I've got a best practices question.
We're planning our transition to IPv6. We've gone to ARIN and aquired a /48 for the company. My question is about the best way to manage that space.
Our company already has one a second office location (which is international) in addition to our corporate offices. I expect we will have more within the next couple of years. I can allocate pieces of our /48 to these locations (trying to plan careful to support route aggregation) or I can have each of our international locations get their own /48 from their respective registries.
What's the intent about the best way to handle this?
Many companies dislike the idea of having a globally unique address on every node in their networks (and with good reason I think). You may consider using ULA's instead for internal corporate addressing.
The /48 can then be used in your DMZ and when you have more countries, you may request address space there if needed or required. There still is plenty.
I like the ULA idea!
But when I attended Cisco presentation during the World IPv6 Day, the recommendation presented was:
"Don't make things complicated, use only Global addresses!"
And also all IPv6 books I've seen are just mentioning ULA but then expect global addresses only implemented, sometimes saying "there's no NAT available in IPv6 world" :-(
ULAs are a good idea for:
1. Network Infrastructure (Internal routers, switches, management of DMZ switches/equipment)
3. Enterprise VoIP infrastructure
4. HIghly Restricted servers/services
Basically, anything you don't ever want to be accessible from the Internet.
And yes, with some of these, a firewall/ACL would stop Internet conversations; but I don't assume the firewall won't have it's policy dropped, replaced with an any-any-accept etc.
You mentioned an International site.
Beyond simply getting a /48 for each site, be sure to allocate the address space from the appropriate RIR; ARIN, RIPE, APNIC etc.
I would get a /48 for each inetrnational location, since you then have the option to advertise independent prefixes to local carriers.
Optionally, you can instead use network prefix translation (sometimes called NAT66) with your internal provider independent addressing to a local carrier.
You can never have enough addresses, really :-)
Getting a /48 from the regional registry would be more appropriate.
But if Global Internet access for all regional sites is controlled centrally via VPN services then no point of taking regional /48 instead delegation from HQ's /48 would do.
before jumping to provide an answer I would like you to consider the nature of the network you are building and whether or not you will be using own dedicated links or using the Internet as transmission infrastructure.
In the first case you own provider independent IPv6 addressing could be a good idea if you run BGP. This also would allow you to be multihomed in different countries and could also become a transit AS.
But if you only are forwarding own traffic and have a couple of connection in different countries with stable and reputable ISPs maybe the only thing you need is provider assigned space for each location and you do not even need to run BGP only an IGP to prevent your internal traffic from spilling on the Internet. This would prevent rerouting of traffico from a different link to a network with a failed ISP connection.
You might also consider provider independent address space assigned by RIR in the country where you have your subsidiaries and use BGP to advertise the whole address space to the entire world and achieve redundancy.
Fact is more parameters are needed to answer you question:
Are you running BGP now (do you have an AS number)
Are you (or willing to be) a transit network
Are you looking for multihoming (in a single RIR area or multiple)
How much money are investing to obtain resilience and reliability.
I hope this question will help you better define your problem