02-18-2012 02:27 PM - edited 03-01-2019 05:33 PM
Hi,
A while back the general advise was to assign a /64 for each and every VLAN. I still believe this to be true and a correct advise for all VLANs that connect end-users (because of auto address features and temporary addresses).
But is this still true, best practice, for networks that do not serve end-users, like transit networks between routers, server networks or even networks for ip-phones?
What protocols cannot handle networks with masks larger (more bits in mask) /64?
Any other reasons that should stop me from assigning, let's say /120's ?
(reason for this question is that we see providers assigning /56 PA addressblocks and these only leave room for 256 VLAN's, when only using /64's)
Regards,
Erik
Sent from Cisco Technical Support iPad App
02-18-2012 03:09 PM
A while back the general advise was to assign a /64 for each and every VLAN
/64???? /256????
What year is it today? Where am I? Did I wake up in the twilight zone?
02-18-2012 03:13 PM
please have a look at the text on your personal avatar!
02-18-2012 03:34 PM
If you are saying you sent me a PM then I don't see it.
Anyway, there no such thing as a /56, /64, /120. You are probably meaning a /26 subnet mask. But there is no subnet mask for "/56" or "/120".
02-18-2012 03:38 PM
well, this is ipv6 we're talking about. It supports 128 bits. Welcome to the wonderfull world of ipv6!
02-18-2012 08:47 PM
There is no reason why can’t use /120 or /112 or /126 or /127 ( p2p router to router link).
As far as I know, all Cisco and juniper routers supports any of above mask including /127 ( I prefer to use this on p2p WAN link when I know there are only two devices/routers connected to each other).
Regards,
Chintan
02-19-2012 01:41 AM
One important recommendation to use smaller networks than /64 comes from the security side:
The table exhaustion attack is a way to overflow of an ipv6 router's neighbor table by sending packets from every possible address in the subnet in rapid sucession. With a /120 subnet, (the ipv6 version of a /24) this is not possible because the router can easily store 254 entries. At least for public networks it makes sense to not use /64 for this reason.
The workaround for not being able to use SLAAC will eventually be the more widespread use of dhcp in ipv6 networks; this can be used with every mask you can think of.
regards,
Leo
02-19-2012 02:25 PM
Hi Leo,
Thanks for the answer. Security wasn't one of the aspects I thought about being a pro for smaller subnets. The other way around if more often thought (hard to guess addresses, temporary addresses).
What about PIM, I understood it had some limitations when not using /64's? Is this still true?
Regards,
Erik
Sent from Cisco Technical Support iPad App
02-19-2012 01:09 PM
well, this is ipv6 we're talking about. It supports 128 bits. Welcome to the wonderfull world of ipv6!
COOL!
02-20-2012 12:55 PM
RFC 3177 caused a lot of noise in the community. Check out RFC 6177 which addresses this to a certain degree. Also, check out RFC 6164 which examines and advocates the use of /127 prefixes on P2P links. The VLAN to IPv6 logic makes sense as long as you have a 1:1 VLAN/Subnet relationship, that could change. And that scheme wouldn't work for WAN P2P links as they don't usually have a VLAN ID. If you are dual stacking, you could embed the IPv4 address inside the IPv6 address space to make it a bit easier to read. My advice would be to subnet and use DHCPv6 if you need more subnets, but don't try to make a "system" that correlates with other technologies, it won't scale and it probably won't last. So, my choice would be better management and network automation, so I wouldn't have to remember any kind of mappings between switch numbers, IP addresses or VLAN numbers. Remember that the mobility trend (LISP, etc) will render all those kind of systems useless In the end, what makes sense to me is to have a decent IPAM solution and a proper naming scheme instead of obsessing with address formatting. After all, your network consists of several thousand MAC-addresses without any corporate-based naming scheme, still we are able to manage these HTH
---
Posted by WebUser Atle Ørn Hardarson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide