IPv6 Addressing Tips for ISPs

Alejandro Acosta
by Alejandro Acosta
An operator’s general schema can be compared to a small-scale IANA-RIR schema.

Generally speaking, a provider who obtains an IPv6 address block from its RIR must have an IPv6 addressing plan (just as for IPv4).

Thanks to the huge number of available IPv6 addresses, it has become common practice to assign certain specific block sizes for specific purposes. For example:

  • a) Address blocks for WAN networks
  • b) Address blocks for LAN networks
  • c) Address blocks for loopback interfaces in various devices
  • d) If necessary, address blocks for ULAs (Unique Local IPv6 Unicast Addresses, RFC 4193)
  • e) Address blocks for the network’s core
  • f) Address blocks for customers

For security reasons, blocks and addresses are not assigned consecutively – keep in mind that IPv6 address space is huge and our goal is to make our implementation as secure and vulnerability-free as possible.

Best practices recommend the following:

  • /64s should be assigned for loopbacks
  • /64s for LANs
  • /64s for WANs (otherwise, assign a /127 and reserve the /64)
  • /48s for POPs

It is very important to change our way of thinking, as we are no longer dealing with IPv4 and the need to save address space is no longer a concern.

In practice, we will work with the bits between /32 and /48. It’s actually quite simple. Remember that IPv6 is divided into eight 16-bit fields. What we will now do is play around with some of these fields. In our example, we’ll do the following:

[___ NET ID __ ]  [Subnet]  [Division]   [________  Interface ID ____________]

2001:0db8:0000:0000:0000:0000:0000:0000

[C1]          [C2]         [C3]          [C4]       [C5]       [C6]        [C7]        [C8]

In this case, we’ll use the third field of zeroes (subnet). Here we have 16 bits, enough for 65,536 subnets which we can create to satisfy various needs. A possible addressing plan could be as follows:

Addressing Plan (high level):

a) Loopbacks:

  1. Grab the whole 2001:db8:00000000::/48
  • 2001:db8:0:0::1/64 Loopback #1
  • 2001:db8:0:1::43/64 Loopback #2
  • 2001:db8:0:2::00A7/64 Loopback #3

b) LAN Segments:

  1. Grab the whole 2001:db8:00E::/48
  • 2001:db8:000E:0::/64 LAN Segment  #1
  • 2001:db8:000E:23::/64 LAN Segment  #2
  • 2001:db8:000E:286::/64 LAN Segment  #3

c) WANs

  1. Grab the whole 2001:db8:005A::/48
  • 2001:db8:005A:0::/64 WAN Segment  #1
  • 2001:db8:005A:42::/64 WAN Segment  #1
  • 2001:db8:005A:0C2::/64 WAN Segment  #1

d) POPs

  • 2001:db8:00D9::/48 POP #1
  • 2001:db8:139::/48    POP #1
  • 2001:db8:02FD::/48  POP #1

Additional comments:

1) The assignment of IPv6 prefixes according to service type is worth a brief note. Example: Imagine a datacenter that offers its customers shared hosting services as well as dedicated servers (either physical or virtualized servers). In this case, the service provider can assign different /48s to both platforms. Advantages of this scenario include:

  • Easier to manage quality of service within the provider’s network
  • Flexible, per-service /48 BGP announcements
  • More detailed management of VIP customers
  • Easier troubleshooting

2) Finally, organizations present in multiple countries, provinces or states can implement simple, fun things that will bring long-term benefits. For example: If the company has presence in Argentina, Colombia and Venezuela, the corresponding country codes are 54, 57 and 58. Now check out the third field in the following IPv6 addressing plan:

Block: 2001:db8:0:0:0:0:0:0/32:

  • Argentina:         2001:db8:54:0:0:0:0:0/48
  • Colombia:         2001:db8:57:0:0:0:0:0/48
  • Venezuela:        2001:db8:58:0:0:0:0:0/48

In the case above we used the country codes, but we could also have used state or province codes. Moreover, the third field could be used for the country code and the fourth field for the state.

  • Venezuela: 2001:db8:58:212:0:0:0:0/56  (212 = Caracas)

We hope you find this information useful.

For more information, please visit: www.lacnic.net