using IPv6 address block across multiple locations

Dmitry Cherkasov doctorchd at
Tue Nov 1 04:52:49 CDT 2011

Thanks to everybody who responded.

To summarize it all, these are the guides for non-ISP company to use
PI IPv6 addresses:

case 1: single POP, no plans to have more
- get single /48 from your RIR, announce it to one or multiple ISPs
that POP is connected to

case 1a: multiple separate POPs (no VPN interconnections)
- the same as for case 1 but for each POP independently; each POP has
individual AS, btw

case 2: extranet like multiple POPs interconnected with VPNs
- get greater then /48 block (like /44) so each POP gets its /48 part
- each POP announces its corresponding /48 prefix to their local ISPs
- decide if you wish that traffic from Internet to some POP passes
through some other of your POPs (security or other considerations); if
this is desirable you may announce the whole aggregate (like /44)
additionally to /48 from all or some of the POPs; optionally you may
wish to announce /44 with community 'no-export'

As for /48 IPv6 blocks being like /24 for IPv4.
It really seems that /48 may be the most popular PI block and this may
lead to overcrowding of DFZ. Probably, this is logical consequence of
getting bigger address space. We needed more IP addresses and we get
them. Anyway getting greater then /48 just because you do not want to
pollute DFZ is not justified.

Thank you.

Dmitry Cherkasov

2011/11/1 Ricky Beam <jfbeam at>:
> On Mon, 31 Oct 2011 05:39:57 -0400, Richard Barnes
> <richard.barnes at> wrote:
>> Couldn't you also advertise the /48 from all the sites, if you're
>> willing to sort things out over the inter-site VPNs?
> If we're talking about a site-to-site IPsec VPN "over the internet", then
> that's a very bad idea.  Even if "the internet" in this case is entirely
> within the same provider's network. (and it doesn't sound like it is.)
> --Ricky

More information about the NANOG mailing list