cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3999
Views
0
Helpful
9
Replies

IPv6 address allocation

patrick.peters
Level 1
Level 1

I've got a best practices question.

We're planning our transition to IPv6.  We've gone to ARIN and aquired a /48 for the company.  My question is about the best way to manage that space.

Our company already has one a second office location (which is international) in addition to our corporate offices.  I expect we will have more within the next couple of years.  I can allocate pieces of our /48 to these locations (trying to plan careful to support route aggregation) or I can have each of our international locations get their own /48 from their respective registries.

What's the intent about the best way to handle this?

Thx

Patrick

9 Replies 9

lgijssel
Level 9
Level 9

Many companies dislike the idea of having a globally unique address on every node in their networks (and with good reason I think). You may consider using ULA's instead for internal corporate addressing.

http://en.wikipedia.org/wiki/Unique_local_address

The /48 can then be used in your DMZ and when you have more countries, you may request address space there if needed or required. There still is plenty.

regards,

Leo

Hi Leo,

I like the ULA idea!

But when I attended Cisco presentation during the World IPv6 Day, the recommendation presented was:

"Don't make things complicated, use only Global addresses!"

And also all IPv6 books I've seen are just mentioning ULA but then expect global addresses only implemented, sometimes saying "there's no NAT available in IPv6 world" :-(

BR,

Milan

ULAs are a good idea for:

1.  Network Infrastructure (Internal routers, switches, management of DMZ switches/equipment)

2.  Extranet

3.  Enterprise VoIP infrastructure

4.  HIghly Restricted servers/services

Basically, anything you don't ever want to be accessible from the Internet.

And yes, with some of these, a firewall/ACL would stop Internet conversations; but I don't assume the firewall won't have it's policy dropped, replaced with an any-any-accept etc.

I agree, get more PI (provider independent) space for each location.  No smaller than a /48 to help ensure routability.

You mentioned an International site.

Beyond simply getting a /48 for each site, be sure to allocate the address space from the appropriate RIR; ARIN, RIPE, APNIC etc.

Phillip Remaker
Cisco Employee
Cisco Employee

I would get a  /48 for each inetrnational location, since you then have the option to advertise independent prefixes to local carriers.

Optionally, you can instead use network prefix translation (sometimes called NAT66) with your internal provider independent addressing to a local carrier. 

You can never have enough addresses, really :-)

thullrich
Level 1
Level 1

So you think your companies network need's more than 65000 subnets?

Sent from Cisco Technical Support iPad App

qs_tahmeed
Level 1
Level 1

Getting a /48 from the regional registry would be more appropriate.

But if Global Internet access for all regional sites is controlled centrally via VPN services then no point of taking regional /48 instead delegation from HQ's /48 would do.

fabios
Level 1
Level 1

Hi Patrick,

before jumping to provide an answer I would like you to consider the nature of the network you are building and whether or not you will be using own dedicated links or using the Internet as transmission infrastructure.

In the first case you own provider independent IPv6 addressing could be a good idea if you run BGP. This also would allow you to be multihomed in different countries and could also become a transit AS.

But if you only are forwarding own traffic and have a couple of connection in different countries with stable and reputable ISPs maybe the only thing you need is provider assigned space for each location and you do not even need to run BGP only an IGP to prevent your internal traffic from spilling on the Internet. This would prevent rerouting of traffico from a different link to a network with a failed ISP connection.

You might also consider provider independent address space assigned by RIR in the country where you have your subsidiaries and use BGP to advertise the whole address space to the entire world and achieve redundancy.

Fact is more parameters are needed to answer you question:

Are you running BGP now (do you have an AS number)

Are you (or willing to be) a transit network

Are you looking for multihoming (in a single RIR area or multiple)

How much money are investing to obtain resilience and reliability.

I hope this question will help you better define your problem

Cheers

Fabio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco