using IPv6 address block across multiple locations
smb at cs.columbia.edu
Mon Oct 31 17:08:35 UTC 2011
On Oct 31, 2011, at 12:30 49PM, Joel jaeggli wrote:
> On 10/31/11 03:43 , Jeroen Massar wrote:
>> On 2011-10-31 08:56 , Dmitry Cherkasov wrote:
>>> Please advice what is the best practice to use IPv6 address block
>>> across distributed locations.
>> You go to multiple RIRs and get multiple prefixes.
>> Heck, you apparently can even get multiple disjunct prefixes from the
>> same RIR.
>> There went the whole idea of aggregation....
> or you could just get an aggregateable block of the appropiate size from
> one RIR and deaggregate it as necessary which should be the normal
> course of action...
One important question: if data for one of your locations were to be sent
from somewhere that is closer (as the packets fly) to another, would you
prefer that it be sent over your VPN or over the open Internet? The latter
may be cheaper for you, since you don't have to pay for that bandwidth; the
former may be more secure if your VPN is encrypted.
To send stuff only over the open Internet in this situation, use a separate
/48 for each location. To send stuff only over your VPN, put everything in
a single /44 or so and advertise only it. Advertising the /44 and having
each location advertising its own /48 within that /44 will usually cause the
traffic to go over the open Internet, with your VPN as backup in case of
reachability problems if some ISPs won't carry the longer /48s because of their
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the NANOG