My take on IPv6 allocation! Becoming a LIR @ RIPE
When you become a LIR @ RIPE you will get a /32 IPv6 network allocation. If you ask nicely ( which I did 🙂 ), you will get a /29 IPv6 network allocation.
That is a whole lot of address and it can become somewhat overwhelming by it’s size.
- Number of /48 subnets you can host : 524288
- Number of /64 subnets you can host : 34359738368
- Number of IP’s you can host : 633825300114114700748351602688 (that’s a lot)
I’m currently looking at a multi datacenter design with a lot of separate customer network’s which need IPv6 allocation to run dual stack.
We are running several services in this design :
- Dedicated servers, webservers, proxy servers
- Firewall’s and routers
- Website hosting
- Application and SaaS hosting
- shared and dedicated services
Here is my take on splitting it up with some simple guidelines :
Handing out your IPv6 /29 subnet:
Start using a IPv6 /32 subnet, and save the other IPv6 /32 subnets for later. You never know if you want an extra provider, etc …
Handing out per-customer / per-service prefix size
RIPE will let you assign up to a IPv6 /48 subnet per site without having to explain them why. Keep it simple and assign a IPv6 /48 subnet per customer or service.
As I said a IPv6 /29 subnet contains 524288 IPv6 /48 subnets. Which gives you, when using a IPv6 /32 subnet 65536 IPv6 /48 subnets. Which is more than enough.
So there is absolutely no need to give a customer or service anything smaller than an IPv6 /48 subnet. Don’t use an IPv6 /49, /50, etc…
Start using a IPv6 /48 subnet per customer, service, etc…
Handing out a LAN prefix size:
The standards to use is an IPv6 /64 Subnet.
So choosing a LAN prefix should point you to that direction, a IPv6 /64 subnet.
Configuring an IPv6 /127 subnet on a point-to-point link is common and can protect you against cache overflows, use x:y:z::a on one end and x:y:z::b on the other end to make it more readable.
Never use less than an IPv6 /64 subnet on a LAN or VLAN, things will break. Maybe not now, but trust me it will some day.
I wouldn’t change your architecture right now, just assign those IPv6 /64 subnets to your LAN/VLAN infrastructure and run everything dual stack.
Don’t overthink it, don’t start putting to much details in to the IPv6 subnet blocks.
A good note that I found on the internet :
Always split at multiples of 4 bits (nibbles) so your addressing plan structure matches the hexadecimal notation of IPv6 addresses (each character in an IPv6 address represents 4 bits)
What to use those bits for depends on your organization. You might divide the country-level IPv6 /32 subnets into IPv6 /36 subnet blocks and use an IPv6 /36 subnet per province. Or you use an IPv6 /40 subnet for some structure that is important to your organizational or infrastructure architecture. Or both.
The same go’s for the IPv6 /48 subnets:
Maybe you want to give an IPv6 /52 subnet to each building on the site and give an IPv6 /56 subnet to each floor in each building. That works well with prefix aggregation in your routing protocols.
Or maybe you want to assign an IPv6 /52 subnet or an IPv6 /56 subnet to each security zone in your security architecture. That makes maintaining firewall policies and rules a lot easier!