ipv6

h1. Commonly used IPv6 networks

h2. By ungleich

Assuming that you have a /48 per location/site, there are some specific /64 sub networks that we usually use at ungleich.

As an example let's take **2001:db8:a::/48**, then the we often use these networks:

h3. Typical IPv6 plan from ungleich

* Assuming 2001:db8:a::/48 as a base network

| Network | Description |

| 2001:db8:a::/64 | The network 0 is usually internal |

| | For netboot, untrusted equipment, IPMI and co. Usually firewall for no incoming traffic at all |

| 2001:db8:a:1::/64 | Servers, sensible equipment: stuff we trust ssh is safe |

| | For accessing servers, usually only port 22 (ssh) or an alternative SSH port (222,2202,2222) open |

| 2001:db8:a:8::/64 | Transfer network |

| | For routing, might contain /124 or smaller sub networks for "point to point" |

| 2001:db8:a:a::/64 | DNS network: houses DNS servers in the network.  |

| | Regular DNS servers are usually 2001:db8:a:a::a and 2001:db8:a:a::b |

| | DNS64 enabled servers are usually 2001:db8:a:a::64 and 2001:db8:a:a::65 |

| 2001:db8:a:bee::/64 | LAN network: usually wifi/coworking |

| | "bee" is something people can easily pronounce; ssh open from outside |

| 2001:db8:a:cafe::/64 | LAN network: usually wired/regular clients |

| 2001:db8:a:d::/64 | Downstream network: routing to physically present downstreams |

| 2001:db8:a:d::/80 | Static IP addresses OUR side |

| 2001:db8:a:d:1::/80 | Static IP addresses DOWNSTREAM |

| 2001:db8:a:7ea::/64 | LAN network: Usually 2nd wifi network |

| 2001:db8:a:b00::/96 | Incoming NAT64 prefix: mapping IPv4 islands: 2001:db8:a:b00::192.168.1.1 is IPv6 reachable |

| 2001:db8:a:c00::/96 | 2nd Incoming NAT64 prefix: use this if one of them is stateful, the other one is stateless |

| 2001:db8:a:c001::/96 | Outgoing NAT64 prefix: mapping the IPv4 Internet, allowing IPv6 only hosts to reach the IPv4 Internet |

| 2001:db8:a:x::10::/79 | Kubernets cluster 1 |

| 2001:db8:a:x::10::/108 | Kubernets pod sub network 1 |

| 2001:db8:a:x::11::/108 | Kubernets service sub network 1 |

| 2001:db8:a:x::12::/79 | Kubernets cluster 2 |

| 2001:db8:a:x::12::/108 | Kubernets pod sub network 2 |

| 2001:db8:a:x::13::/108 | Kubernets service sub network 2 |

| 2001:db8:a:x::14::/79 | Kubernets cluster 3 |

| 2001:db8:a:x::14::/108 | Kubernets pod sub network 3 |

| 2001:db8:a:x::15::/108 | Kubernets service sub network 3 |

h3. IPv6 address guidelines

* /124s are nice to read as they cut off the last byte

* When using a /96 to access from or to the IPv4 Internet, reserve the whole /64

* When sub dividing a /64 on a VM/server, use /80's (nibble boundaries)

* */64: When in doubt, take a /64*

* /48's work great per location or customer

** No need to use a bigger network, even if you have space

* VPN concentrators / routers usually need /40 or /32 to redistribute /48's

h2. In other places

* "Address plan from Peter H. Jin":https://www.peterjin.org/wiki/Peterjin.org:IP_Addressing_Plans

* "IPv6 addressing plans (from a RIPE meeting)":https://meetings.ripe.net/see2/files/IPv6%20Addressing%20Plans.pdf