[AusNOG] IPv6 Addressing Schemes
John.Gibbins at csiro.au
John.Gibbins at csiro.au
Fri May 21 08:17:24 EST 2010
We are a single geographically diverse organisation where our customers are our own staff, so our model may not be the best for you.
We reserved the first four bits for future allocation schemes. With plenty of space I wanted as much elbow for future changes as possible! The next bit is a flag to indicate that the address is untrusted (eg external or DMZ address). This makes firewall masks easy.
The next 3 bits indicate the state (0=non-state specific, eg interstate links) and 8 bits indicate the physical site within the state. The last 16 bits of the prefix just contain the VLAN number. Our addressing is tied somewhat to our IPv4 addressing since we expect to run dual stack for the foreseeable future.
For an ISP, I'd recommend taking whatever chunk you plan to allocate to customers and split it in half. Allocate /56s from one half and /48s from the other. Even if you tell them they are getting a /64, allocate a /56 for them. Don't allocate /64s. Users will want multiple nets at home in future and being flexible won't cost you anything to start with and will make you look more efficient down the track.
The blocks can be allocated sequentially as each block should be big enough for a lot of future expansion. Alternatively you can start allocating from the most significant bits effectively giving out addresses from the middle of the largest available contiguous block at any given time. This is a little messy, but gives lots of room for future expansion.
regards
johng
--
John Gibbins
Acting Team Leader | IT Security Operations
CSIRO Information Management & Technology (IM&T)
Phone: +61 2 6124 1419 | Fax: +61 2 6124 1414 | Mob: 0419 605 562
John.Gibbins at csiro.au | www.csiro.au
PO BOX 225, Dickson ACT 2602
PLEASE NOTE
The information contained in this email may be confidential or privileged. Any unauthorised use or disclosure is prohibited. If you have received this email in error, please delete it immediately and notify the sender by return email. Thank you. To the extent permitted by law, CSIRO does not represent, warrant and/or guarantee that the integrity of this communication has been maintained or that the communication is free of errors, virus, interception or interference.
Please consider the environment before printing this email.
-----Original Message-----
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Shane Short
Sent: Friday, 21 May 2010 4:29 AM
To: ausnog at ausnog.net
Subject: [AusNOG] IPv6 Addressing Schemes
Howdy Guys,
We've got our /32 from APNIC a while ago, I'm now finally looking to begin rolling this out across the network and to be honest, the sheer amount of space is doing my head in a little..
I did a bit of a google around and I couldn't really find any 'best practice' for splitting up a subnet of this size..
How're people here picking which subnets to allocate customers? are you splitting it up into chunks of /48s,/56's and /64s and handing them out sequentially?
Thanks,
Shane
More information about the AusNOG
mailing list