Assigning IPv6 /48's to CPE's?

Sascha Lenz slz at
Mon Dec 31 09:49:50 UTC 2007


Rick Astley schrieb:
> I see there is a long thread on IPv6 address assignment going, and I 
> apologize that I did not read all of it, but I still have some 
> unanswered questions.

The basic problem is, there are no answers, that's why there is this and 
similar discussion every 6 months again and again.

So the only sane answer to most of your questions is: think about it 
yourself and just do it to finally get out IPv6 to the world. YOU will 
have to live with the consequences some day in the future in the end ;-)

> I believe someone posted the ARIN recommendation that carriers assign 
> out /64's and /56's, and in a few limited cases, /48.

I'm not that active in the ARIN region myself, but the GENERAL consensus 
  amongst the people who already run (production!) IPv6 networks for 
years now is - just hand out /48s to every customer, DO NOT THINK ABOUT IT!

But i'm well aware of ARIN guideline like

	 The following guidelines may be useful (but they are only guidelines):

     * /64 when it is known that one and only one subnet is needed
     * /56 for small sites, those expected to need only a few subnets 
over the next 5 years.
     * /48 for larger sites

but notice the annotation "...but they are only guidelines".

In general, if you're really really sure that there's only one device, 
you can use /128, if you're sure there is only one subnet needed, a /64 
is fine, but in general, make your life easy by handing out /48s to 
everyone by default.
But if you really want to think about it and make your life complicated 
- noone can stop you from assigning /56s if you think that's a better 
choice - for whatever reason you might come up with in your setup.

> I can understand corporations getting more than a /64 for their needs, 
> but certainly this does not mean residential ISP subscribers, right?

Why not?

> I can understand the need for /64's because the next 64 bits are for the 
> client address, but there seems to be this idea that one and only one 
> node may use a whole /64. So in the case of Joe, the residential DSL 
> subscriber who has 50,000 PCs, TiVo's,  microwaves, and nanobots that 
> all need unique routable IP addresses, what is to stop him from 
> assigning them unique client ID's (last 64 bits) under the same /64? We 
> can let Joe put in some switches, and if that isn't enough he should 
> consider upgrading from his $35/month DSL or $10/month dial up anyway.

Well, that's the IPv4 business model which is basically saying "the more 
you pay, the more IP addresses you can get".
This will most likely happen in the IPv6 world too, and there is nothing 
we can do about it.

But if you think about that in a sane way, and you and the ISP you're 
working for are nice "netizens", you don't put a pricetag on 
IP-addresses. Especially not in the IPv6 world, since there is no 
shortness of addresses like there might be in the IPv4 world which might 
again support such a business model.

==> just hand out /48s even if 90% of your customers won't ever need it, 
addresses are not scarce here. Thinking about it too much might just be 
a bigger waste of time than this is a waste of address resources.

> My next question is that there is this idea that there will be no NAT in 
> the IPv6 world. Some companies have old IPv4 only software, some 
> companies have branch offices using the same software on different 
> networks, and some like the added security NAT provides.

Again, marketing gets the lifetime achievement award for making a bad 
thing like NAT, born out of the simple need for some solution for the 
we-dont-have-enough-IPv4-addresses-problem - into a "security and 
administrative easy and anonymity" .. well.. "thing".

My only answer to this is: go out and educate the people.
But this again often might not work in the real world.

> There are also serious privacy concerns with having a MAC address within 
> an IP address. Aside from opening the doors to websites to share 
> information on specific users, lack of NAT also means the information 
> they have is more detailed in households where separate residents use 
> different computers. I can become an IPv4 stranger to websites once a 
> week by deleting cookies, IPv6 means they can profile exactly what I do 
> over periods of years from work, home, starbucks, it doesn't matter. I 
> don't see NAT going away any time soon.

That's a myth, too, for example there is this privacy extension thing 
(RfC3041 i believe?) in almost every current IPv6-stack like Vista and 
so which doesn't use "MAC-addresses" and also constantly changes the 
address (which is a PITA for administrators again).

In the end, you don't NEED any NAT for any sane reason.
But i'm not saying it won't exist, i'm actually quite sure that there 
will be NAT for IPv6 in the end, right.
It's just sad that even engineers and administrators are so lazy and 
just want to handle IPv6 like IPv4 even there are major differences.

Bottom line: Think about the best practice yourself, read the whole 
thread if you still have to make up your mind.
At the moment noone really can help you with definite answers.

= Sascha Lenz                  SLZ-RIPE          slz at         =
= Network Operations                                                   =
= BayCIX GmbH, Landshut                  * PGP public Key on demand *  =

More information about the NANOG mailing list