Here’s the fourth and final installment of my four-part blog on creating an IPv6 addressing plan.
Assigning Function and Location Significance to IPv6 Subnets
As mentioned, one major benefit resulting from the abundance of IPv6 addresses is the ability to assign function and location significance to groups of subnets derived from any larger allocation. While this technique works for any size allocation, we’ll continue our focus on the /48 allocation typical for one site.
Groups of subnets with function or location significance can allow for easier route aggregation and more manageable design and enforcement of security policy. Having geographic or functional significance encoded into a group of subnets can also improve operational efficiency.
The first step for this technique is to choose a group of networks derived from our overall assignment for the site (in this case, a /48). These networks become the primary group of subnets and will be assigned function or location significance based on the requirements of the site.
Recalling our campus LAN example from earlier, most sites will have functions defined by groups of segments distributed across the entire site. With logical and well-defined boundaries between groups of subnets per function, security policy will be much easier to plan and administer. Thus, for most sites it’s usually preferable to assign a group of primary subnets functional significance.
In this example, the characters in brackets represent individual bits rather than hexadecimal values with “F” indicating function significance (while the bits denoted by X are reserved for the /64s in each function and location group).
Thus, this example shows a subnet-grouping scheme that would support up to 16 functions:
With 4,096 /64 networks per function:
By contrast, if the site contains many sub-sites whose individual assignments will be aggregated at the parent site level (perhaps to allow individual intra-site location control of subnet definition and assignment) the primary group of subnets would be assigned location significance:
In this example, the characters in brackets represent individual bits rather than hexadecimal values with “L” and “F” indicating location and function significance respectively. The bits denoted by “X” are reserved for the /64s in each location and function group (and the prefix length “NN” is unspecified for now).
Thus, this example shows a subnet-grouping scheme that would support up to 16 locations:
With up to 16 functions per location:
And 256 /64 networks per function:
This design choice makes sense where the groups of subnets defined and assigned to multiple locations will be aggregated and announced to an upstream (e.g., an ISP, into the core of a large enterprise network, or a hosting service).
Here’s an example of a fictional hosting service, CloudCo, that has chosen to encode location then functional significance into their IPv6 subnet assignments (figure 5).
Hopefully, that’s enough useful information to help facilitate your IPv6 addressing plan. I’m looking forward to any questions or comments you might have as well as your addressing plan experiences with IPv6!
