Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

IPv6 adressing to internet and inside VPN tunnel?

Hello Forum

I am quite new to IPv6 / have not used it in a production environment yet.

As I know, the internet-routed addressing is splitted into four parts:

/23: prefix given to regional internet registries, e.g. for Europe RIPE NCC.

/32: prefix given to ISPs

/48: prefix given to companies

/64: prefix for "company-internal" subnetting

Lets take a scenario with two sites, one located in north america (registry ARIN), the other located in europe (registry RIPE NCC).

The ISP in north american has assigned the address range 2001:0400::/48 to the north america site.

The ISP in europe has assigned the address range 2001:0600::/48 to the europe site.

As there are is no use of NAT anymore, the computers at the sites have a global unicast address within the range assigned by the ISP.

First question: Is there any need to use addresses within the range 2001:0400::/48 (assigned to company) for WAN addressing (connection company <-> ISP)?

Or will the ISP use addresses from another range, e.g. 2001:0800::/32 and split them up into /126-subnets (like /30 for Point-to-Point connections in IPv4)?

What would be the WAN addressing?

Second question:

Let's say we have four devices:

  • Router A at america site (IP withint range 2001:0400::/64)
  • Computer A at america site (IP within range 2001:0400::/64)
  • Router B at europe site (IP within range 2001:0600::/64)
  • Computer B at europe site (IP within range 2001:0600::/64)

Now if I would configure a GRE-VPN-tunnel between those sites to forward traffic from one network to the other.

The WAN-interfaces of the routers would act as tunnel endpoints.

What would be the addressing for the tunnel interfaces?

Is there a special IPv6 range like the private IPv4 ranges?

Or just use the link-local addresses?

Or take a addresses from a subnet of one of the assigned IP ranges (e.g. 2001:0600:1::/126)

Thank you already

lukas

1 REPLY
Cisco Employee

IPv6 adressing to internet and inside VPN tunnel?

Point to point addressing in the WAN can be /64  or /127.  There has been a lot of debate on which is better.  For reducing operational complexity, /64 is a good choice for point to pint links, despite the waste.

Looking at

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns824/sbaBN_IPv6addrG.pdf

The IPv6 address plan considerations section is quite good.  It cites the now-historical RFC3627 which encouraged /64 use, but RFC6164 (http://tools.ietf.org/html/rfc6164) is the "pro" argument for /127 links.

https://supportforums.cisco.com/thread/2174969 is a good discussion of options to address point to point links and some of the pros and cons of each.  Beware the risks of building discontiguous subnets and attendant summarization issues.

IPv6 ULA addresses are the equivalent of private IPv4 ranges.  You can also use link local, with the risk that diagnostic tools like tracroute may not work as expected. 

For the GRE case, just pick a subnet range from one side.

912
Views
4
Helpful
1
Replies
CreatePlease to create content