Project

General

Profile

Commonly used IPv6 networks » History » Version 13

Nico Schottelius, 03/25/2021 09:07 AM

1 1 Nico Schottelius
h1. Commonly used IPv6 networks
2
3 3 Nico Schottelius
h2. By ungleich
4
5 1 Nico Schottelius
Assuming that you have a /48 per location/site, there are some specific /64 sub networks that we usually use at ungleich.
6 4 Nico Schottelius
As an example let's take **2001:db8:a::/48**, then the we often use these networks:
7 1 Nico Schottelius
8 11 Nico Schottelius
h3. Typical IPv6 plan from ungleich
9
10 1 Nico Schottelius
| Network | Description |
11 6 Nico Schottelius
| 2001:db8:a::/64 | The network 0 is usually internal |
12 8 Nico Schottelius
| | For netboot, untrusted equipment, IPMI and co. Usually firewall for no incoming traffic at all |
13
| 2001:db8:a:1::/64 | Servers, sensible equipment: stuff we trust ssh is safe |
14 7 Nico Schottelius
| | For accessing servers, usually only port 22 (ssh) or an alternative SSH port (222,2202,2222) open |
15 9 Nico Schottelius
| 2001:db8:a:8::/64 | Transfer network |
16 10 Nico Schottelius
| | For routing, might contain /124 or smaller sub networks for "point to point" |
17 5 Nico Schottelius
| 2001:db8:a:a::/64 | DNS network: houses DNS servers in the network.  |
18 1 Nico Schottelius
| | Regular DNS servers are usually 2001:db8:a:a::a and 2001:db8:a:a::b |
19
| | DNS64 enabled servers are usually 2001:db8:a:a::64 and 2001:db8:a:a::65 |
20 6 Nico Schottelius
| 2001:db8:a:bee::/64 | LAN network: usually wifi/coworking |
21 7 Nico Schottelius
| | "bee" is something people can easily pronounce; ssh open from outside |
22 6 Nico Schottelius
| 2001:db8:a:cafe::/64 | LAN network: usually wired/regular clients |
23 9 Nico Schottelius
| 2001:db8:a:d::/64 | Downstream network: routing to physically present downstreams |
24
| 2001:db8:a:d::/80 | Static IP addresses OUR side |
25
| 2001:db8:a:d:1::/80 | Static IP addresses DOWNSTREAM |
26 6 Nico Schottelius
| 2001:db8:a:7ea::/64 | LAN network: Usually 2nd wifi network |
27 2 Nico Schottelius
| 2001:db8:a:b00::/96 | Incoming NAT64 prefix: mapping IPv4 islands: 2001:db8:a:b00::192.168.1.1 is IPv6 reachable |
28 13 Nico Schottelius
| 2001:db8:a:c00::/96 | 2nd Incoming NAT64 prefix: use this if one of them is stateful, the other one is stateless |
29 2 Nico Schottelius
| 2001:db8:a:c001::/96 | Outgoing NAT64 prefix: mapping the IPv4 Internet, allowing IPv6 only hosts to reach the IPv4 Internet |
30 3 Nico Schottelius
31 11 Nico Schottelius
h3. IPv6 address guidelines
32
33
* /124s are nice to read as they cut off the last byte
34
* When using a /96 to access from or to the IPv4 Internet, reserve the whole /64
35 12 Nico Schottelius
* When sub dividing a /64 on a VM/server, use /80's (nibble boundaries)
36 11 Nico Schottelius
* */64: When in doubt, take a /64*
37
* /48's work great per location or customer
38
** No need to use a bigger network, even if you have space
39
* VPN concentrators / routers usually need /40 or /32 to redistribute /48's
40
41 3 Nico Schottelius
h2. In other places
42
43
* "Address plan from Peter H. Jin":https://www.peterjin.org/wiki/Peterjin.org:IP_Addressing_Plans
44 11 Nico Schottelius
* "IPv6 addressing plans (from a RIPE meeting)":https://meetings.ripe.net/see2/files/IPv6%20Addressing%20Plans.pdf