Jul 202012
 
summer-labs

Another beautiful summer week has gone by here in Sweden. I’ve spent it on the west coast in beautiful weather. I hope you’ve had a nice week too, planning your IPv6 migration and doing summer labs with IPv6. This week, we’re going to try to change how you think about IPv6 address plans. To be honest, they are very different from IPv4. Why is it so? Well, considering that you will have more than 64 bits of address space to play around with, you can go back to the original IP network architecture and actually start pouring addresses around. Spend 30 minutes on IPv6 every Friday to learn more. Let’s learn how to really waste IP addresses and don’t feel bad about it!

The Summer of IPv6The big change with IPv6 is of course the vast address space. On the Internet we now have more addresses than ever before in the history of the net. But that’s not all. We have more networks than ever before! And you will get a large part of that. In fact, you will get more addresses than all of the address space in the old version, version four. This means that you will have to start working in new ways and can build different kinds of solutions. I know, changing the way one thinks is hard, but let’s try together. Let’s shake that “preserve the address space” and “use every IP address I got” mentality and start building a proper architecture!

The magical /64 boundary

The magical /64 boundary in IPv6 only exists when you want to use automatic address assignments, either with stateless address auto-configuration. But there’s no hard rule that you have to have /64 networks. You can have /60, /68 or /72 if you want to. But you can’t use those with the Linux RADVD daemon. Considering that you will likely get a /32 or a /48 you still have plenty of subnets even if you want to use automatic address allocation schemes. For servers with fixed addresses, you can come up with any subnet mask that works for you.

Internal routing is back!

This means that you can plan things differently. With virtualization, your servers needs more addresses than was available before. You can assign a subnet for a server group or one per server, depending on your setup. To simplify firewalling, you can run different applications on different addresses. As Apple once said: Think different. Clean out port forwarding tricks, IP address sharing and all kinds of solutions you had in your old IPv4 solutions book. It’s a new network.

Best current operational practice for IPv6 address plans

The IPBCOP project develops best current operational practices for IP networks. Thanks to a blog post by Chris Grundemann I discovered their IPv6 subnetting BCOP.  Chris writes in CircleID:

“So, the first thing you must do when approaching IPv6 subnetting is to wrap your head around the new paradigm of address abundance, leaving behind the mentality of IPv4 address scarcity. While IPv4 subnetting is all about addresses, IPv6 subnetting is all about networks. Instead of counting hosts, and sizing individual subnets based on the number of addresses needed (managing scarcity), we now count routers and build hierarchy based on the networks they support. We know that a /64 can address any number of hosts we’ll through at it, so why worry about how many there are? The answer is that you don’t. You simply assign one subnet to each network and move on.”

This document in combination with Chris’ blog post is very important reading. There are pieces of advice in there that will stop some serious pain and help smooth the way for new ways of working. It’s well worth your time reading it and it’s a short and to-the-point document.

Homework this week: Read the BCOP and come up with your subnet plan!

My task for you today is to read the IPv6 subnetting BCOP and start planning your own network. Assume you get a /48 assignment (which you do with most IPv6 tunnel providers) – how would you divide it and route it? Do you have servers or routers that can handle this? How do you handle the firewall rules, will the firewall setup affect your subnet plan? Do you still feel you need private addresses for some equipment – ULA? Why? And where? Plenty of thoughts as input for your IPv6 address plan spreadsheet.

I will leave you by quoting Chris again: “Happy subnetting!”

/O

 

Links:

Sorry, the comment form is closed at this time.