On Thu, Jan 6, 2011 at 5:00 PM, Deepak Jain <deepak@ai.net> wrote:
Wouldn't a number of problems go away if we just, for now, follow the IPv4 lessons/practices like allocating the number of addresses a customer needs --- say /122s or /120s that current router architectures know how to handle -- to these boxes/interfaces today, while just reserving /64 or /56 spaces for each of them for whenever the magic day comes along where they can be used safely?
Hi Deepak, No. IPv6 is only *almost* the same as IPv4. Drill these three differences into your mind and you should do just fine: /64 LAN netmask nibble delegation boundary how many LANs (not hosts!) in this stub network? Without going into the technical details, IPv6 has been engineered with the intention that any netmask will work but a /64 netmask works distinctly better. Don't think of it as a 128 bit address. Think of it as a 64 bit network address plus a 64 bit host address. Apply IPv4 lessons to the 64 bit network address. The 64 bit host address is for the customer, the same way the 16-bit TCP port is for the customer. IPv6 has been rigged so that address space naturally delegates on nibble boundaries. It's one NS entry in the RDNS zone. It's an exact string of characters in the hexadecimal written form. Should you delegate on a different boundary, you invite all the common difficulties human beings have evaluating a netmask and add in the trouble dealing with base 16, rarely for any discernible gain. In IPv4 you think about how many addresses do I need to accommodate X hosts. This mental model does not match IPv6's technology model. If LANs are always /64, how many LANs does this stub network require? Example: Customer A has a gaming PC in a DMZ and two surfing PCs. How many IPv6 addresses? 1 LAN (/64) for the DMZ 1 LAN (/64) for the PCs 1 LAN (/64) between the firewall and the router round up to the nibble boundary: 16 LANs (/60) Consider providing a /56 or a /48 instead of a /60 so that there's lots of room for expansion, dynamic interior delegation or whatever. But /60 is your absolute floor. Less will turn out to be like telling the same customer to use 192.168.1.252/30: technical difficulties will promptly ensue. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004