Project

General

Profile

Actions

Commonly used IPv6 networks » History » Revision 13

« Previous | Revision 13/19 (diff) | Next »
Nico Schottelius, 03/25/2021 09:07 AM


Commonly used IPv6 networks

By ungleich

Assuming that you have a /48 per location/site, there are some specific /64 sub networks that we usually use at ungleich.
As an example let's take 2001:db8:a::/48, then the we often use these networks:

Typical IPv6 plan from ungleich

Network Description
2001:db8:a::/64 The network 0 is usually internal
For netboot, untrusted equipment, IPMI and co. Usually firewall for no incoming traffic at all
2001:db8:a:1::/64 Servers, sensible equipment: stuff we trust ssh is safe
For accessing servers, usually only port 22 (ssh) or an alternative SSH port (222,2202,2222) open
2001:db8:a:8::/64 Transfer network
For routing, might contain /124 or smaller sub networks for "point to point"
2001:db8:a:a::/64 DNS network: houses DNS servers in the network.
Regular DNS servers are usually 2001:db8:a:a::a and 2001:db8:a:a::b
DNS64 enabled servers are usually 2001:db8:a:a::64 and 2001:db8:a:a::65
2001:db8:a:bee::/64 LAN network: usually wifi/coworking
"bee" is something people can easily pronounce; ssh open from outside
2001:db8:a:cafe::/64 LAN network: usually wired/regular clients
2001:db8:a:d::/64 Downstream network: routing to physically present downstreams
2001:db8:a:d::/80 Static IP addresses OUR side
2001:db8:a:d:1::/80 Static IP addresses DOWNSTREAM
2001:db8:a:7ea::/64 LAN network: Usually 2nd wifi network
2001:db8:a:b00::/96 Incoming NAT64 prefix: mapping IPv4 islands: 2001:db8:a:b00::192.168.1.1 is IPv6 reachable
2001:db8:a:c00::/96 2nd Incoming NAT64 prefix: use this if one of them is stateful, the other one is stateless
2001:db8:a:c001::/96 Outgoing NAT64 prefix: mapping the IPv4 Internet, allowing IPv6 only hosts to reach the IPv4 Internet

IPv6 address guidelines

  • /124s are nice to read as they cut off the last byte
  • When using a /96 to access from or to the IPv4 Internet, reserve the whole /64
  • When sub dividing a /64 on a VM/server, use /80's (nibble boundaries)
  • /64: When in doubt, take a /64
  • /48's work great per location or customer
    • No need to use a bigger network, even if you have space
  • VPN concentrators / routers usually need /40 or /32 to redistribute /48's

In other places

Updated by Nico Schottelius almost 4 years ago · 13 revisions