ipv6 address and deployment planning
TRANSCRIPT
Objectives
After this session, you should be able to:
• Get an idea about IPv6 address
• Understand the value of an IPv6 address plan
• Plan how you will assign IPv6 subnets
• Estimate the IPv6 addressing needs of your network
• Subnet an IPv6 prefix
bdNOG 3, Dhaka, Bangladesh [email protected] 2
Why We Need an IPv6 Address Plan?
• Routing tables can be smaller and more efficient
• Security policies can be easier to implement
• Application policies can be implemented
• Network management/provisioning can be easier
• Troubleshooting can be easier, particularly with visual identification
• Easier scaling as more devices or locations are added
bdNOG 3, Dhaka, Bangladesh [email protected] 3
Philosophy Change
IPv4
• Conserve (Limited address space)
• How many addresses do I need?
IPv6
• Aggregate (Huge address space)
• How many subnets do I need?
bdNOG 3, Dhaka, Bangladesh [email protected] 4
IPv6 Address Distribution
bdNOG 3, Dhaka, Bangladesh [email protected] 5
IANA
RIR
LIR
Org.
/3
/12
/32
/48 /48/60
Assignments to customers
• How many subnets do I give my customers?• /64 (1 subnet)• /60 (16 subnets)• /56 (256 subnets)• /52 (4096 subnets)• /48 (65536 subnets)
bdNOG 3, Dhaka, Bangladesh [email protected] 6
Default Allocation size = /32
• How many assignments can I make ?• 4 billion /64’s• 268 million /60’s• 17 million /56’s• 1million /52’s• 65536 /48’s
bdNOG 3, Dhaka, Bangladesh [email protected] 7
Subnetting
• Why do we do subnetting?• IPv4: Conserve address space
• IPv6: planning and optimization for routing and security
• Subnets vs hosts – number of hosts irrelevant in IPv6• There will rarely be a need to expand a /64 subnet (264 hosts)
• 264 = 18,446,744,073,709,551,616 hosts
bdNOG 3, Dhaka, Bangladesh [email protected] 8
IPv6 Prefix
2001:db8:2468:1c5:23a7:1357:331c:a5b
bdNOG 3, Dhaka, Bangladesh [email protected] 9
/16
/32
/48
Host (/64)
A Typical Host Address
2001:db8:2468:1c5:23a7:1357:331c:a5b
bdNOG 3, Dhaka, Bangladesh [email protected] 10
Prefix (/64)
Host (/64)
/32 Prefix
2001:db8:1234:5678:23a7:2e19:331c:a5b
bdNOG 3, Dhaka, Bangladesh [email protected] 11
Prefix (/32)
Host (/64)
Subnet (32 Bits)
/48 Prefix
bdNOG 3, Dhaka, Bangladesh [email protected] 12
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/48)
Host (/64)
Subnet (16 Bits)
Common Subnet Prefixes
bdNOG 3, Dhaka, Bangladesh [email protected] 13
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/52) Subnet (12 Bits)
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/56) Subnet (8 Bits)
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/60) Subnet (4 Bits)
"Nibbles" Boundaries
• A "nibble" is one hexadecimal digit (or 4 bits)
• You don't have to subnet based on nibbles. You can use other prefixes, ex. /49, /51, /55 etc.
• But it is MUCH easier to identify addresses if you do
bdNOG 3, Dhaka, Bangladesh [email protected] 14
Hex: 1234
Binary: 0001001000110100
If /x is a multiple of 4
bdNOG 3, Dhaka, Bangladesh [email protected] 15
0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 0 0 1 0 d b 8 1 2 3 4 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0
/4848 fixed bits 80 freely variable bits
12 fixed hex digits 20 hex digits can take any values
: : : : : : :
0 0 0 0
0
If /x is NOT a multiple of 4
bdNOG 3, Dhaka, Bangladesh [email protected] 16
0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
2 0 0 1 0 d b 8 1 2 3 4 8 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0
/ 50
1 hex digitcan only takecertain values!example: 8, 9, a or b
: : : : : : :
50 fixed bits 78 freely variable bits
12 fixedhex digits
19 hex digitscan take any values
Only certain hex values possible
bdNOG 3, Dhaka, Bangladesh [email protected] 17
1 0 0 0
Fixed bits Variable bits
8
1 0 0 0
1 0 0 1
1 0 1 0
1 0 1 1
8, 9 , a or b only!
Subnet at Nibble Boundaries
bdNOG 3, Dhaka, Bangladesh [email protected] 18
2001:db8:1234:1000::/56
Prefix (/48) Subnet (16 Bits)
2001:db8:1234:1f00::/56
2001:db8:1234:1100::/562001:db8:1234:1200::/56......
Subnet not at Nibble Boundaries
bdNOG 3, Dhaka, Bangladesh [email protected] 19
2001:db8:0001:8000::/50
Prefix (/50) Subnet (14 Bits)
2001:db8:1234:b000::/50
2001:db8:1234:9000::/502001:db8:1234:a000::/50
“Easy” & “complicated” ranges
•2001:db8:7::/48• 2001:db8:7:xxxx:xxxx:xxxx:xxxx:xxxx
•2001:db8:7:8000::/50• 2001:db8:7:8xxx:xxxx:xxxx:xxxx:xxxx• 2001:db8:7:9xxx:xxxx:xxxx:xxxx:xxxx• 2001:db8:7:axxx:xxxx:xxxx:xxxx:xxxx• 2001:db8:7:bxxx:xxxx:xxxx:xxxx:xxxx
bdNOG 3, Dhaka, Bangladesh [email protected] 20
Key Point: Focus on the 16 bits (4 Nibbles)
bdNOG 3, Dhaka, Bangladesh [email protected] 21
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/48)
Host (/64)
Subnet (16 Bits)
Next Step: Plan Your Subnet Scheme
• Multiple ways to use the 4 nibbles (assuming a /48)
• Plan nibbles by:• Region and site
• Location
• Use type (ex. employees, students, guests)
• Business units
• Applications (ex. data, voice, video)
• Combinations of some of the above
• THERE IS NO ONE RIGHT ANSWER!• Will depend upon your site and your objectives
bdNOG 3, Dhaka, Bangladesh [email protected] 22
Planning Considerations
• Do you want to optimize for your security policies?• Do you want to make it easy for firewalls to filter based on… location?
user type? applications?
• Do you want to optimize for router policies and performance?• Do you want to have the smallest and most efficient routing table
possible?
• Do you have a higher or lower quantity of certain types of objects?• For example, do you only have 2 locations but 20 types of applications?
bdNOG 3, Dhaka, Bangladesh [email protected] 23
Example: ISP with /32 Prefix (I)
• Parent Block: 2402:f500::/32
• Starting with Location (Region/Division):• Dhaka 2402:f500:1000::/36
• Chittagong 2402:f500:2000::/36
• Khulna 2402:f500:3000::/36
• Rajshahi 2402:f500:4000::/36
• Sylhet 2402:f500:5000::/36
• Barisal 2402:f500:6000::/36
• So on and so forth…
bdNOG 3, Dhaka, Bangladesh [email protected] 24
Example: ISP with /32 Prefix (II)
• Then the PoP (Region – Distribution PoP):• Dhaka - UGC 2402:f500:1000::/40• Dhaka - BUET 2402:f500:1100::/40• Dhaka - NSU 2402:f500:1200::/40• Dhaka - NU 2402:f500:1300::/40• So on and so forth…
• Then the Site (Region – Distribution PoP – Edge Router):• Dhaka – BUET – BUET 2402:f500:1100::/44• Dhaka – BUET – DU 2402:f500:1110::/44• Dhaka – BUET – BSMMU 2402:f500:1120::/44• Dhaka – BUET – JNU 2402:f500:1130::/44• So on and so forth…
bdNOG 3, Dhaka, Bangladesh [email protected] 25
Example: ISP with /32 Prefix (III)
• Infrastructure and Customer Assignment: /48 • Infrastructure 2402:f500:1110::/48
• Peering 2402:f500:1110:0000::/52
• Loopback 2402:f500:1110:1000::/52
• Server 2402:f500:1110:2000::/52
• Customer 1 2402:f500:1111::/48
• Customer 2 2402:f500:1112::/48
• Customer 3 2402:f500:1113::/48
• Customer 4 2402:f500:1114::/48
• So on and so forth
bdNOG 3, Dhaka, Bangladesh [email protected] 26
Example #1: Location and Use Type
bdNOG 3, Dhaka, Bangladesh [email protected] 27
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/48) Subnet (16 Bits)
Location (16):• Building 1• Building 2• Building 3
Use Type (16):• Employees• Servers• Infrastructure
IndividualNetworks (256):• LAN• Interface
Example #2: Locations (many) and Use Type
bdNOG 3, Dhaka, Bangladesh [email protected] 28
2001:db8:1234:5678:23a7:2e91:331c:a5b
Prefix (/48) Subnet (16 Bits)
Location (256):• Building 1• Building 2• Building 3
Use Type (16):• Employees• Servers• Infrastructure
IndividualNetworks (16):• LAN• Interface
Example #3 – Business Units First (I)
• Start by allocating based on business units:• Corporate: 2001:db8:1a:0000::/52
• Finance: 2001:db8:1a:1000::/52
• Marketing: 2001:db8:1a:2000::/52
• Engineering: 2001:db8:1a:3000::/52
• Customer Support: 2001:db8:1a:4000::/52
• Then allocate on applications (here for one unit):• Engineering - Data: 2001:db8:1a:3000::/56
• Engineering - Voice: 2001:db8:1a:3200::/56
• Engineering - Video: 2001:db8:1a:3400::/56
• Engineering - Wireless: 2001:db8:1a:3800::/56
• Engineering - Management: 2001:db8:1a:3c00::/56
bdNOG 3, Dhaka, Bangladesh [email protected] 29
Example #3 – Business Units First (II)
• Next allocate based on region (here for "Data"):• Engineering - Data – Eastern region: 2001:db8:1a:3000::/60
• Engineering - Data – Northern region: 2001:db8:1a:3080::/60
• Engineering - Data – Western region: 2001:db8:1a:3040::/60
• Engineering - Data – Southern region: 2001:db8:1a:30c0::/60
• Then allocate on individual sites:• Engineering - Data - Northern region - Site 0: 2001:db8:1a:3080::/64
• Engineering - Data - Northern region - Site 1: 2001:db8:1a:3081::/64
• Engineering - Data - Northern region - Site 2: 2001:db8:1a:3082::/64
bdNOG 3, Dhaka, Bangladesh [email protected] 30
Example #4 – Applications First (I)
• Start by allocating based on applications:• Data: 2001:db8:1a:0000::/52
• Voice: 2001:db8:1a:8000::/52
• Video: 2001:db8:1a:4000::/52
• Wireless: 2001:db8:1a:c000::/52
• Management: 2001:db8:1a:2000::/52
• Then allocate on regions (here for one unit):• Voice – Eastern region: 2001:db8:1a:8000::/56
• Voice – Northern region: 2001:db8:1a:8800::/56
• Voice – Western region: 2001:db8:1a:8400::/56
• Voice – Southern region: 2001:db8:1a:8c00::/56
bdNOG 3, Dhaka, Bangladesh [email protected] 31
Example #4 – Applications First (II)
• Next allocate based on business unit:• Voice – Southern region – Corporate: 2001:db8:1a:8c00::/60
• Voice – Southern region – Finance: 2001:db8:1a:8c10::/60
• Voice – Southern region – Marketing: 2001:db8:1a:8c20::/60
• Voice – Southern region – Engineering: 2001:db8:1a:8c30::/60
• Voice – Southern region – Cust Support: 2001:db8:1a:8c40::/60
• Then finally on individual sites:• Voice – Southern– Marketing – Site 1: 2001:db8:1a:8c2a::/64
• Voice – Southern– Marketing – Site 2: 2001:db8:1a:8c29::/64
• Voice – Southern– Marketing – Site 3: 2001:db8:1a:8c2e::/64
bdNOG 3, Dhaka, Bangladesh [email protected] 32
Make an addressing plan (I)
•Number of hosts is irrelevant
•Multiple /48s per pop can be used
• Separate blocks for infrastructure and customers
• /64 for all subnets• autoconfiguration works• less typo errors because of simplicity
bdNOG 3, Dhaka, Bangladesh [email protected] 33
Make an addressing plan (II)
•Routers:• Give all routers the same size block (Typically /56 or /52)• Minimum: One /64 per interface• Allow for more interfaces in future
•VLAN Numbers• Organization may already have location/type planned into
VLANs
bdNOG 3, Dhaka, Bangladesh [email protected] 34
Make an addressing plan (III)
•Use one /64 block (per site) for loopbacks• One /128 per device
•Point-to-Point Connections• Reserve a /64, assign a /127
bdNOG 3, Dhaka, Bangladesh [email protected] 35
Subnet Numbering: Planning For Growth
• Multiple ways for numbering individual subnets:
• Numerical (monotonic) – just increment by 1:• 2001:db8:1234:0000::/64
• 2001:db8:1234:1000::/64
• 2001:db3:1234:2000::/64
• Sparse allocation (RFC 3531)• 2001:db8:1234:0000::/64
• 2001:db8:1234:8000::/64
• 2001:db3:1234:4000::/64
• Random allocation• Randomly choose numbers
bdNOG 3, Dhaka, Bangladesh [email protected] 36
Calculating Requirement of Subnet
• Determine primary factor you want to use• Ex. location
• Determine number of needed groups• Ex. 15 locations, 2 administrative groups, 5 future = 22 total
• Round up to nearest nibble• Ex. 22 would fit within 2 nibbles (256 values)
• Decide what to do with remaining nibbles (if any)• Continue subnetting with a secondary factor
• Don't subdivide and just have large subnets
bdNOG 3, Dhaka, Bangladesh [email protected] 37
Servers
• For servers you want manual configuration
•Use port numbers for addresses
bdNOG 3, Dhaka, Bangladesh [email protected] 38
- DNS Server: 2001:db8:1234:5678::53- Web Server: 2001:db8:1234:5678::80- POP Server: 2001:db8:1234:5678::110- etc…
Customer assignments
• Give your customers enough addresses• Up to a /48• Register every assignment in the APNIC whois database
•Customers and their /48• Customers have no idea how to handle 65536 subnets!• Give them information
bdNOG 3, Dhaka, Bangladesh [email protected] 39
IPv6 Address Management
• Your Excel sheet might not scale• There are 65,536 /48s in a /32
• There are 65,536 /64s in a /48
• There are 16,777,216 /56s in a /32
• Find a suitable IPAM solution• Free: GestióIP, NIPAP, TeamIp, phpIPAM, NOC Project, NetDot,
HaCi, IPplan, 6Connect, Infoblox
• Commercial: Infoblox, BlueCat, SolarWinds, Crypton, BTDiamondIP, Icognito, EfficientIP, Men and Mice
bdNOG 3, Dhaka, Bangladesh [email protected] 40
Case Study: BdREN
IPv6 Address (2402:F500::/32)
bdNOG 3, Dhaka, Bangladesh [email protected] 42
2402 F500 Host (/64)0000 0000
Subnet (32 Bits)
Subnet (16 Bits)
Subnet Plan (/48)
bdNOG 3, Dhaka, Bangladesh [email protected] 43
2402 F500 Host (/64)0000 0000
Region (16):Dhaka: 1Chittagong: 2Khulna: 3So on…
PoP (16):UGC: 1BUET: 2NU: 3So on…
Client (256)SBAU: 1JU: 2BUTex: 3So on…
Client Assignment (/48)
bdNOG 3, Dhaka, Bangladesh [email protected] 44
2402 F500 /481202
Region (16) – Distribution PoP (16) – Edge Router(256)
Dhaka – BUET – DU
Client AssignmentRegion Distribution PoP Client Assignment
Dhaka(2402:F500:1000::/36)
UGC(2402:F500:1000::/40)
BdREN 2402:F500:1000::/48
SAU 2402:F500:1002::/48
JU 2402:F500:1004::/48
BUTex 2402:F500:1006::/48
BUET(2402:F500:1100::/40)
BUET 2402:F500:1100::/48
DU 2402:F500:1102::/48
BSMMU 2402:F500:1104::/48
JNU 2402:F500:1106::/48
BUP 2402:F500:1108::/48
NU(2402:F500:1200::/40)
NU 2402:F500:1200::/48
BOU 2402:F500:1202::/48
DUET 2402:F500:1204::/48
BSMRAU 2402:F500:1206::/48
bdNOG 3, Dhaka, Bangladesh [email protected] 45
Facts and Challenges
Facts:• BdREN is a green field
• All the equipment are brand new, supports IPv6
• BdREN has limited IPv4 addresses
• Does not deals with CPEs, less hassle
• No DHCPv6 or NAT64 issues
Challenges:• Lack of expertise in IPv6 address planning
• Trials and errors
• Dual stack from day 1
bdNOG 3, Dhaka, Bangladesh [email protected] 46
Case Study: JU
IPv6 Address (2402:F500:1004::/48)
bdNOG 3, Dhaka, Bangladesh [email protected] 48
2402 F500 Host (/64)1004 0000
Subnet (16 Bits)
Subnet Plan (/64)
bdNOG 3, Dhaka, Bangladesh [email protected] 49
2402 F500 Host (/64)1004 0000
Service (16):Data: 1Voice: 2Wi-Fi: 3So on…
Dept. (256):Physics: 1Math: 2MMH Hall: 3So on…
0105
Subnet Plan (/64)
bdNOG 3, Dhaka, Bangladesh [email protected] 50
Service (16) – Department (256) – Building (16)
Data – Physics
2402 F500 Host (/64)1004
Address Plan: Before
bdNOG 3, Dhaka, Bangladesh [email protected] 51
Description Summary IPv6 Address VLAN
Physics Building 10.1.0.0/16 10
Chemistry Building 10.2.0.0/16 20
Admin Building 10.3.0.0/16 30
… … … … … … … … …
… … … … … … … … …
• IPv4 only without proper plan
• Wi-Fi was provided with stand-alone Wireless Router with DHCP
• Mostly manual addressing, no DHCP for wired users
Address Plan: After
bdNOG 3, Dhaka, Bangladesh [email protected] 52
Category Description Summary IPv6 Address VLANInfrastructure
192.168.0.0/162402:F500:1004:0000::/52
Loopback 192.168.10.0/24 2402:F500:1004:0000::/60
Point to point 192.168.20.0/24 2402:F500:1004:0010::/60
Remote Access 192.168.30.0/24 2402:F500:1004:0020::/60 100
… … … … … … … … … … … …
Service10.0.0.0/8
2402:F500:1004:1000::/52
Wired User 10.10.0.0/16 2402:F500:1004:1100::/56 10
Wireless User 10.20.0.0/16 2402:F500:1004:1200::/56 20
Voice 10.30.0.0/16 2402:F500:1004:1300::/56 30
Server Firm 10.40.0.0/16 2402:F500:1004:1400::/56 40
Surveillance 10.50.0.0/16 2402:F500:1004:1500::/56 50
Facility 10.60.0.0/16 2402:F500:1004:1600::/56 60
… … … … … … … … … … … …
Migration
Step 1: Survey and Analysis• Any change required in current Network/Connectivity?
• Minor change to make it a hierarchical fashion
• Any equipment that doesn’t support IPv6?• Upgrading OS
• Replacing with new one
• No change required
• VLAN and IPv4 plan changed?• Before: Building-wise
• After: Service-wise
• Prepare IPv6 plan• Similar plan as IPv4
• Dual-Stack
bdNOG 3, Dhaka, Bangladesh [email protected] 53
Migration
Step 2: Configuration (Ongoing)• Started with WAN/Upstream connectivity
• P2P Peering• Static and default route• Configuration test
• Step by step towards access• Core• Distribution• Edge• Configuration test
• Test from user PC• Wired user• Manual IPv6 address
• DHCPv6• Separate server• Stateful
bdNOG 3, Dhaka, Bangladesh [email protected] 54
Challenges in General
• IPv4 inertia• We think IPv4 is running fine
• IPv6 seems complicated
• Some thinks they have enough IPv4 addresses, why IPv6?
• Lack of expertise• Fear to learn IPv6
• Less hands-on experience
• Incapability/Incompatibility of devices and CPEs• Upgrade OS
• Purchase new equipment
• Involves cost
bdNOG 3, Dhaka, Bangladesh [email protected] 55
Recommendations
• Play with the whole block, don’t take a small portion
• Ensure that all prefixes fall on nibble boundaries
• Plan a hierarchical scheme for easy aggregation or enforcement of policies
• Allocate /64 prefixes for all end subnets
• Consider scalability and future potential growth
• Think about how well your plan might handle renumbering
• Document your planning thoroughly
bdNOG 3, Dhaka, Bangladesh [email protected] 56
Reference and Useful Information
• Internet Society Deploy360 Program• http://www.internetsociety.org/deploy360/ipv6/basics/
• http://www.internetsociety.org/deploy360/resources/ipv6-address-planning/
• http://www.getipv6.info/
• http://www.ipv6actnow.org/
• http://datatracker.ietf.org/wg/v6ops/
• http://www.ripe.net/ripe/docs/ripe-554.html
• https://www.ripe.net/lir-services/training/material/IPv6-for-LIRs-Training-Course/Preparing-an-IPv6-Addressing-Plan.pdf
bdNOG 3, Dhaka, Bangladesh [email protected] 57
Question?
bdNOG 3, Dhaka, Bangladesh [email protected] 58