at 12:20 AM Said:

    @Andres: Well sure, everyone knows to only use a /64 for host allocation. The suggestion to use anything else is for point to point links. Using /127 and /112 has been suggested, but in reality they don’t really gain you anything.

    Your addressing method works if you’re using DHCPv6, but obviously wouldn’t be the case if you’re leaving things to autoconfiguration.

  3. IPv6 for Enterprise Networks – Review | The Networking Nerd, on May 1st, 2011 at 5:27 PM Said:

    [...] have been some great posts about IPv6 for the common man from people like Jeremy Stretch and Chris Jones but there is a segment of the population that would rather read about the subject from a vendor [...]

Leave a Reply