v6 subnet size for DSL & leased line customers

Thu Dec 27 21:45:51 UTC 2007

On 27 dec 2007, at 12:44, sthaug at nethelp.no wrote:

> I agree that DHCPv6 prefix delegation (for instance a /56) to a CPE
> which provides configuration to hosts on its LAN side sounds like a
> reasonable model. It requires the customer to have a CPE with actual
> *router* functionality, as opposed to just a bridge. This is different
> from today's requirements, but may not be unreasonable.

Ok, that would be CPE == modem. Another line of thought would be a  
bridging modem + a routing CPE that the customer provides. This would  
be similar to the home "routers" that you can buy today. (A lot of  
ISPs, especially in the are I just moved to, insist on providing you  
with a "free" "router" rather than just a modem, yuck!)

Ideally, a bridging modem would be able to talk to both individual  
hosts, just like it can on IPv4, or to a router provided by the  
customer. But unlike with IPv4, these modes of operation would have to  
be different in the absense of NAT. Providing a prefix to a user is  
actually the simple part, because there is really only one way to do  
it (short of manual configuration): DHCPv6 prefix delegation. The  
trouble is how ISP equipment talks to the first IPv6 device on the  
customer side. The easy way would be to have a separate VLAN and IPv6  
subnet for that for each customer but I gather that means more  
expensive equipment. Using the IPv4 model with DHCPv6 wouldn't work  
well because of the low DHCPv6 adoption. (This problem may or may not  
go away in time; I gather that Vista has it but that Apple isn't  
interested in adopting DHCPv6.)

However, rather than snooping DHCP messages and inserting DHCP  
options, with IPv6 DSL/cable equipment on the ISP side (or even the  
modem) could intercept and modify router advertisements so each  
customer gets their own prefix advertised. If we then do some ingress  
filtering based on that prefix and force all traffic through the first  
IPv6 router on the ISP side this could work very well. Interestingly,  
in IPv6 there is no need for a default gateway to have an address in  
the subnet prefix that hosts use. So the problem that you'd have with  
this in IPv4, that two neighbors can't communicate because the hosts  
think they're on the same IP subnet but direct traffic between them is  
blocked, doesn't occur. (Unless the router sends redirects.)

On 27 dec 2007, at 13:11, Mark Smith wrote:

> I think it's interesting CGAs are being discussed in the same email as
> the one where you say you want to be able to express prefix length  
> in DHCPv6 -
> because I'm guessing you want that feature to be able to shorten node
> addresses.

Actually I spoke up against that in the last IETF meeting. Maybe in 20  
years when we made such a mess of the other bits that we need to  
recover some of those interface identifier bits.

The issue with lacking a prefix length in DHCPv6 doesn't really lead  
to any trouble in normal operation, but it does make DHCPv6 mostly  
useless in one of the cases that it's advertised for: the situation  
where there is no router on the subnet. In that case, if host A gets  
2001::a and host B gets 2001::b but they don't know the subnet size,  
the conservative assumption is /128 which means that they can't  
communicate. Hardcoding /64 would be bad, even in router  
advertisements the prefix length is carried explicitly even though  
stateless autoconfig won't work if it's not 64.

On 27 dec 2007, at 13:19, Mark Smith wrote:

>> there are currently no ISPs and no CPEs that do
>> that, as far as I know.

> I haven't had a chance to test it, but according to "Deploying IPv6
> Networks", IOS can support DHCPv6 based prefix delegation. It even
> supports multiple downstream interfaces on the CPE - you configure the
> subnet number you want on each of the interfaces, and the CPE will
> configure the DHCP-PD learned /48 on the front of them automatically
> and then start announcing those prefixes in RAs out those interfaces.

You're absolutely right. For some reason it never connected in my  
brain that my Cisco 826/827 (I always forget which) ADSL router  
supports this, even with a 3 year old IOS. I think when I tested this  
I did so on a bunch of 2500s. But if you look at Apple's Airport  
Extreme base station, for instance, that box will only terminate a  
tunnel and not handle any kind of native IPv6 routing.

See http://www1.ietf.org/mail-archive/web/ipv6/current/msg08798.html  
for a small config example.

(I think someone said the Airport Extreme bridges IPv6 and routes IPv4  
(or maybe the other way around), which isn't true. You can configure  
it to bridge or do IPv4 NAT and separately from that to route between  
an IPv6 manual or 6to4 tunnel and the LAN ports (+ WAN port when  
bridging).)