IPv6 Best Practices

Posted by

While I was out at Cisco Live 2011 in Las Vegas I had an opportunity to sit down and have a candid discussion with Eric Vyncke, a Distinguished Engineer at Cisco in Belgium.  We talked about current IPv6 best practices and how they related to smaller service providers that I work with.

Physical topology

When designing IPv6 networks you will basically be overlaying the addressing over the top of an existing IPv4 network. Physical topology and connections should remain the same as your IPv4 network.

Prefixes to Use

Current best practices for addressing are as follows:

Customer facing networks where ND must be used: /64 prefix
Point-to-point links between routers: /127 prefix (see rfc6164)
Loopback addresses on routers: /128 prefix (out of the same /64 for all devices)

By using a /127 prefix on point-to-point links you can prevent ping-pong ND attacks. You will still want to design for a /64 but just configure the interfaces with a /127 prefix using :0 and :1 for the respective sides of the link.

By following these prefix assignments your network routing table will look like this:

/64 – for servers, customers, etc.
/127 – for point-to-point links
/128 – for loopback addresses

You may also find it useful to use link-local addressing on the point-to-point links. As long as a global address is used on the loopback interface ICMP functionality should still remain intact.  Use of link-local should also improve security as these addresses aren’t routable on the Internet.

Address Assignment

VLANs

In a VLAN environment it is a good idea to use the VLAN ID as part of the IPv6 network address in order to better track and document your network.

For example, assume, VLAN 201:

2001:DB8:15::/48 is our aggregate for a site.

VLAN 201’s network would be 2001:DB8:15:201::/64

Loopbacks

For simplicity’s sake it is a best practice to use the IPv4 loopback address as part of the host portion of the IPv6 loopback address.

For example:

2001:DB8::/64 is used for loopback assignment.

For R1 with an IPv4 loopback of 1.1.1.1 we would use 2001:DB8:0:0:1:1:1:1/128 as the IPv6 loopback address.

This makes things more consistent and visible and obvious in the routing table.

 

 

Advertisements

3 comments

  1. Thanks for you information you provide. It is not easy to find good ‘best practices’ for IPv6 address assignment policies.

    There appears to be a small issue when recomend /127 for router links and using :1 and :2 for each end. These addresses fit with a /126 and not /127. So did you mean :0 and :1 or /126 ?

    Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s