IPv6 Address Planning

Agenda

• Strategies of IPv6 address management
• IPv6 Subnetting options
• BCOP - IPv6 Subnetting
• Ideas for IPv6 address usage

Strategies of IPv6 address management

What is an IP addressing plan?

• An IP addressing plan documents the way how IP addresses are applied and used inside a network
  • An address plan can cover IPv4 and IPv6 addresses
  • Most organizations have some kind of IPv4 addressing plan
    • On paper
    • In a spreadsheet (Excel etc)
    • On inside an IP address management software (IPAM)

Topics of an IP addressing plan

• How the IP address space is requested from RIR/LIR
• How the IP address space is subdivided into sub-nets
• How different IP address space is being used (backbone, back-office, data-center etc)
• How IP sub-net information is managed in the network
• How IP addresses are configured on network devices (manual, DHCP, SLAAC …)

Goals of an IPv6 address plan

• Eases network administration
• Design of an expandable network
• Helps enforcing security policy
• Helps aggregating (internal/external) routing tables

IPv6 addressing

• IPv6 addressing strategies have to decide between potential conflicting goals
  • The IPv6 address plan should be familiar to the administrators and users. It should be similar to an existing IPv4 network
  • The IPv6 address plan should make good use of the new IPv6 features that don't exist in IPv4. It should not inherit restrictions from the existing IPv4 network

IPv6 Address plan options

• Match IPv4 addressing include VLAN ID
• By use type
• By location
• Combinations of the types above

IPv6 Subnetting

IPv6 Subnetting Best Practice

• Splitting networks at 8bit or 4bit boundaries reduces complexity
  • Subnet boundary is between two hexadecimal digits

Bits for IPv6 Subnetting

• The normal IPv6 Addressing scheme leaves 16bit for address planning


  

Bits for IPv6 Subnetting

• Fixed addressing uses the rightmost side of the bits


  

Bits for IPv6 Subnetting

• Variable addressing uses the rightmost bits for one category, and the leftmost bits for other


  

Bits for IPv6 Subnetting

• Variable and fixed addressing can be combined, or centermost bit addressing can be used


  

Mapping the IPv4 network scheme


• A simple scheme for smaller networks is to map the IPv4 network scheme


Mapping the IPv4 network scheme


• The use of hexadecimal notation allows aggregation of routing tables


Mapping to the VLAN addressing scheme


• Use of VLAN IDs in the subnet part of the IPv6 prefix


Enforcing a security policy with the help of IPv6 addresses

• Popular categories are "use" and "location"

  • Placing category "use" to the left helps enforcing security policies

  

Aggregating routing tables

• Popular categories are "use" and "location"

  • Placing the category "location" of the left helps keeping the routing tables small

  

Recommended Literature

• PREPARING AN IPv6 ADDRESS PLAN by SurfNET (Dutch Education System Network)

http://www.ripe.net/training/material/IPv6-for-LIRs-Training-Course/IPv6_addr_plan4.pdf

Size of IPv6 Subnets

• An IPv6 subnet with host machines is always a "/64"
  • IPv6 functions like neighbor discovery require this
  • The fixed size makes network planning simple

Point-to-Point links

• Inter router links (between two routers without any hosts) can use a /127 or /126 point-to-point subnet
  • Similar to a /31 in IPv4
  • A full /64 should be reserved for the router-to-router connection, with /127 or /128 taken from that subnet
  • Router addresses must be manual configured
  • See RFC 6164 - Using 127-Bit IPv6 Prefixes on Inter-Router Links

BCOP - IPv6 Subnetting

Best Current Operational Practice (BCOP)

• BCOP for IPv6 subnetting
  • A /32 prefix for each (public) ASN
  • Every individual network segment requires at a minimum one /64 subnet
  • Only subnet on IPv6 address nibble boundaries
  • Implement a hierarchical addressing plan to allow for aggregation. Each individual site should be allocated a /48 prefix

Best Current Operational Practice (BCOP)

• One /48 from each region should be reserved for infrastructure
• Loopbacks should be allocated from the top /64
• Point-to-point links should be allocated from a /64 and configured with a /126 or /127
• Sites/PoPs/locations and regions, etc. should be laid out such that within each level of the hierarchy, each subnet prefix is of equal size
• Each site should likewise have an equalized internal hierarchy

Best Current Operational Practice (BCOP)

• APNIC - IPv6 architecture and subnetting guide for network engineers and operator
• RIPE - Best Current Operational Practice (BCOP) - IPv6 subnetting
• OpenIX - Best Current Operational Practice: IPv6 Subnetting

Ideas for IPv6 address usage

Unique local address (ULA)

• Unique Local Addresses for internal hosts configured by auto-configuration (SLAAC)
  • No privacy extensions required (local only)
  • Internal track-able (audit)
  • Used exclusively internal services
  • No communication to the IPv6 public Internet possible (Well known prefix, easy to filter)
  • Can be used as Provider Independent (PI) Address Space

Unique local address (ULA)

• Internet Draft "Considerations For Using Unique Local Addresses" https://datatracker.ietf.org/doc/draft-ietf-v6ops-ula-usage-considerations/

Global Unicast Addresses (GUA)

• Global Unicast Addresses for internal hosts and servers that need end-to-end communication with Internet nodes
  • Configured by DHCPv6
  • HOST-ID is random (no tracking)
  • DHCPv6 provides a central lease-database (audit)
  • Security policy enforced in gateway firewall(s)

Site-Local Multicast

• Site local multicast addresses for infrastructure services
  • DNS
  • DHCPv6
  • LDAP
  • NTP
• Requires site-local multicast routing configuration inside the IPv6 network

'Well known' Host-IDs

• Server can use 'well known' Host-IDs
  • Provisioned by manual configuration
  • or by DHCPv6 'reservation'

Questions?