IPv6 allocation plan, security, and 6-to-4 conversion

Dustin Melancon DMelancon at venyu.com
Tue Feb 10 17:25:09 UTC 2015


Hey Eric,

I did not see anyone else post this, but the NANOG BCOP (Best Current
Operating Practices) group has released the following document to help
guide new IPv6 allocation plans which you and others may find helpful:
http://bcop.nanog.org/images/6/62/BCOP-IPv6_Subnetting.pdf

Another useful document from Department of Defense on IPv6 Addressing:
http://www.v6.dren.net/AddressingPlans.pdf



BCOP Conclusions
1. Every	individual	network	segment	requires	at	a	minimum,	one	/64	prefix
2. Only	subnet	on	nibble	boundaries
3. Implement	a	hierarchical	addressing	plan	to	allow	for	aggregation
    a. Each	individual	site should	be	allocated	a	/48 prefix
4. One	/48	from	each	region	should	be	reserved	for	infrastructure
    a. Loopbacks	should	be	allocated	from	the	top	/64
    b. 
Point-to-point	links	should	be	allocated	a	/64	and	configured	with	a	
/126	or	/127
5. 
Sites/PoPs/locations	and	regions,	etc.	should	be	laid	out	such	that	within	
each	level	of	the	hierarchy,	each	subnet	prefix	is	of	equal	size
    a. Each	³site²	should	likewise	have	an	equalized	internal	hierarchy



Regarding your management block, I would use the recommendation above to
maintain a /48 in each region for management with the top /64 used for
loopbacks. However I definitely would NOT bother removing this network
from your advertised blocks as there are much better ways to implement
security and it would screw with your ability to cleanly aggregate your
IPv6 allocation.

Thanks,

Dustin Melancon
Sr. Network Engineer
Venyu



More information about the NANOG mailing list