As IPv6 address migration is catching up in all enterprise networks, let’s take a look at some of the operational best practices to migrate to and subnet IPv6 addresses.
The Internet Assigned Numbers Authority assigns IPv6 addresses in large blocks to the Regional Internet Registries (RIRs). These registries include the Asia Pacific Internet Community (APNIC), American Registry for Internet Numbers (ARIN), Réseaux IP Européens (RIPE), and others. The RIRs allocate addresses to internet service providers (ISPs), whose default allocation by the registry is /32. The ISPs, in turn, allocate /48 to customers. The allocation process for IPv6 provides more bits than the IPv4 address space because the IPv6 address space is 128 bits (2128) in size, containing 340,282,366,920,938,463,463,374,607,431,768,211,456 IPv6 addresses.
The best practice is to get at least a /48 prefix from an ISP which gives you an address space of 2^80 bits to manipulate. The IP space has 128 bits of which 48 bits can't be changed. This means you’ll get 80 bits to use (128 – 48 = 80 bits).
IPv6 Subnet Masking
IPv6 subnet masking is similar to IPv4, but there are 2 key differences in the way the IPv6 masks looks and what gets masked.
What Does an IPv6 Mask Look Like?
IPv6 uses 128 binary digits for each IP address, as opposed to IPv4's 32 binary digits. The 128 binary digits are divided into 16-bit words. Since using IPv4’s octet notation to represent 128 bits would be difficult, we use a 16-digit hexadecimal numbering system instead.
Each IPv6 set represents 16 bits (4 characters at 4 bits each), and each 4-digit hex word represents 16 binary digits, like the following examples:
- Bin 0000000000000000 = Hex 0000 (or just 0)
- Bin 1111111111111111 = Hex FFFF
- Bin 1101010011011011 = Hex D4DB
So, an IPv6 128-bit binary address is represented by 8 hex words separated by colons:
What Gets Masked?
In IPv4, every IP address comes with a corresponding subnet mask. IPv6 also uses subnets, but the subnet ID is built into the address.
- The first 48 bits are the network prefix – used for Internet routing.
- The next 16 bits (49th to 64th) are the subnet ID used for defining subnets.
- The last 64 bits (65th to 128th) are the interface identifier, which is also known as the Interface ID or the Device ID.
For example, if you want to break your network into 64 subnets, the binary mask just for the subnetting range would be 1111110000000000, which translates to a hex value of FC00.
The full 128-bit hex mask would be FFFF:FFFF:FFFF:FC00:0:0:0:0
IPv6 Subnetting Practices
- Every individual network segment requires at least one /64 prefix: The IPv6 equivalent of an IPv4 /24 subnet is a /64. The customer should break their network segments into this space. A /64 is an IPv6 subnet that has 64 network bits and 64 host bits. Regardless of the number of hosts on an individual LAN or WAN segment, every multi-access network requires at least one/64 prefix.
- Subnet only nibble boundaries: Each character in an IPv6 address represents 4 bits (a nibble). A nibble boundary is a network mask that aligns on a 4-bit boundary. This makes it easier to understand and follow the IP address sequence, reducing incorrect configurations. Since the smallest subnet mask used for multi-access networks is a /64, you can just count down in multiples of 4 to set the nibble boundary masks (e.g. 64, 60, 56, 52…4)
- Implement a hierarchical addressing plan to allow for aggregation: In a 3-level hierarchy enterprise network having a site, region, and Autonomous System (AS), each site should receive one /48. This is to accommodate additional aggregation points as the network grows.
- Consider grouping your IP address by type of usage: In a large IP address spaces, grouping IP addresses by usage helps track them for allocation and management. You can group your space by customer space, internal space, infrastructure space, etc.
As we try to understand the concepts of IPv6, we should also start preparing for the migration. You can read this thwack post to get some tips on migrating from IPv4 to IPv6.