Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
216632
Views
50
Helpful
23
Comments

IPv6 Subnetting - Overview and Case Study

plumbis
Level 7
Level 7

‎06-28-2011 07:47 PM - edited ‎03-01-2019 04:41 PM

The sheer number of bits in an IPv6 address can make IPv6 subnetting intimidating at best. With the addition of a new addressing scheme it's easy to get lost trying to break up your brand new /48 address across your enterprise.

The New Boss, Same as the Old Boss

Subnetting with IPv6 is not drastically different than subnetting with IPv4, we just need to keep a few things in mind:

1.) Each character in an IPv6 address represents 4 bits (a nibble).

Since 0xF is 1111 in binary, it's easy to fall back into an IPv4 habit and forget that 0x11 is actually 0001 0001 in binary.

2.) Each IPv6 set represent 16 bits (4 characters at 4 bits each).

Keeping this in mind can make breaking up subnets a bit easier.

3.) Once it's in binary nothing changes!

It's easy to get lost in so many binary digits but the math is all the same. Each subnet bit is one fewer host bit and vice versa.

Setting the Ground Rules

The leading practice is to receive at least a /48 prefix from an ISP. This leaves you with 2^80 bits to manipulate (128 bit address - 48 bits that can't be changed = 80 bits to use). More bits than the entire IPv4 address space!

According to RFC4291 the current recommended smallest prefix is a /64. With so many addresses in IPv6 there isn't the same need for address conservation as there is in IPv4. You can assign a /64 to a point-to-point link and not feel guilty. The only exception to this is the recommendation from ARIN to use a /128 on loopback addresses.

This gives us one block of hex digits, or 16-bits, to use for subnetting. One block might not sound like much, but 16-bits is half of the entire IPv4 address space.

Defining the Site ID

In order to allow for proper route aggregation and summarization you should define Site IDs that you can use at each location (be that an office, data center or geographic region).

This is where we need to define at least a Site ID, and possibly a sub-Site ID.

If we are assigned 2001:db8:1234:0000:/48 from our provider, as mentioned, we have the "0000" to manipulate for site, sub-site and subnet IDs.

How you should break this down depends greatly on your business needs, but the easiest way may be to break things down along the nibble boundary. This can give us a few options:

Option A:

4 Sites, 4 sub-sites (at each site), 4096 subnets (at each sub-site): first 2 bits for the site, next two bits for the sub-site (first nibble), next three nibbles for subnets (2^12).

Option B:

16 sites, 16 sub-sites (at each site), 256 subnets (at each sub-site):

First nibble for the site, second for the sub-site and the last two for the subnet.

Option C:

16 sites, 256 sub-sites (at each site), 16 subnets (at each sub-site):

The first nibble for the site, the second and third for the sub-site and the final nibbles for the subnet.

binary.png

IPv6 Subnetting Case Study

We have a mid-sized company with offices and data centers across the United States. As part of our long term planning we have applied for an IPv6 address and were assigned 2001:db8:abcd::/48. We now need to allocate this across our enterprise.

We have branches in most states, so we've decided to use Option B, giving us 16 sites, 16 sub-sites and 256 subnets per site.

We've decided that a "site" will be a geographic region of the country and a sub-site will be a city within the geographic region. Here is the breakdown we are using for our sites:

US Map.png

(c/o US Department of Justice and Wikipedia)

Site Addresses

The sites that we are rolling IPv6 to are in:

San Francisco (Site 9)

Seattle (Site 9)

Omaha (Site 8)

Newark (Site 3)

New York City (Site 2)

Boston (Site 1)

At this point we can assign site and sub-site prefixes.

Each region will match the number on the map:

Site 0  - 2001:db8:abcd:0000::/52 (for future use)
Site 1  - 2001:db8:abcd:1000::/52
Site 2  - 2001:db8:abcd:2000::/52
Site 3  - 2001:db8:abcd:3000::/52
...
Site 8  - 2001:db8:abcd:8000::/52
Site 9  - 2001:db8:abcd:9000::/52
Site 10 - 2001:db8:abcd:a000::/52 (for future use)
Site 11 - 2001:db8:abcd:b000::/52 (for future use)
Site 12 - 2001:db8:abcd:c000::/52 (for future use)

...

These are /52s, because we have 48 bits from the provider and then the next 4 for the site.

Sub-Site Addresses

Next we can assign our sub-sites:

Site 1

----

Future Use - 2001:db8:abcd:1000::/56
Boston - 2001:db8:abcd:1100::/56
Future Use - 2001:db8:abcd:1200::/56
...
Future Use - 2001:db8:abcd:1a00::/56
Future Use - 2001:db8:abcd:1b00::/56
...

Site 2

-----

New York City - 2001:db8:abcd:2000::/56
...

Site 3

----

Future Use - 2001:db8:abcd:3000::/56
...
Newark - 2001:db8:abcd:3f00::/56

Site 8

----

Omaha - 2001:db8:abcd:8000::/56

Site 9

----

San Francisco - 2001:db8:abcd:9100::/56
Seattle - 2001:db8:abcd:9200::/56

Just like the site, the sub-site uses 4 more bits, moving our prefix length from a /52 to a /56.

Subnet Addresses

Within each site we can now assign our subnets. We will use our Newark site as an example.

Firewall Outside: 2001:db8:abcd:3f00::/64
Webservers: 2001:db8:abcd:3f01::/64
Database Servers: 2001:db8:abcd:3f02::/64
....
Mail Servers: 2001:db8:abcd:3f0d::/64
....
Management: 2001:db8:abcd:3fee::/64
Loopbacks: 2001:db8:abcd:3fff::/64

We are defining the next two nibbles for the subnet so our mask moves from a /56 sub-site up to a /64 subnet prefix. Newark's subnets can use 2001:db8:abcd:3f00 through 2001:db8:abcd:3fff:: for subnet addresses.

Within each subnet we can provide 2^64 addresses, as we still have 64 bits to use.

For example, within the MailServers vlan we will start all addresses with 2001:db8:abcd:3f0d:: and the last 64-bits are for the host.

subnetting.png

We've assigned the following addresses

mail gateway: 2001:db8:abcd:3f0d::1/64
mail01: 2001:db8:abcd:3f0d:0000:0000:0000:0002/64
mail02: 2001:db8:abcd:3f0d::ab00/64
mail03: 2001:db8:abcd:3f0d:abcd:ef12::1/64

servers.png

Routing

With IPv6 not relying on IPv4 anymore we finally address the poor addressing schemes we've all had in place for years. By defining sites and sub-sites, with plenty of room for growth we can do some pretty heavy duty aggregation.

Each of our sub-sites will advertise their /56 prefix up to an aggregation router.

Each aggregation router will be connected to the IPv6 Internet and announce both our enterprise wide /48 and the site /52. This provides redundant connectivity via the internet and allows the internet to use longest match to reach the site directly.

wan.png

Final Thoughts

Of course you'll want to do what works best for your organization and aligns with your business goals and requirements. There are no requirements regarding the site and sub-site or even how these are broken down. These are provided to help you get a better grasp on how do assign IPv6 addresses. Don't forget, when you get stuck you can always call TAC!

Comments
jmprats
Level 4
Level 4
‎09-23-2015 02:35 AM

Very good! A question:

Are not too many subnets? For example, a subnet for only 4 mail servers, is it justified?

I say this because you need a routing interface for each subnet that is created.

Is not it better just a subnet of servers?

Thanks

thomas.grudzien
Community Member
‎11-10-2015 07:46 AM

When you write "16-bits is half of the entire IPv4 address space", that sounds odd. In your context, I think the math is rather 2¹⁶ / 2³² = 1 / 2¹⁶ which is quite less than half.

ameyafernandeskhan1
Community Member
‎06-16-2016 01:39 AM

Hi,

I just want to clarify one thing which is not related to this tutorial some what, on following the guide https://en.wikipedia.org/wiki/IPv6_subnetting_reference a /56 subnet seems to be like 2001:0db8:0123:45::/56 but one of the providers has provided me a /56 subnet with 3 digits in the end which looks like  2001:0db8:0123:45x::/56.

Can some one please clarify my doubt which is the correct subnet ?

Simon Leinen
Community Member
‎06-18-2016 12:53 AM

a /56 subnet seems to be like 2001:0db8:0123:45::/56 but

Actually, a /56 subnet must look like

2001:0db8:0123:4500::/56

i.e. the rightmost two digits of the fourth "quad" must be zero.  3 digits there are fine, provided it's something like ":400".

nimeshshah20
Community Member
‎11-06-2016 09:06 PM

Excellent article..Good solid foundation on IPV6 Subnetting...I am still confused regarding the prefix. I am looking for table which gives understanding on prefix in very simple terms....

Secondly how will the subnetting conecpt work if we get /32 from ISP? Will it be the same as in this example..

Josue Rojas Villalobos
Cisco Employee
Cisco Employee
‎02-09-2017 08:07 AM

Excellent material, 6 years ago, and it's still priceless. Awesome examples!

ibrahimkehinde1987@gmail.com
Level 1
Level 1
‎01-25-2018 12:50 PM

the address prefix  command in the dhcpv6 server configuration is not going . I need help

d-g
Level 1
Level 1
‎04-15-2024 05:55 AM

Thanks for your example! I was just wondering, do you really need to do the structuring like that from a technical point of view? In the end you have 16 bits for subnets (with given /48). And in the end it is all /64.

Lets consider a simple examle. In the case I need 3 Sites with 5 Subnets for each site. So i could also just count up the adresseses and create it like that:

Given 201:db8:1234::/48

First Site gets
201:db8:1234:0000::/64
201:db8:1234:0001::/64
...
201:db8:1234:0004::64

Second Site
201:db8:1234:0005::/64
...
201:db8:1234:0009::/64

and so on.

I mean, I understand that your approach is more structured, but from a technical point of view, it makes no difference, right? Because in the end, there is no real subnets within that 16 Subnetting Space, it is all just /64 nets.Or do I miss something?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents