Assigning IPv6 /48's to CPE's?
slz at baycix.de
Mon Dec 31 09:49:50 UTC 2007
Rick Astley schrieb:
> I see there is a long thread on IPv6 address assignment going, and I
> apologize that I did not read all of it, but I still have some
> unanswered questions.
The basic problem is, there are no answers, that's why there is this and
similar discussion every 6 months again and again.
So the only sane answer to most of your questions is: think about it
yourself and just do it to finally get out IPv6 to the world. YOU will
have to live with the consequences some day in the future in the end ;-)
> I believe someone posted the ARIN recommendation that carriers assign
> out /64's and /56's, and in a few limited cases, /48.
I'm not that active in the ARIN region myself, but the GENERAL consensus
amongst the people who already run (production!) IPv6 networks for
years now is - just hand out /48s to every customer, DO NOT THINK ABOUT IT!
But i'm well aware of ARIN guideline like
The following guidelines may be useful (but they are only guidelines):
* /64 when it is known that one and only one subnet is needed
* /56 for small sites, those expected to need only a few subnets
over the next 5 years.
* /48 for larger sites
but notice the annotation "...but they are only guidelines".
In general, if you're really really sure that there's only one device,
you can use /128, if you're sure there is only one subnet needed, a /64
is fine, but in general, make your life easy by handing out /48s to
everyone by default.
But if you really want to think about it and make your life complicated
- noone can stop you from assigning /56s if you think that's a better
choice - for whatever reason you might come up with in your setup.
> I can understand corporations getting more than a /64 for their needs,
> but certainly this does not mean residential ISP subscribers, right?
> I can understand the need for /64's because the next 64 bits are for the
> client address, but there seems to be this idea that one and only one
> node may use a whole /64. So in the case of Joe, the residential DSL
> subscriber who has 50,000 PCs, TiVo's, microwaves, and nanobots that
> all need unique routable IP addresses, what is to stop him from
> assigning them unique client ID's (last 64 bits) under the same /64? We
> can let Joe put in some switches, and if that isn't enough he should
> consider upgrading from his $35/month DSL or $10/month dial up anyway.
Well, that's the IPv4 business model which is basically saying "the more
you pay, the more IP addresses you can get".
This will most likely happen in the IPv6 world too, and there is nothing
we can do about it.
But if you think about that in a sane way, and you and the ISP you're
working for are nice "netizens", you don't put a pricetag on
IP-addresses. Especially not in the IPv6 world, since there is no
shortness of addresses like there might be in the IPv4 world which might
again support such a business model.
==> just hand out /48s even if 90% of your customers won't ever need it,
addresses are not scarce here. Thinking about it too much might just be
a bigger waste of time than this is a waste of address resources.
> My next question is that there is this idea that there will be no NAT in
> the IPv6 world. Some companies have old IPv4 only software, some
> companies have branch offices using the same software on different
> networks, and some like the added security NAT provides.
Again, marketing gets the lifetime achievement award for making a bad
thing like NAT, born out of the simple need for some solution for the
we-dont-have-enough-IPv4-addresses-problem - into a "security and
administrative easy and anonymity" .. well.. "thing".
My only answer to this is: go out and educate the people.
But this again often might not work in the real world.
> There are also serious privacy concerns with having a MAC address within
> an IP address. Aside from opening the doors to websites to share
> information on specific users, lack of NAT also means the information
> they have is more detailed in households where separate residents use
> different computers. I can become an IPv4 stranger to websites once a
> week by deleting cookies, IPv6 means they can profile exactly what I do
> over periods of years from work, home, starbucks, it doesn't matter. I
> don't see NAT going away any time soon.
That's a myth, too, for example there is this privacy extension thing
(RfC3041 i believe?) in almost every current IPv6-stack like Vista and
so which doesn't use "MAC-addresses" and also constantly changes the
address (which is a PITA for administrators again).
In the end, you don't NEED any NAT for any sane reason.
But i'm not saying it won't exist, i'm actually quite sure that there
will be NAT for IPv6 in the end, right.
It's just sad that even engineers and administrators are so lazy and
just want to handle IPv6 like IPv4 even there are major differences.
Bottom line: Think about the best practice yourself, read the whole
thread if you still have to make up your mind.
At the moment noone really can help you with definite answers.
= Sascha Lenz SLZ-RIPE slz at baycix.de =
= Network Operations =
= BayCIX GmbH, Landshut * PGP public Key on demand * =
More information about the NANOG