1. The document provides guidance on strategically planning and designing an IPv6 address plan for a large multi-national enterprise called ACME.
2. It outlines the requirements including supporting up to 37 countries and 40 campus locations within the largest country. The plan should be highly hierarchical, uniform and scalable.
3. Byte boundaries are recommended between hierarchy levels to support many countries, with nibble boundaries between buildings within campuses given fewer buildings. The plan should include infrastructure addressing.
4. Architectural Model
Planning and coordination is required from
many across the organization, including âŚ
v⯠Network engineers & operators
v⯠Security engineers
v⯠Application developers
v⯠Desktop / Server engineers
v⯠Web hosting / content developers
v⯠Business development managers
v⯠âŚ
5. v⯠Create a project team & plan
v⯠Identify business value, requirements & impacts
v⯠Assess equipment & applications for IPv6
v⯠Begin training & develop training plan
v⯠Develop the architectural solution
v⯠Obtain a prefix and build the address plan
v⯠Define an exception process for legacy systems
v⯠Update the security policy
v⯠Deploy IPv6 trials in the network
v⯠Test and monitor your deployment
IPv6 Planning Steps Outline
6. 340,282,366,920,938,463,463,374,607,431,768,211,456
340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand, 456
So How Big Is The IPv6 Address Space?
§⯠Lotâs of talk about how big, itâs BIG, do NOT worry about waste
§⯠Theoretical vs. Practical, split the 128 bits in half
§⯠64 bits will define the network topology, 64 bits define the host id
18,446,744,073,709,600,000 IPv6 addresses /64
(31,536,000 seconds/yr * 10,000,000 IPv6 addresses/second)
18,446,744,073,709,600,000
/ 315,360,000,000,000
= 58,494 years
- Ed Horley
7. IPv6 Addressing
IPv6 Address Family
Multicast AnycastUnicast
Assigned Solicited Node
Unique Local Link Local Global Special Embedded
*IPv6 does not use broadcast addressing
Well
Known
Temp
8. Hexadecimal, itâs really not that difficult
Widely used in computing and programming
Hex is a base 16 numerical system
Typicaly expressd by 0x, i.e 0x34
Every nibble is a Hex character
4 bits have 16 combinations
Easier than high school algebra
256âs |16âs | 1âs
3 4
a c
2 4 d
100s | 10âs | 1âs
0 5 2
1 7 2
5 8 9
9. IPv6 Address Format
IPv6 addresses are 128 bits long (32 hex characters)
8 groups (words, quadâs) of 16 bits separated by (:)
Network or topology portion is the prefix
Includes the âsubnetâ
Host PortionNetwork Portion
2001 : 0db8 : 0100 : 1111 : 0000 : 0000 : 0000 : 0001
16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits
Host IdSubnet IdGlobal Route Prefix
2001:0db8:0100:1111:0000:0000:0000:0001
10. Abbreviating IPv6 Addresses (RFC5952)
Leading 0âs can be omitted
The double colon (::) can appear only once
2001:0db8:0000: :0000:0000:0000:1e2a00a4
Full Format
2001:db8:0: :0:0:0:1e2aa4
Abbreviated Formats
2001:db8:0: ::1e2aa4
11. Unicast IPv6 Address Types
Link-Local â Non routable exists on single layer 2 domain (fe80::/10)
fe80:0000:0000:0000
::
xxxx:xxxx:xxxx:xxxx
fc00:gggg:gggg: xxxx:xxxx:xxxx:xxxxssss:
fd00:gggg:gggg: xxxx:xxxx:xxxx:xxxxssss:
Unique-Local â Routable within administrative domain (fc00::/7)
2000:NNNN:NNNN HHHH:HHHH:HHHH:HHHH
Global â Routable across the Internet (2000::/3)
:SSSS:
3fff:NNNN:NNNN HHHH:HHHH:HHHH:HHHH:SSSS:
12. â˘âŻ Recommended Alloca,ons
â˘âŻ Consumer, SMB /56 /60 /64
â˘âŻ Municipal Government, Enterprise, Single AS /40 /44 /48
â˘âŻ State Governments, Universi,es (LIR) /32 /36 /40
â˘âŻ Addressing Plan, Site Count
â˘âŻ IPv4 Allocation, Multi-homed ISP
⢠1 - 12 sites, a /44 assignment
⢠13 - 192 sites, a /40 assignment
⢠193 - 3,072 sites, a /36 assignment
⢠3,073 - 49,152 sites, a /32 assignment
Registries
Level FourEntity
IANA
ISP Org
PA
/48
2000::/3
/12
/32
2000::/3
/48
/12
PI
/32
/48
RIPE
Global Address Assignment
Subordinate
13. â˘âŻ PA or PI from each region you operate in
â˘âŻ Coordination of advertised space within each RIR, policy will vary
â˘âŻ Most run PI from primary region
Multi-national Model
14. Prefix Length Considerations
Pt 2 Pt
/127
WAN
Core
/64 or /127
Servers
/64
Hosts
/64
Loopback
/128
â˘âŻ Anywhere a host exists /64
â˘âŻ Point to Point /127
Should not use all 0âs or 1âs
in the host portion
Nodes 1&2 are not in the
same subnet
â˘âŻ Loopback or Anycast /128
â˘âŻ RFC 7421 /64 is here
â˘âŻ RFC 6164 /127 cache
exhaust
16. 1.⯠Keep it SIMPLE
§⯠You donât want to spend weeks explaining it!
2.⯠Embed information to help operations
§⯠To help troubleshooting and operation of the network
§⯠Examples: location, country, PIN, VLAN, IPv4 info addresses
3.⯠Plan for expansion (build in reserve)
§⯠Cater for future growth, mergers & acquisitions, new locations
§⯠Reserved vs. assigned
4.⯠Exploit hierarchy / aggregation
§⯠Good aggregation is essential, just one address block (per location)
§⯠Ensures scalability and stability
4 Rules
2001:420:1234::/48
2001:420:1234:0100:/56 2001:420:1234:0200:/56
2001:420:1234:0400:/562001:420:1234:0300:/56
2001:420:1234:0500:/56 âŚ
18. §⯠How many prefixes will you need at each level of the addressing plan
§⯠Example: a BNG can handle 64000 subscribers = 64000 IPv6 prefixes
§⯠Example: the number of interconnects (P2P) in your network
§⯠As always, put aside a reserve!
§⯠How many /64 prefixes (subnets) you need to deploy at a location
§⯠I.E: desktops, WIFI, guestnet, sensors, CCTV, network infrastructure, etc..
§⯠As always, put aside a reserve!
§⯠Donât worry about the number of hosts
§⯠We have more than 254 of IPv6 addresses for hosts :â)
Methodology (2) â Number of Prefixes per Level
19. Example - How Many Subnets in a Location?
â˘âŻ Follow the logical flow
â⯠How many subnets in each location?
â⯠What does sit under infrastructure?
â⯠How many point-to-point links?
â⯠Where is the reserve?
/52 Infrastructure
/48 location
/56 Interconnects
/56 Loopbacks
256x /64 P2P links
256x /64 Loopbacks /128 per Loopback
/52 Desktops
/52 Wireless
/52 etc.
/127 per P2P link
/56 reserve
/56 reserve
...
20. §⯠Remember transition mechanisms â these will have specific address format
requirements
§⯠ISATAP
§⯠NAT64 (/96)
§⯠6rd, MAP
§⯠Possible encoding of information in particular portions of the IPv6 prefix
§⯠Places In the Network (PINs)
§⯠VLANs in the prefix
§⯠VLAN 4096 à 2001:db8:1234:4096::/64 (alternatively in hex J)
§⯠The whole IPv4 address or just a portion
§⯠consider this carefully â trade-off between linkage vs. independence
§⯠IPv4 address 10.0.13.1 à 2001:db8:1234:100::10:0:13:1
§⯠Router IDs in the Interface Identifier / IPv4 in Link-Local
§⯠Consider security implications!
Methodology (3) â Information Encoding
21. Methodology (4) â Infrastructure Addressing 1.
â˘âŻ First recommendations: configure /64, /112 or /126
â˘âŻ RFC 3627, September 2003 â /127 considered harmful
â˘âŻ moved to historic by RFC 6547 (Feb. 2012)
â˘âŻ Since April 2011, RFC 6164 recommends /127 on inter-router (P2P) links
â˘âŻ Current recommendation /64, /126 or /127
â˘âŻ /127 mitigates ND exhaustion attacks
â˘âŻ Allocate /64 from a block (e.g. /56) for infrastructure links but configure /127
â˘âŻ Example: 2001:db8:1234:1::0/127 and 2001:db8:1234:1::1/127
â˘âŻ What about offsetting the suffix
â˘âŻ 2001:db8:1234:1::a/127
â˘âŻ 2001:db8:1234:1::b/127
â˘âŻ You must follow the /127 subnet rule!!!
2001:db8:1234:1::A/127 2001:db8:1234:1::B/127
R2R1 21
22. Methodology (4) â Infrastructure Addressing 2.
â˘âŻ E.g. Dedicate /56 for Loopback addresses per location
â˘âŻ Allocate /64 per Loopback but configure /128
â˘âŻ Example: 2001:420:1234:100:1::1/128 and 2001:420:1234:101:1::1/128
â˘âŻ Avoid a potential overlap with Embedded RP addresses
â˘âŻ Remember to check how many Longest Prefix Matches (LPM) [/128] your
network devices can carry
â˘âŻ Does not always equal the total number of supported IPv6 prefixes
Loopbacks
22
23. Example of an IPv6 Prefix Allocation (Cisco)
/40 - /44 per Site
Upto 256 Buildings
per Site
Site = Campus
13th Nibble = PIN
/52 per PIN
(4096 Subnets / PIN)
PIN = Place In the Network
A framework to classify network roles e.g.
Lab, Desktop, DC, DMZ etc
/48 per Building/FSO
(16 PINs per Building/FSO)
FSO = Field Sales Office
/37 - /39
per Sub-Region
/35 - /36
per Region
Global Level 2001:420::/32
Using /34 with 50% spares
For Your
Reference
24. Example of an IPv6 Prefix Allocation (ISP)
/30
/30 for Subscribers
/32 for Internal Addressing
/36 per PoP
/32 for Private Addressing
/32 for External Addressing
(non-Subsribers)
/32 as a reserve
/56 per Subscriber
/40 for Enterprise DC
External
/40 for Enterprise
Infrastructure External
/40 for Enterprise Campus
External
/29 from RIPE
/40 for Core Network
External Services
/40 for Core Network
Internal Services
/40 for Enterprise DC
Internal
/64 for Loopbacks (/128s)
/40 for Enterprise Campus
External
/40 per BNG
For Your
Reference
26. â˘âŻ Methods
â˘âŻ Follow IPv4 (/24 only), Organizational, Location, Function based
â˘âŻ Hierarchy is key (A /48 example)
â˘âŻ Bit twiddle's dream (16 bit subnet strategy)
â˘âŻ 4 or 8 bits = (16 or 256) Regions (states, counties, agencies, etc..)
â˘âŻ 4 or 8 more bits = (16 or 256) Sub Levels within those Regions
â˘âŻ 4 more bits = (16) Traffic Types (Admin, Guest, Telephony, Video, etc..)
â˘âŻ Cisco IPv6 Addressing White Paper
â˘âŻ http://www.cisco.com/go/IPv6
â˘âŻ Monotonically (1000, 2000, 3000, etc.) vs. Sparse (0000, 4000, 8000, c000 )
Building the IPv6 Address Plan
26
27. §⯠European-wide conglomerate in the food and consumables sector.
§⯠Has presence in about 19 countries expected to grow to about 37
§⯠They also have a sister company (ACME ISP) which is providing
European-wide telecommunications services.
ACME Enterprise
28. §⯠ACME has grown organically through a policy of acquisitions and
mergers over the past few years.
§⯠Use of private (RFC 1918) and/or illegal IPv4 address blocks, NAT is
widely used. This is negatively impacting the behaviour of some
enterprise applications.
§⯠ACME has decided to strategically deploy IPv6 within the ACME
enterprise network. This will enable applications and services to be
moved from IPv4 to IPv6 on a case-by-case basis
§⯠For its WAN connectivity, ACME enterprise uses the MPLS VPN service
offered by ACME ISP.
ACME Enterprise Current State of the Network
29. §⯠ACME ISP is a RIPE member and have been allocated a /19 IPv6
address block. ACME Enterprise has been provided 2014:1b2::/32
from its ISP. ACME ISP will be interconnecting all the IPv6 locations of
the ACME enterprise network.
§⯠The most important requirements for the IPv6 addressing design are for
it to be highly hierarchical, uniform and scalable. This will greatly
simplify the design, operation and troubleshooting of the network.
ACME Enterprise IPv6 High Level Requirements
30. §⯠As a general rule, ACME would like to use byte (8-bit)-boundaries
between the different hierarchies of the IPv6 addressing. HINT!!!
§⯠At the first level, the addressing scheme needs to support at least 37
countries (HINT!!!). Also some address blocks should be reserved for
future growth in the larger countries.
§⯠At the second level (within each country), there are a number of
campus locations. It is at this level that connectivity into the ACME ISP
network is provided. The largest country has about 40 campus
locations (HINT!!!).
ACME Enterprise Detail Requirements
31. §⯠At the third level (within each campus location), the number of
buildings within each campus (4-6 maximum). Therefore, allocating
these blocks on a byte boundary is deemed as overkill. A nibble (4-bit)
boundary will suffice here. HINT!!!
§⯠A separate âvirtual buildingâ address block needs to be set aside for
network infrastructure addressing within that campus location.
§⯠At the forth level (within each building), individual IPv6 subnets need to
be assigned to individual VLANs.
§⯠An additional requirement is to divide up the network infrastructure
block in ranges for loopback, link and network services addressing.
ACME Enterprise Detail Requirements (Cont.)
32. §⯠Design an IPv6 address plan for ACME enterprise applying with what
you have learned in this session and the mentioned HINTS.
§⯠Work top-down through the address plan.
§⯠Focus first on the end-system addressing.
§⯠Think about the network infrastructure addressing
§⯠There are multiple acceptable solutions, itâs more important to think
about the problem and apply the methodology.
Building An Address Plan For ACME Enterprise (Tasks)
37. Cisco IPv6 Services
A Phased-Plan Approach for Successful IPv6 Adoption
IPv6 Assessment Service
â˘âŻ Determine how your network needs to change to support your IPv6 strategy
IPv6 Discovery Service
â˘âŻ Guidance in the early stages of considering a transition to IPv6
IPv6 Planning and Design Service
â˘âŻ Designs, transition strategy, and support to enable a smooth migration
IPv6 Implementation Service
â˘âŻ Validation testing and implementation consulting services
Network Optimization Service
â˘âŻ Absorb, manage, and scale IPv6 in your environment
38. â˘âŻ Gain Operational Experience now
â˘âŻ IPv6 is already here and running well
â˘âŻ Control IPv6 traffic as you would IPv4
â˘âŻ âPokeâ your Providerâs
â˘âŻ Lead your OT/LOBâs into the Internet
Key Take Away