Friday, October 23, 2015

IPv6 Simplifying Subnetting


by Craig Miller

Simplifying Subnetting

Network prefix always /64
Another key difference of IPv6 is no more variable length subnetting. There has been an entire industry build up around what address boundaries does a /26 have. Be prepared to file that info away, because IPv6 has a fixed length subnet (or prefix). It is always /64, end of story.

Wasting address space?

The biggest complaint I hear from experienced IPv4-ers is that a /64 is a waste of address space. And in a way it is, but who cares? Part of the mind-shift that needs to happen when working with IPv6 is to shake off the shackles of conserving address space. Allocating 264 addresses per subnet is a lot of addresses. More than the entire IPv4 address space, in each subnet. But remember there are also  264 networks available.

How Big is it?

The best example I have heard to explain just how big the IPv6 address space is, is this:
If the entire IPv4 address is equal to 1 meter (a little longer than a yard), then the entire address space of IPv6 is 18 trillion light-years.

That is a lot of address space. There may come a day when we earthlings will have to move to a different addressing scheme, but it won't be in your life time.

Simplifying with /64

The key advantage of using a /64 everywhere (even point to point links) is that it greatly simplifies your network planning. If everything is a /64, then SLAAC works everywhere! This means everything can acquire a global routable address auto-magically.

Trying to conserve address space, by using something other than a /64, will break SLAAC, and you will find that your network is still complex, and you have missed a golden opportunity to simplify your network. Remember, a simpler network is easier to troubleshoot, which translates to faster resolution times, and at the end of the day, saving money.

Another advantage of using /64 is that it prevents some of the attacks from the IPv4 days. Try running nmap on your /64 subnet. You will never find all, or even 10% of the hosts on the subnet. You can't just scan every address in the subnet. It will take months, and with Temporary Addresses (RFC 4941) hosts will change addresses before you even scan them.

Land of Plenty

Go ahead and plan your next generation network with /64s. It may seem decadent at first, but it will pay real dividends for the rest of your life.



No comments:

Post a Comment