Commonly used IPv6 networks » History » Revision 17
Revision 16 (Nico Schottelius, 11/28/2021 08:34 PM) → Revision 17/19 (Nico Schottelius, 07/08/2022 07:33 PM)
h1. Commonly used IPv6 networks
h2. By ungleich
Assuming that you have a /48 per location/site, there are some specific /64 sub networks that we usually use at ungleich.
As an example let's take **2001:db8:a::/48**, then the we often use these networks:
h3. Typical IPv6 plan from ungleich
* Assuming 2001:db8:a::/48 as a base network
| Network | Description |
| 2001:db8:a::/64 | The network 0 is usually internal |
| | For netboot, untrusted equipment, IPMI and co. Usually firewall for no incoming traffic at all |
| 2001:db8:a:1::/64 | Servers, sensible equipment: stuff we trust ssh is safe |
| | For accessing servers, usually only port 22 (ssh) or an alternative SSH port (222,2202,2222) open |
| 2001:db8:a:8::/64 | Transfer network |
| | For routing, might contain /124 or smaller sub networks for "point to point" |
| 2001:db8:a:88::/64 | Transfer tunnel network: Used for transferring via tunnels |
| 2001:db8:a:a::/64 | DNS network: houses DNS servers in the network. |
| | Regular DNS servers are usually 2001:db8:a:a::a and 2001:db8:a:a::b |
| | DNS64 enabled servers are usually 2001:db8:a:a::64 and 2001:db8:a:a::65 |
| 2001:db8:a:bee::/64 | LAN network: usually wifi/coworking |
| | "bee" is something people can easily pronounce; ssh open from outside |
| 2001:db8:a:cafe::/64 | LAN network: usually wired/regular clients |
| 2001:db8:a:d::/64 | Downstream network: routing to physically present downstreams |
| 2001:db8:a:d::/80 | Static IP addresses OUR side |
| 2001:db8:a:d:1::/80 | Static IP addresses DOWNSTREAM |
| 2001:db8:a:7ea::/64 | LAN network: Usually 2nd wifi network |
| 2001:db8:a:b00::/96 | Incoming NAT64 prefix: mapping IPv4 islands: 2001:db8:a:b00::192.168.1.1 is IPv6 reachable |
| 2001:db8:a:b0d::/64 | Kubernetes "pod (b0d)" network |
| 2001:db8:a:6fc::/108 | Kubernetes "svc (6fc)" network |
| 2001:db8:a:c00::/96 | 2nd Incoming NAT64 prefix: use this if one of them is stateful, the other one is stateless |
| 2001:db8:a:c001::/96 | Outgoing NAT64 prefix: mapping the IPv4 Internet, allowing IPv6 only hosts to reach the IPv4 Internet |
| 2001:db8:a:x::10::/79 | Kubernets cluster 1 |
| 2001:db8:a:x::10::/108 | Kubernets pod sub network 1 |
| 2001:db8:a:x::11::/108 | Kubernets service sub network 1 |
| 2001:db8:a:x::12::/79 | Kubernets cluster 2 |
| 2001:db8:a:x::12::/108 | Kubernets pod sub network 2 |
| 2001:db8:a:x::13::/108 | Kubernets service sub network 2 |
| 2001:db8:a:x::14::/79 | Kubernets cluster 3 |
| 2001:db8:a:x::14::/108 | Kubernets pod sub network 3 |
| 2001:db8:a:x::15::/108 | Kubernets service sub network 3 |
h3. IPv6 address guidelines
* /124s are nice to read as they cut off the last byte
* When using a /96 to access from or to the IPv4 Internet, reserve the whole /64
* When sub dividing a /64 on a VM/server, use /80's (nibble boundaries)
* */64: When in doubt, take a /64*
* /48's work great per location or customer
** No need to use a bigger network, even if you have space
* VPN concentrators / routers usually need /40 or /32 to redistribute /48's
h2. In other places
* "Address plan from Peter H. Jin":https://www.peterjin.org/wiki/Peterjin.org:IP_Addressing_Plans
* "IPv6 addressing plans (from a RIPE meeting)":https://meetings.ripe.net/see2/files/IPv6%20Addressing%20Plans.pdf