IPv6 allocation plan, security, and 6-to-4 conversion
Rob Seastrom
rs at seastrom.com
Fri Jan 30 18:42:14 UTC 2015
Eric Louie <elouie at techintegrity.com> writes:
> I'm putting together my first IPv6 allocation plan. The general layout:
> /48 for customers universally and uniformly
> /38 for larger regions on an even (/37) boundary
> /39 for smaller regions on an even (/38) boundary
You really really really don't want to subnet on non-nybble
boundaries. "Technically feasible" does not equate to "good idea".
Optimize for technician brain cells and 2am maintenance windows. Oh,
and rDNS.
If you can't make your regional aggregation scheme fit within a /32
when rounding up on nybble boundaries... get more from ARIN.
Seriously. IPv6 is not scarce. A /32 is the *minimum* initial
allocation for an ISP. See ARIN NRPM 6.5.2.1. "justification" is
viewed in an entirely different light in the IPv6 land-of-plenty that
is IPv6. If you already have a /32 but haven't rolled it out yet, ask
for a do-over.
"Our subnetting scheme [insert description here] requires a /28" is,
at least on paper, an entirely good reason to get a /28 out of ARIN.
If you need it and you are having trouble getting it, it's a sign that
policy needs further evolution; please reach out to folks involved
tightly with the policy process (that would include me) to let us know.
As for giving a /48 to every customer... that's a fine way to go and
eminently defensible. If every human being on the face of the earth
(let's round up and say 2^33 or 8 billion to make it easy) had an end
site, and we assume only 10% efficiency in our allocation scheme due
to the subnetting scheme I outlined above and getting unlucky... that
still uses less than a tenth of a percent of available IPv6 space.
This is one of those things that are easiest to get right the first
time. If "conservation of address space" is in your IPv6 numbering
plan, you're doing it wrong.
My $0.02, FWIW.
-r
More information about the NANOG
mailing list