My take on IPv6 allocation! Becoming a LIR @ RIPE

My take on IPv6 allocation! Becoming a LIR @ RIPE

When you become a LIR @ RIPE you will get a /32 IPv6 network allocation. If you ask nicely ( which I did 🙂 ), you will get a /29 IPv6 network allocation.
That is a whole lot of address and it can become somewhat overwhelming by it’s size.

  • Number of /48 subnets you can host : 524288
  • Number of /64 subnets you can host : 34359738368
  • Number of IP’s you can host : 633825300114114700748351602688 (that’s a lot)

I’m currently looking at a multi datacenter design with a lot of separate customer network’s which need IPv6 allocation to run dual stack.
We are running several services in this design :

  • Dedicated servers, webservers, proxy servers
  • Firewall’s and routers
  • Website hosting
  • Application and SaaS hosting
  • shared and dedicated services

Here is my take on splitting it up with some simple guidelines :

Handing out your IPv6 /29 subnet:

Start using a IPv6 /32 subnet, and save the other IPv6 /32 subnets for later. You never know if you want an extra provider, etc …

Handing out per-customer / per-service prefix size

RIPE will let you assign up to a IPv6 /48 subnet per site without having to explain them why. Keep it simple and assign a IPv6 /48 subnet per customer or service.
As I said a IPv6 /29 subnet contains 524288 IPv6 /48 subnets. Which gives you, when using a IPv6 /32 subnet 65536 IPv6 /48 subnets. Which is more than enough.
So there is absolutely no need to give a customer or service anything smaller than an IPv6 /48 subnet. Don’t use an IPv6 /49, /50, etc…
Start using a IPv6 /48 subnet per customer, service, etc…

Handing out a LAN prefix size:

The standards to use is an IPv6 /64 Subnet.
So choosing a LAN prefix should point you to that direction, a IPv6 /64 subnet.
Configuring an IPv6 /127 subnet on a point-to-point link is common and can protect you against cache overflows, use x:y:z::a on one end and x:y:z::b on the other end to make it more readable.

Never use less than an IPv6 /64 subnet on a LAN or VLAN, things will break. Maybe not now, but trust me it will some day.
I wouldn’t change your architecture right now, just assign those IPv6 /64 subnets to your LAN/VLAN infrastructure and run everything dual stack.

Final note:

Don’t overthink it, don’t start putting to much details in to the IPv6 subnet blocks.
A good note that I found on the internet :

Always split at multiples of 4 bits (nibbles) so your addressing plan structure matches the hexadecimal notation of IPv6 addresses (each character in an IPv6 address represents 4 bits)
What to use those bits for depends on your organization. You might divide the country-level IPv6 /32 subnets into IPv6 /36 subnet blocks and use an IPv6 /36 subnet per province. Or you use an IPv6 /40 subnet for some structure that is important to your organizational or infrastructure architecture. Or both.
The same go’s for the IPv6 /48 subnets:
Maybe you want to give an IPv6 /52 subnet to each building on the site and give an IPv6 /56 subnet to each floor in each building. That works well with prefix aggregation in your routing protocols.
Or maybe you want to assign an IPv6 /52 subnet or an IPv6 /56 subnet to each security zone in your security architecture. That makes maintaining firewall policies and rules a lot easier!

Leave a Reply

Your email address will not be published. Required fields are marked *

11 − 1 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.