HOWTO Subnet IPv6 for Network Links18 Aug 2010
I've previously posted some information on IPv6 subnetting on my personal blog http://www.clarksys.com/blog/2009/03/12/howto-subnet-ipv6/. With Phyber's recent expansion into our One Wilshire Annex space the opportunity presented itself to update and correct some of the initial IPv6 allocation and configuration that was done.
First some background... an IPv6 address is comprised of eight (8) blocks of four hexadecimal digits separated with a colon ":". Each digit can be either a number [0-9] or a letter [a-f] for a total of 16 possible combinations per digit. 16^4 (yes this should be written 2^16) gives 65,536 possible combinations per block. The double colon "::" abbreviation is commonly used in place of all zeros. This double colon can only be used once while specifying and address.
The default IPv6 allocation from a RIR for an ISP is a /32. For reference Phyber's subnet is 2607:f238::/32 and will be used in this post. Sipcalc (a very cool utility) spits out this information on the Phyber subnet:
MaxMini:~ mclark$ sipcalc 2607:f238:0:0::/32
-[ipv6 : 2607:f238::/32] - 0
Expanded Address - 2607:f238:0000:0000:0000:0000:0000:0000
Compressed address - 2607:f238::
Subnet prefix (masked) - 2607:f238:0:0:0:0:0:0/32
Address ID (masked) - 0:0:0:0:0:0:0:0/32
Prefix address - ffff:ffff:0:0:0:0:0:0
Prefix length - 32
Address type - Aggregatable Global Unicast Addresses
Network range - 2607:f238:0000:0000:0000:0000:0000:0000 -
Notice the Expanded and Compressed addresses above.
The next thing to point out is the major IPv6 subnet boundaries. For example:
| | | | | | |
| | | | | | - /112 Subnet
| | | | | |
| | | | | - /96 Subnet
| | | | |
| | | | - /80 Subnet
| | | |
| | | - /64 Subnet
| | |
| | - /48 Subnet
| - /32 Subnet
- /16 Subnet
I've included /80, /96 and /112 for reference but I am going to tell you to completely ignore them and I will explain why.
In my initial IPv6 subnetting I was faced with two initial issues a) what do I do about our router loopback addresses, and b) what do we do about the point to point links. The first was easy, in IPv6 a single host is represented as a /32 this maps directly to an IPv6 /128. The second not so much. With IPv4 we have specific space constraints and as such have been conditioned and use /30 subnets for links (two hosts, with a network and broadcast address = four IPs). A /30 would be a /127 in IPv6 parlance, however a quick Internet search will point out all of the potential evils of using /127s and tell you to use /126s instead. And at the same time tell you to always, and I stress ALWAYS use /64s when assigning a network.
Now a /64 is a huge amount of IP space. It's 2^64 or 18,446,744,073,709,551,616 IPs to be exact. That's a crazy huge number, in fact I had to look up how to pronounce it. 18 sextillion, 446 quintillion, 744 quadrillion, 73 trillion... IPs. The idea of using a network with 18 sextillion IPs in it for a router to router link seemed a little crazy to me. And then I found this presentation by Matsuzaki 'maz' Yoshinobu:
The presentation is a quick read and spells out the technical difference between a /127 and a /126 and reinforces the concept use of a /64 for all networks.
This was the eureka! moment for me, and the following points became crystal clear:
- An ISP is allocated a /32
- The ISP is supposed to break this into /48s for customers (there are 65,536 /48s in a /32)
- The /48s should be subnetted into /64s (- )there are 65,536 /64s in a /48)
- Always us /64 subnet boundaries for everything
Even "wasting" IPv6 addresses, how many networks have more than 65,536 network links? If you do, you can always allocate another of your 2^16 /48s available.
So for Phyber this resulted in the following network plan:
2607:f238:0000::/48 allocated for internal use
2607:f238:0000:0000::/64 allocated for loopback addresses
2607:f238:0000:0001::/64 allocated for internal server segment
2607:f238:0000:0002::/64 link #1
2607:f238:0000:0003::/64 link #2
2607:f238:0000:0004::/64 link #3
2607:f238:0000:0005::/64 link #4
2607:f238:0001::/48 first customer
2607:f238:0002::/48 second customer
2607:f238:0003::/48 third customer
and so on and so on.
If you refer back to the presentation I mentioned earlier there's notes about the potential dangers of /64s on network links and why people intuitively want to subnet to a /127 or a /126. We ended up splitting the difference and actually subnetting the /64 for the network link to a /126.
IPv6 is a very large pool of IP space - to paraphrase my favorite quote so far "IPv6 has 340 undecillion unique addresses (that's a 39-digit number). If IPv4 is a golf ball IPv6 is the sun." Trust me, don't try to over think this. Just follow what all the RFCs say and use /64s for your network links.
If you want to read more I found the following links to be very helpful in understanding how to properly subnet IPv6: