ipv6 address-planning

IPv6 Address Planning Tim Martin

CCIE #2020

Solutions Architect

Spring 2016

Cisco Confidential 2 © 2013-2014 Cisco and/or its affiliates. All rights reserved.

Agenda •  Strategic Planning Steps •  IPv6 Address Planning •  Exercise •  Conclusion

IPv6 Strategic Planning

Architectural Model

Planning and coordination is required from many across the organization, including … v  Network engineers & operators v  Security engineers v  Application developers v  Desktop / Server engineers v  Web hosting / content developers v  Business development managers v  …

v  Create a project team & plan v  Identify business value, requirements & impacts v  Assess equipment & applications for IPv6 v  Begin training & develop training plan v  Develop the architectural solution v  Obtain a prefix and build the address plan v  Define an exception process for legacy systems v  Update the security policy v  Deploy IPv6 trials in the network v  Test and monitor your deployment

IPv6 Planning Steps Outline

340,282,366,920,938,463,463,374,607,431,768,211,456 340 undecillion, 282 decillion, 366 nonillion, 920 octillion, 938 septillion, 463 sextillion, 463 quintillion, 374 quadrillion, 607 trillion, 431 billion, 768 million, 211 thousand, 456

So How Big Is The IPv6 Address Space?

§  Lot’s of talk about how big, it’s BIG, do NOT worry about waste

§  Theoretical vs. Practical, split the 128 bits in half

§  64 bits will define the network topology, 64 bits define the host id

18,446,744,073,709,600,000 IPv6 addresses /64 (31,536,000 seconds/yr * 10,000,000 IPv6 addresses/second)

18,446,744,073,709,600,000 / 315,360,000,000,000

= 58,494 years - Ed Horley

IPv6 Addressing

IPv6 Address Family

Multicast Anycast Unicast

Assigned Solicited Node

Unique Local Link Local Global Special Embedded

*IPv6 does not use broadcast addressing

Well Known Temp

Hexadecimal, it’s really not that difficult

Widely used in computing and programming Hex is a base 16 numerical system Typicaly expressd by 0x, i.e 0x34

Every nibble is a Hex character 4 bits have 16 combinations Easier than high school algebra

256’s |16’s | 1’s 3 4 a c 2 4 d

100s | 10’s | 1’s 0 5 2 1 7 2 5 8 9

IPv6 Address Format

IPv6 addresses are 128 bits long (32 hex characters) 8 groups (words, quad’s) of 16 bits separated by (:)

Network or topology portion is the prefix Includes the “subnet”

Host Portion Network Portion

2001 : 0db8 : 0100 : 1111 : 0000 : 0000 : 0000 : 0001 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits 16 bits

Host Id Subnet Id Global Route Prefix

2001:0db8:0100:1111:0000:0000:0000:0001

Abbreviating IPv6 Addresses (RFC5952)

Leading 0’s can be omitted The double colon (::) can appear only once

2001:0db8:0000: :0000:0000:0000:1e2a 00a4 Full Format

2001:db8:0: :0:0:0:1e2a a4 Abbreviated Formats

2001:db8:0: ::1e2a a4

Unicast IPv6 Address Types

Link-Local – Non routable exists on single layer 2 domain (fe80::/10) fe80:0000:0000:0000

:: xxxx:xxxx:xxxx:xxxx

fc00:gggg:gggg: xxxx:xxxx:xxxx:xxxx ssss:

fd00:gggg:gggg: xxxx:xxxx:xxxx:xxxx ssss:

Unique-Local – Routable within administrative domain (fc00::/7)

2000:NNNN:NNNN HHHH:HHHH:HHHH:HHHH

Global – Routable across the Internet (2000::/3) :SSSS:

3fff:NNNN:NNNN HHHH:HHHH:HHHH:HHHH :SSSS:

•  RecommendedAlloca,ons•  Consumer,SMB/56/60/64•  MunicipalGovernment,Enterprise,SingleAS/40/44/48•  StateGovernments,Universi,es(LIR)/32/36/40

•  Addressing Plan, Site Count •  IPv4 Allocation, Multi-homed ISP • 1 - 12 sites, a /44 assignment • 13 - 192 sites, a /40 assignment • 193 - 3,072 sites, a /36 assignment • 3,073 - 49,152 sites, a /32 assignment

Registries

Level Four Entity

IANA

ISP Org

PA

/48

2000::/3

/12

/32

2000::/3

/48

/12

PI

/32

/48

RIPE

Global Address Assignment

Subordinate

•  PA or PI from each region you operate in •  Coordination of advertised space within each RIR, policy will vary

•  Most run PI from primary region

Multi-national Model

Prefix Length Considerations

Pt 2 Pt /127

WAN

Core /64 or /127

Servers /64

Hosts /64

Loopback /128

•  Anywhere a host exists /64

•  Point to Point /127 Should not use all 0’s or 1’s

in the host portion Nodes 1&2 are not in the

same subnet

•  Loopback or Anycast /128

•  RFC 7421 /64 is here

•  RFC 6164 /127 cache exhaust

IPv6 Address Planning

1.  Keep it SIMPLE §  You don’t want to spend weeks explaining it!

2.  Embed information to help operations §  To help troubleshooting and operation of the network §  Examples: location, country, PIN, VLAN, IPv4 info addresses

3.  Plan for expansion (build in reserve) §  Cater for future growth, mergers & acquisitions, new locations §  Reserved vs. assigned

4.  Exploit hierarchy / aggregation §  Good aggregation is essential, just one address block (per location) §  Ensures scalability and stability

4 Rules

2001:420:1234::/48

2001:420:1234:0100:/56 2001:420:1234:0200:/56 2001:420:1234:0400:/56 2001:420:1234:0300:/56

2001:420:1234:0500:/56 …

§  Structure §  Prefix sizing

§  Information encoding

§  Infrastructure addressing

Methodology

§  How many prefixes will you need at each level of the addressing plan §  Example: a BNG can handle 64000 subscribers = 64000 IPv6 prefixes §  Example: the number of interconnects (P2P) in your network §  As always, put aside a reserve!

§  How many /64 prefixes (subnets) you need to deploy at a location §  I.E: desktops, WIFI, guestnet, sensors, CCTV, network infrastructure, etc.. §  As always, put aside a reserve!

§  Don’t worry about the number of hosts §  We have more than 254 of IPv6 addresses for hosts :’)

Methodology (2) – Number of Prefixes per Level

Example - How Many Subnets in a Location?

•  Follow the logical flow –  How many subnets in each location? –  What does sit under infrastructure? –  How many point-to-point links? –  Where is the reserve?

/52 Infrastructure

/48 location

/56 Interconnects

/56 Loopbacks

256x /64 P2P links

256x /64 Loopbacks /128 per Loopback

/52 Desktops

/52 Wireless

/52 etc.

/127 per P2P link

/56 reserve

/56 reserve

...

§  Remember transition mechanisms – these will have specific address format requirements §  ISATAP §  NAT64 (/96) §  6rd, MAP

§  Possible encoding of information in particular portions of the IPv6 prefix §  Places In the Network (PINs) §  VLANs in the prefix

§  VLAN 4096 à 2001:db8:1234:4096::/64 (alternatively in hex J) §  The whole IPv4 address or just a portion

§  consider this carefully – trade-off between linkage vs. independence §  IPv4 address 10.0.13.1 à 2001:db8:1234:100::10:0:13:1

§  Router IDs in the Interface Identifier / IPv4 in Link-Local §  Consider security implications!

Methodology (3) – Information Encoding

Methodology (4) – Infrastructure Addressing 1.

•  First recommendations: configure /64, /112 or /126 •  RFC 3627, September 2003 – /127 considered harmful •  moved to historic by RFC 6547 (Feb. 2012)

•  Since April 2011, RFC 6164 recommends /127 on inter-router (P2P) links •  Current recommendation /64, /126 or /127

•  /127 mitigates ND exhaustion attacks •  Allocate /64 from a block (e.g. /56) for infrastructure links but configure /127

•  Example: 2001:db8:1234:1::0/127 and 2001:db8:1234:1::1/127

•  What about offsetting the suffix •  2001:db8:1234:1::a/127 •  2001:db8:1234:1::b/127

•  You must follow the /127 subnet rule!!!

2001:db8:1234:1::A/127 2001:db8:1234:1::B/127

R2R1 21

Methodology (4) – Infrastructure Addressing 2.

•  E.g. Dedicate /56 for Loopback addresses per location

•  Allocate /64 per Loopback but configure /128 •  Example: 2001:420:1234:100:1::1/128 and 2001:420:1234:101:1::1/128 •  Avoid a potential overlap with Embedded RP addresses

•  Remember to check how many Longest Prefix Matches (LPM) [/128] your network devices can carry •  Does not always equal the total number of supported IPv6 prefixes

Loopbacks

22

Example of an IPv6 Prefix Allocation (Cisco)

/40 - /44 per Site Upto 256 Buildings

per Site

Site = Campus

13th Nibble = PIN /52 per PIN

(4096 Subnets / PIN)

PIN = Place In the Network A framework to classify network roles e.g. Lab, Desktop, DC, DMZ etc

/48 per Building/FSO (16 PINs per Building/FSO)

FSO = Field Sales Office

/37 - /39 per Sub-Region

/35 - /36 per Region

Global Level 2001:420::/32 Using /34 with 50% spares

For Your Reference

Example of an IPv6 Prefix Allocation (ISP)

/30

/30 for Subscribers

/32 for Internal Addressing

/36 per PoP

/32 for Private Addressing

/32 for External Addressing (non-Subsribers)

/32 as a reserve

/56 per Subscriber

/40 for Enterprise DC External

/40 for Enterprise Infrastructure External

/40 for Enterprise Campus External

/29 from RIPE

/40 for Core Network External Services

/40 for Core Network Internal Services

/40 for Enterprise DC Internal

/64 for Loopbacks (/128s)

/40 for Enterprise Campus External

/40 per BNG

For Your Reference

Exercise

•  Methods •  Follow IPv4 (/24 only), Organizational, Location, Function based

•  Hierarchy is key (A /48 example) •  Bit twiddle's dream (16 bit subnet strategy) •  4 or 8 bits = (16 or 256) Regions (states, counties, agencies, etc..) •  4 or 8 more bits = (16 or 256) Sub Levels within those Regions •  4 more bits = (16) Traffic Types (Admin, Guest, Telephony, Video, etc..)

•  Cisco IPv6 Addressing White Paper •  http://www.cisco.com/go/IPv6

•  Monotonically (1000, 2000, 3000, etc.) vs. Sparse (0000, 4000, 8000, c000 )

Building the IPv6 Address Plan

26

§  European-wide conglomerate in the food and consumables sector. §  Has presence in about 19 countries expected to grow to about 37 §  They also have a sister company (ACME ISP) which is providing

European-wide telecommunications services.

ACME Enterprise

§  ACME has grown organically through a policy of acquisitions and mergers over the past few years.

§  Use of private (RFC 1918) and/or illegal IPv4 address blocks, NAT is widely used. This is negatively impacting the behaviour of some enterprise applications.

§  ACME has decided to strategically deploy IPv6 within the ACME enterprise network. This will enable applications and services to be moved from IPv4 to IPv6 on a case-by-case basis

§  For its WAN connectivity, ACME enterprise uses the MPLS VPN service offered by ACME ISP.

ACME Enterprise Current State of the Network

§  ACME ISP is a RIPE member and have been allocated a /19 IPv6 address block. ACME Enterprise has been provided 2014:1b2::/32 from its ISP. ACME ISP will be interconnecting all the IPv6 locations of the ACME enterprise network.

§  The most important requirements for the IPv6 addressing design are for it to be highly hierarchical, uniform and scalable. This will greatly simplify the design, operation and troubleshooting of the network.

ACME Enterprise IPv6 High Level Requirements

§  As a general rule, ACME would like to use byte (8-bit)-boundaries between the different hierarchies of the IPv6 addressing. HINT!!!

§  At the first level, the addressing scheme needs to support at least 37 countries (HINT!!!). Also some address blocks should be reserved for future growth in the larger countries.

§  At the second level (within each country), there are a number of campus locations. It is at this level that connectivity into the ACME ISP network is provided. The largest country has about 40 campus locations (HINT!!!).

ACME Enterprise Detail Requirements

§  At the third level (within each campus location), the number of buildings within each campus (4-6 maximum). Therefore, allocating these blocks on a byte boundary is deemed as overkill. A nibble (4-bit) boundary will suffice here. HINT!!!

§  A separate “virtual building” address block needs to be set aside for network infrastructure addressing within that campus location.

§  At the forth level (within each building), individual IPv6 subnets need to be assigned to individual VLANs.

§  An additional requirement is to divide up the network infrastructure block in ranges for loopback, link and network services addressing.

ACME Enterprise Detail Requirements (Cont.)

§  Design an IPv6 address plan for ACME enterprise applying with what you have learned in this session and the mentioned HINTS.

§  Work top-down through the address plan.

§  Focus first on the end-system addressing.

§  Think about the network infrastructure addressing

§  There are multiple acceptable solutions, it’s more important to think about the problem and apply the methodology.

Building An Address Plan For ACME Enterprise (Tasks)

Conclusion

ACME Enterprise IPv6 Addressing Exercise

/64 4096

/48