While I was out at Cisco Live 2011 in Las Vegas I had an opportunity to sit down and have a candid discussion with Eric Vyncke, a Distinguished Engineer at Cisco in Belgium. We talked about current IPv6 best practices and how they related to smaller service providers that I work with.
When designing IPv6 networks you will basically be overlaying the addressing over the top of an existing IPv4 network. Physical topology and connections should remain the same as your IPv4 network.
Prefixes to Use
Current best practices for addressing are as follows:
Customer facing networks where ND must be used: /64 prefix
Point-to-point links between routers: /127 prefix (see rfc6164)
Loopback addresses on routers: /128 prefix (out of the same /64 for all devices)
By using a /127 prefix on point-to-point links you can prevent ping-pong ND attacks. You will still want to design for a /64 but just configure the interfaces with a /127 prefix using :0 and :1 for the respective sides of the link.
By following these prefix assignments your network routing table will look like this:
/64 – for servers, customers, etc.
/127 – for point-to-point links
/128 – for loopback addresses
You may also find it useful to use link-local addressing on the point-to-point links. As long as a global address is used on the loopback interface ICMP functionality should still remain intact. Use of link-local should also improve security as these addresses aren’t routable on the Internet.
In a VLAN environment it is a good idea to use the VLAN ID as part of the IPv6 network address in order to better track and document your network.
For example, assume, VLAN 201:
2001:DB8:15::/48 is our aggregate for a site.
VLAN 201’s network would be 2001:DB8:15:201::/64
For simplicity’s sake it is a best practice to use the IPv4 loopback address as part of the host portion of the IPv6 loopback address.
2001:DB8::/64 is used for loopback assignment.
For R1 with an IPv4 loopback of 18.104.22.168 we would use 2001:DB8:0:0:1:1:1:1/128 as the IPv6 loopback address.
This makes things more consistent and visible and obvious in the routing table.