Thanks to everybody who responded. To summarize it all, these are the guides for non-ISP company to use PI IPv6 addresses: case 1: single POP, no plans to have more - get single /48 from your RIR, announce it to one or multiple ISPs that POP is connected to case 1a: multiple separate POPs (no VPN interconnections) - the same as for case 1 but for each POP independently; each POP has individual AS, btw case 2: extranet like multiple POPs interconnected with VPNs - get greater then /48 block (like /44) so each POP gets its /48 part - each POP announces its corresponding /48 prefix to their local ISPs - decide if you wish that traffic from Internet to some POP passes through some other of your POPs (security or other considerations); if this is desirable you may announce the whole aggregate (like /44) additionally to /48 from all or some of the POPs; optionally you may wish to announce /44 with community 'no-export' As for /48 IPv6 blocks being like /24 for IPv4. It really seems that /48 may be the most popular PI block and this may lead to overcrowding of DFZ. Probably, this is logical consequence of getting bigger address space. We needed more IP addresses and we get them. Anyway getting greater then /48 just because you do not want to pollute DFZ is not justified. Thank you. Dmitry Cherkasov 2011/11/1 Ricky Beam <jfbeam@gmail.com>:
On Mon, 31 Oct 2011 05:39:57 -0400, Richard Barnes <richard.barnes@gmail.com> wrote:
Couldn't you also advertise the /48 from all the sites, if you're willing to sort things out over the inter-site VPNs?
If we're talking about a site-to-site IPsec VPN "over the internet", then that's a very bad idea. Even if "the internet" in this case is entirely within the same provider's network. (and it doesn't sound like it is.)
--Ricky