North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Assigning IPv6 /48's to CPE's?

  • From: Sascha Lenz
  • Date: Mon Dec 31 04:52:17 2007


Rick Astley schrieb:
I see there is a long thread on IPv6 address assignment going, and I apologize that I did not read all of it, but I still have some unanswered questions.

The basic problem is, there are no answers, that's why there is this and similar discussion every 6 months again and again.

So the only sane answer to most of your questions is: think about it yourself and just do it to finally get out IPv6 to the world. YOU will have to live with the consequences some day in the future in the end ;-)

I believe someone posted the ARIN recommendation that carriers assign out /64's and /56's, and in a few limited cases, /48.

I'm not that active in the ARIN region myself, but the GENERAL consensus amongst the people who already run (production!) IPv6 networks for years now is - just hand out /48s to every customer, DO NOT THINK ABOUT IT!

But i'm well aware of ARIN guideline like

	 The following guidelines may be useful (but they are only guidelines):

* /64 when it is known that one and only one subnet is needed
* /56 for small sites, those expected to need only a few subnets over the next 5 years.
* /48 for larger sites

but notice the annotation "...but they are only guidelines".

In general, if you're really really sure that there's only one device, you can use /128, if you're sure there is only one subnet needed, a /64 is fine, but in general, make your life easy by handing out /48s to everyone by default.
But if you really want to think about it and make your life complicated - noone can stop you from assigning /56s if you think that's a better choice - for whatever reason you might come up with in your setup.

I can understand corporations getting more than a /64 for their needs, but certainly this does not mean residential ISP subscribers, right?

Why not?

I can understand the need for /64's because the next 64 bits are for the client address, but there seems to be this idea that one and only one node may use a whole /64. So in the case of Joe, the residential DSL subscriber who has 50,000 PCs, TiVo's, microwaves, and nanobots that all need unique routable IP addresses, what is to stop him from assigning them unique client ID's (last 64 bits) under the same /64? We can let Joe put in some switches, and if that isn't enough he should consider upgrading from his $35/month DSL or $10/month dial up anyway.

Well, that's the IPv4 business model which is basically saying "the more you pay, the more IP addresses you can get".
This will most likely happen in the IPv6 world too, and there is nothing we can do about it.

But if you think about that in a sane way, and you and the ISP you're working for are nice "netizens", you don't put a pricetag on IP-addresses. Especially not in the IPv6 world, since there is no shortness of addresses like there might be in the IPv4 world which might again support such a business model.

==> just hand out /48s even if 90% of your customers won't ever need it, addresses are not scarce here. Thinking about it too much might just be a bigger waste of time than this is a waste of address resources.

My next question is that there is this idea that there will be no NAT in the IPv6 world. Some companies have old IPv4 only software, some companies have branch offices using the same software on different networks, and some like the added security NAT provides.

Again, marketing gets the lifetime achievement award for making a bad thing like NAT, born out of the simple need for some solution for the we-dont-have-enough-IPv4-addresses-problem - into a "security and administrative easy and anonymity" .. well.. "thing".

My only answer to this is: go out and educate the people.
But this again often might not work in the real world.

There are also serious privacy concerns with having a MAC address within an IP address. Aside from opening the doors to websites to share information on specific users, lack of NAT also means the information they have is more detailed in households where separate residents use different computers. I can become an IPv4 stranger to websites once a week by deleting cookies, IPv6 means they can profile exactly what I do over periods of years from work, home, starbucks, it doesn't matter. I don't see NAT going away any time soon.

That's a myth, too, for example there is this privacy extension thing (RfC3041 i believe?) in almost every current IPv6-stack like Vista and so which doesn't use "MAC-addresses" and also constantly changes the address (which is a PITA for administrators again).

In the end, you don't NEED any NAT for any sane reason.
But i'm not saying it won't exist, i'm actually quite sure that there will be NAT for IPv6 in the end, right.
It's just sad that even engineers and administrators are so lazy and just want to handle IPv6 like IPv4 even there are major differences.

Bottom line: Think about the best practice yourself, read the whole thread if you still have to make up your mind.
At the moment noone really can help you with definite answers.

= Sascha Lenz                  SLZ-RIPE          [email protected]         =
= Network Operations                                                   =
= BayCIX GmbH, Landshut                  * PGP public Key on demand *  =