[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPv6 allocation plan, security, and 6-to-4 conversion
- Subject: IPv6 allocation plan, security, and 6-to-4 conversion
- From: DMelancon at venyu.com (Dustin Melancon)
- Date: Tue, 10 Feb 2015 17:25:09 +0000
- In-reply-to: <CAB-EkT75-oQ5ASqkmxNqKZBRcJ9q_RWaahd9-uUA1edK8eQ+ag@mail.gmail.com>
- References: <CAB-EkT75-oQ5ASqkmxNqKZBRcJ9q_RWaahd9-uUA1edK8eQ+ag@mail.gmail.com>
Hey Eric,
I did not see anyone else post this, but the NANOG BCOP (Best Current
Operating Practices) group has released the following document to help
guide new IPv6 allocation plans which you and others may find helpful:
http://bcop.nanog.org/images/6/62/BCOP-IPv6_Subnetting.pdf
Another useful document from Department of Defense on IPv6 Addressing:
http://www.v6.dren.net/AddressingPlans.pdf
BCOP Conclusions
1. Every individual network segment requires at a minimum, one /64 prefix
2. Only subnet on nibble boundaries
3. Implement a hierarchical addressing plan to allow for aggregation
a. Each individual site should be allocated a /48 prefix
4. One /48 from each region should be reserved for infrastructure
a. Loopbacks should be allocated from the top /64
b.
Point-to-point links should be allocated a /64 and configured with a
/126 or /127
5.
Sites/PoPs/locations and regions, etc. should be laid out such that within
each level of the hierarchy, each subnet prefix is of equal size
a. Each ³site² should likewise have an equalized internal hierarchy
Regarding your management block, I would use the recommendation above to
maintain a /48 in each region for management with the top /64 used for
loopbacks. However I definitely would NOT bother removing this network
from your advertised blocks as there are much better ways to implement
security and it would screw with your ability to cleanly aggregate your
IPv6 allocation.
Thanks,
Dustin Melancon
Sr. Network Engineer
Venyu