IPv6 Q&A for ISPs

Go ipv6 blog banner 01 02

As a follow on to my post on why small to medium ISPs should deploy IPv6 and the associated APNIC blog post, I have begun to compile a list of commonly asked questions IPv6 and their answers in relation to how a small to medium sized ISP can (and should) deploy IPv6. Expect this list to change and grow over time. 

——

Q: As a small to medium sized ISP, how much IPv6 address space do I need?

——-

A: This is heavily dependent on your environment and your RIR policy. Most will allocate a /36 or a /32. Either one is likely more than you will need, and my advice is typically to get the /32 and then create a solid address plan that accounts for future growth.Remember, subnetting should be done on the nibile boundary. If possible, try not to let cost drive technical decisions in this space. Best current practice for address allocation can be found here

——
Q: Is there DHCP in IPv6? 
——

A:  There are multiple DHCPv6 implementations, the one I like to use is isc-dhcpd as it tends to have the best standard support, is incredibly feature rich and well documented and is very scalable, but there are multiple options. 
——-
Q: How does one know what IP address the CPE has?
——
A: DUID (DHCP Unique Identifier), PPPoE, etc. There are several ways. 
——-
Q: How does one perform traffic shaping for the entire /64 (or /48, or other nibble boundary block) assigned to the customer?
——
A: Don’t shape on L3, it doesn’t scale. Shape on L2 at the CPE or use PPPoE. 
——
Q) Can a dynamic CPE environment where devices can pull addresses with minimal input and work from the provider still work?
——
A: Yes, DHCPv6 and DHCPv6-PD handle these functions. There are well traveled and well vetted how-to’s for this. It is how the large incumbent providers work, regardless of delivery last mile (DSL, DOCSIS, Fixed wireless, etc.) 

——-
Q: How does the host configure a host address? 
——-

A: Most devices will use what is called SLAAC. Addresses are auto-generated based on a MAC. A given host will have multiple IPv6 addresses and this is normal. There will also be the following on a HOST:
A link local address on every interface (starts with fe80: and is used for any communication on the same L2 segment)
A privacy address that rotates which much of the traffic will be worked from
An EUI-64 address (the auto configured address)
Potentially, but only when configured:
A DHCPv6 assigned address. 
A Static Address

On the ISP side, you’ll see any or all of the following:
A link local address (starts with fe80:)
An EUI-64 address
A static address
A prefix delegated prefix

———
Other commonly questions and advice

How should I lay out my new IPv6 address space? 

Like most things in networking, the answer is “it depends”. It needs to work for your environment and workflow. There really is no truly “wrong” way, but there are some ways that are certainly better simply due to hierarchy and management. One of the most common mistakes it to jump in without at least a rough plan. I learned this the hard way oh-so-long-ago.  Below are a few of the little spoken of tidbits that I learned the hard way or was taught by someone who learned through mistakes. 

Come up with a reasonable IPv6 address plan before you start – work through it as you can. Start with your backbone
You will no longer memorize addresses (which you should not do anyway), instead, do two things:

Think of all prefixes like you would consider a unique IPv4 address 4.2.2.2/32 ==2001:db8:44:22::/64
IPv6 addresses are written with the CIDR prefix (see above). A good write up and straw-man address plan can be found on John Osmon’s site here

Use DNS for everything you can – an IPAM like NetBox is your friend
It’s ok if your customers prefix delegation does not have reverse DNS
It’s ok to publicly address your infrastructure with IPv6. Use a single /48 dedicated for all infrastructure and then create an ACL at the network border to limit access
Public addresses for your customers are ok. 
There is no NAT as in the IPv4 world, and there should not be NAT for IPv6. Period. 
Yes, you want to dual-stack. It’s ok to have RFC1918 space plus public IPv6. In fact, that’s the most prevalent model (look at your cell phone)
You will have devices that won’t do IPv6. That’s expected. 
Yes, you can do IPv6 only, but it’s significantly harder to manage than a standard dual stack network. 

* Image source APNIC Blog 

© 3396 The Forwarding Plane. All rights reserved.

Copyright 2016 Nick Buraglio, ForwardingPlane, LLC

%d bloggers like this: