Project

General

Profile

Commonly used IPv6 networks » History » Version 19

Nico Schottelius, 10/05/2024 06:41 AM

1 1 Nico Schottelius
h1. Commonly used IPv6 networks
2
3 3 Nico Schottelius
h2. By ungleich
4
5 1 Nico Schottelius
Assuming that you have a /48 per location/site, there are some specific /64 sub networks that we usually use at ungleich.
6 4 Nico Schottelius
As an example let's take **2001:db8:a::/48**, then the we often use these networks:
7 1 Nico Schottelius
8 11 Nico Schottelius
h3. Typical IPv6 plan from ungleich
9
10 14 Nico Schottelius
* Assuming 2001:db8:a::/48 as a base network
11
12 16 Nico Schottelius
| Network                | Description                                                                                           |
13
| 2001:db8:a::/64        | The network 0 is usually internal                                                                     |
14
|                        | For netboot, untrusted equipment, IPMI and co. Usually firewall for no incoming traffic at all        |
15
| 2001:db8:a:1::/64      | Servers, sensible equipment: stuff we trust ssh is safe                                               |
16
|                        | For accessing servers, usually only port 22 (ssh) or an alternative SSH port (222,2202,2222) open     |
17
| 2001:db8:a:8::/64      | Transfer network                                                                                      |
18
|                        | For routing, might contain /124 or smaller sub networks for "point to point"                          |
19 17 Nico Schottelius
| 2001:db8:a:88::/64     | Transfer tunnel network: Used for transferring via tunnels                                            |
20 16 Nico Schottelius
| 2001:db8:a:a::/64      | DNS network: houses DNS servers in the network.                                                       |
21
|                        | Regular DNS servers are usually 2001:db8:a:a::a and 2001:db8:a:a::b                                   |
22
|                        | DNS64 enabled servers are usually 2001:db8:a:a::64 and 2001:db8:a:a::65                               |
23 19 Nico Schottelius
| 2001:db8:a:b::/64      | MX network: houses mx servers in the network.                                                         |
24 16 Nico Schottelius
| 2001:db8:a:bee::/64    | LAN network: usually wifi/coworking                                                                   |
25
|                        | "bee" is something people can easily pronounce; ssh open from outside                                 |
26
| 2001:db8:a:cafe::/64   | LAN network: usually wired/regular clients                                                            |
27
| 2001:db8:a:d::/64      | Downstream network: routing to physically present downstreams                                         |
28
| 2001:db8:a:d::/80      | Static IP addresses OUR side                                                                          |
29
| 2001:db8:a:d:1::/80    | Static IP addresses DOWNSTREAM                                                                        |
30
| 2001:db8:a:7ea::/64    | LAN network: Usually 2nd wifi network                                                                 |
31
| 2001:db8:a:b00::/96    | Incoming NAT64 prefix: mapping IPv4 islands: 2001:db8:a:b00::192.168.1.1 is IPv6 reachable            |
32
| 2001:db8:a:b0d::/64    | Kubernetes "pod (b0d)" network                                                                        |
33
| 2001:db8:a:6fc::/108   | Kubernetes "svc (6fc)" network                                                                        |
34
| 2001:db8:a:c00::/96    | 2nd Incoming NAT64 prefix: use this if one of them is stateful, the other one is stateless            |
35
| 2001:db8:a:c001::/96   | Outgoing NAT64 prefix: mapping the IPv4 Internet, allowing IPv6 only hosts to reach the IPv4 Internet |
36 18 Nico Schottelius
| 2001:db8:a:x::10::/79  | Kubernetes cluster 1                                                                                   |
37
| 2001:db8:a:x::10::/108 | Kubernetes pod sub network 1                                                                           |
38
| 2001:db8:a:x::11::/108 | Kubernetes service sub network 1                                                                       |
39
| 2001:db8:a:x::12::/79  | Kubernetes cluster 2                                                                                   |
40
| 2001:db8:a:x::12::/108 | Kubernetes pod sub network 2                                                                           |
41
| 2001:db8:a:x::13::/108 | Kubernetes service sub network 2                                                                       |
42
| 2001:db8:a:x::14::/79  | Kubernetes cluster 3                                                                                   |
43
| 2001:db8:a:x::14::/108 | Kubernetes pod sub network 3                                                                           |
44
| 2001:db8:a:x::15::/108 | Kubernetes service sub network 3                                                                       |
45 3 Nico Schottelius
46 11 Nico Schottelius
h3. IPv6 address guidelines
47
48
* /124s are nice to read as they cut off the last byte
49
* When using a /96 to access from or to the IPv4 Internet, reserve the whole /64
50 12 Nico Schottelius
* When sub dividing a /64 on a VM/server, use /80's (nibble boundaries)
51 11 Nico Schottelius
* */64: When in doubt, take a /64*
52
* /48's work great per location or customer
53
** No need to use a bigger network, even if you have space
54
* VPN concentrators / routers usually need /40 or /32 to redistribute /48's
55
56 3 Nico Schottelius
h2. In other places
57
58
* "Address plan from Peter H. Jin":https://www.peterjin.org/wiki/Peterjin.org:IP_Addressing_Plans
59 11 Nico Schottelius
* "IPv6 addressing plans (from a RIPE meeting)":https://meetings.ripe.net/see2/files/IPv6%20Addressing%20Plans.pdf