Menu

You are here

Home » Handbook A-Z » Recommendation: IPv6 Design Considerations

Recommendation: IPv6 Design Considerations

General Design Considerations

  1. Cleanup IPv4
  2.  Acquire IPv6 address block allocations from WaTech
  3. Validate devices can support IPv6 routing protocol of choice for both hardware and OS.
    • Consider using a vendor compatibility tool
  4. Implement a hierarchical addressing plan to allow for aggregation
    • Ensure scalability and stability
    • Put aside reserve blocks/networks to support future expansion!
    • Reserve a block for infrastructure
    • Sites/locations and regions, etc. should be laid out such that within each level of the hierarchy, each subnet prefix is of equal size
    • All IPv6 interface gateways should be a /64 or larger
    • Set aside a block for loopbacks
      • Dedicate /56 for Loopback addresses per location
      • Allocate /64 per Loopback but configure /128 address
    • Set aside a block for point to point
      • Dedicate /56 for point to point addresses per location
      • Allocate /64 per point to point but configure /127
    • Preferred routing protocol for communication with the state government network (SGN) is BGP (does not apply to K-20)
    • Consider How many /64 prefixes (subnets) you need to deploy at a location
      • I.E: desktops, WIFI, guestnet, sensors, CCTV, network infrastructure, etc.
      • Don’t worry about the number of hosts there are more host addresses in one /64 than the entire global IPv4 address space
    • Remember to check how many Longest Prefix Matches (LPM) [/128] your network devices can carry
      • Does not always equal the total number of supported IPv6 prefixes
  • Begin tracking and planning for the upgrade/replacement of devices that are NOT IPv6 capable
  • Use subnets on nibble boundaries

Nibble boundaries:

 

/40 includes

16 - /44’s

256 /48’s

4,096 /52’s

65,536 /56’s

1,048,576 /60’s

16,777,216 /64’s

/44 includes

16 - /48’s

256 - /52’s

4,096 /56’s

65,536 /60’s

1,048,576 /64

 

/48 includes

16 - /52’s

256 - /56’s

4,096 /60’s

65,536 /64

 

/52 includes

16 - /56’s

256 - /60’s

4,096 /64’s

 

/56 includes

16 - /60’s

256 - /64’s

 

/60 includes

16 - /64’s

Table 2 Nibble Boundaries

  1. Design address space assignments
  • Map to network topology
  • Meet current requirements
  • Manually configure local-link addresses in an easily readable format. This will make verifying or troubleshooting routes easier.

 

xxxx:xxxx:xx

0

0:

0

0

0

0:

0000:0000:0000:0000

Network

Open

Environment

Building

Floor

Primary Usage

Secondary Usage

Host

Table 1 Example Legend for Access Networks

 

Environment

Building

Floor

Usage

IPv6 Block Assignment

VLAN

IPv4 Address

 

User/Data Access

2001:0DB8:1703::/48

 

Building 1

2001:0DB8:1703:1::/52

 

 

1st Floor

2001:0DB8:1703:11::/56

 

 

1

Management

2001:0DB8:1703:1100::/64

100

192.168.48.0/24

 

 

Data

2001:0DB8:1703:1110::/64

101

192.168.49.0/24

 

 

Printer

2001:0DB8:1703:1120::/64

105

192.168.50.0/24

 

 

Video

2001:0DB8:1703:1130::/64

110

192.168.51.0/24

 

 

VOIP (Zone1)

2001:0DB8:1703:1140::/64

115

192.168.52.0/24

 

 

VOIP (Zone2)

2001:0DB8:1703:1141::/64

116

192.168.53.0/24

 

 

Wireless Clients

2001:0DB8:1703:1150::/64

125

192.168.55.0/24

 

 

Security System

2001:0DB8:1703:1160::/64

130

192.168.57.0/24

 

 

2nd Floor

2001:0DB8:1703:12::/56

 

 

2

Data

2001:0DB8:1703:1210::/64

201

192.168.64.0/24

 

 

Printer

2001:0DB8:1703:1220::/64

205

192.168.65.0/24

 

 

Video

2001:0DB8:1703:1230::/64

210

192.168.66.0/24

 

 

VOIP(Zone1)

2001:0DB8:1703:1240::/64

215

192.168.67.0/24

 

 

VOIP(Zone2)

2001:0DB8:1703:1241::/64

216

192.168.68.0/24

 

 

Telco

2001:0DB8:1703:1250::/64

220

192.168.71.0/24

 

 

3rd Floor

 

2001:0DB8:1703:13::/56

 

 

3

Data

2001:0DB8:1703:1310::/64

301

192.168.80.0/24

 

 

Printer

2001:0DB8:1703:1320::/64

305

192.168.81.0/24

 

 

Video

2001:0DB8:1703:1330::/64

310

192.168.82.0/24

 

 

VOIP (Zone1)

2001:0DB8:1703:1340::/64

315

192.168.83.0/24

 

 

VOIP (Zone2)

2001:0DB8:1703:1350::/64

316

192.168.84.0/24

 

 

Wireless Clients

2001:0DB8:1703:1360::/64

320

192.168.85:0/24

Table 2 Example IP Breakout for Access Networks with Sample Data

 

2620:12C:20

0

0:

0

0

0

0

0000:0000:0000:0000

Network

Open

Environment

Open

Network Type

Primary Usage

Host

Table 3 Example Legend for Point to Point and Loopbacks

Network

Network Portion

2001:0DB8:17

X

X:

X

X

X

X

 

Open

FUBAR Bit/nuclear option to provide for additional address schemes

 

0

 

 

 

 

 

 

Environment

Networks

 

 

0

 

 

 

 

 

Open

 

 

 

 

0

 

 

 

 

Network Type

Point to Point

 

 

 

 

0

 

 

 

Loopback

 

 

 

 

1

 

 

 

Primary Usage

 

 

 

 

 

 

X

X

 

Host

 

 

 

 

 

 

 

 

XXXX:XXXX:XXXX:XXXX

Table 4 Another example of an IP Scheme Breakout

 

 

 

 

Usage

Net/Device

IPv6 Block Assignment

Current IPv4

 

 

Network

2001:0DB8:1700::/48

 

 

 

 

Peering Networks

2001:0DB8:1700:0::/52

 

 

 

 

 

 

R 01 <-> R 02

2001:0DB8:1700:0000::/127

192.168.27.36/30

 

 

 

 

 

R 01 <-> R 03

2001:0DB8:1700:0001::/ 127

192.168.27.40/30

 

 

 

 

 

R 02 <-> R 03

2001:0DB8:1700:0002::/ 127

192.168.27.44/30

 

 

 

 

 

R 03 <-> R 04

2001:0DB8:1700:0003::/ 127

192.168.27.48/30

 

 

 

 

 

R 04 <-> R 01

2001:0DB8:1700:0004::/ 127

192.168.27.52/30

 

 

 

 

Loopbacks

2001:0DB8:1700:0100::/52

Local-Link

IPv4 Loopback

OSPF ID

 

 

 

R 01

2001:0DB8:1700:0100::3/128

FE80::3:0/128

192.168.0.3/32

10.0.0.3

 

 

 

R 02

2001:0DB8:1700:0100::4/128

FE80::4:0/128

192.168.0.4/32

10.0.0.4

 

 

 

R 03

2001:0DB8:1700:0100::5/128

FE80::5:0/128

192.168.0.5/32

10.0.0.5

 

 

 

R 04

2001:0DB8:1700:0100::6/128

FE80::6:0/128

192.168.0.6/32

10.0.0.6

 

 

 

FW 01

2001:0DB8:1700:0100::7/128

FE80::7:0/128

192.168.0.7/32

10.0.0.7

 

 

 

FW 02

2001:0DB8:1700:0100::8/128

FE80::8:0/128

192.168.0.8/32

10.0.0.8

 

 

 

 

 

 

 

 

 

 

 

Table 5 Example IP Breakout for P2P and Loopbacks with Sample Data

Resources

https://getipv6.info/display/IPv6/IPv6+Address+Allocation+BCP

Security

  • Management
    • Apply ACLs to VTY lines
    • Apply ACLs to SNMP communities/groups
    • Configure ICMP error message rate limiting on routers
  • Routing security
    • Be careful when creating “deny ipv6 any any” access control lists may block RA’s
    • Manually assign the link‐local addresses
    • Suppress Router Advertisements on point to point links.
      • Also disable redirects and unreachable
    • Filter internal-use addresses at the agency border
  • Use Dynamic Addressing (DHCP/SLAAC) (SLAAC is highly discouraged)

Remember NOT TO USE transition mechanisms – these will have specific address format requirements

  • ISATAP
  • NAT64 (/96)
  • 6rd, MAP
Theme 
Infrastructure Management
Topic 
EA: Infrastructure Architecture
Infrastructure
Content Type 
Recommendations
Source 
IPv6 Workgroup
Related Policies and Standards 
Statewide Migration to IPv6