This post looks at sizing the IPv6 Global Routing Prefix and creating the subnet plan for the previously defined hypothetical company.
From the prior post, remember that we have these constraints:
- The assignment of the Global Routing Prefix is gone by an Internet Registrar according to their policies. You must justify the size of the allocation you request.
- Subnets are “always” on a /64 boundary (host identifiers are “always” 64 bits)
- “Sites” are groups of subnets on a /48 boundary
- Only networks with prefixes at /48 or larger are considered “publicly routable” by most ISPs. They won’t announce routing data for anything smaller.
The first thing to look at is the needed size of the address prefix. Here’s a modified diagram from RFC 4291. This one includes the specification that the Interface ID is fixed at 64 bits.
The general format for IPv6 Global Unicast addresses is as follows: | n bits | m bits | 128-n-m bits | +------------------------+-----------+----------------------------+ | global routing prefix | subnet ID | interface ID | +------------------------+-----------+----------------------------+ | P bits | S bits | 64 bits | +------------------------+-----------+----------------------------+
What we need to figure out is what is the size of prefix (P bits) we need, in order to get enough subnets (S bits) to create a reasonable network architecture. There’s no real limit to the number of hosts in a subnet, but subnets are used for all kinds of things including routing and access decisions. Since this company is in North America, we’ll use policies from ARIN.
The ARIN Number Resource Policy Manual (NRPM) uses “sites” as the determining number to determine the prefix size, so let’s look at the “sites” in this company.
While there are only six office locations, there are actually more “sites”. Two locations actually have four sites each, as they each house four completely unique sub-organizations, each meeting the definition of “site” from the NRPM. Two more locations each house two sites, and the last two locations each house a single site. At least two of the locations have their own Internet connections, meaning that they must have at least /48 assignments to be able to announce their routes publicly, which is additional justification that there are multiple sites in some locations. That’s 14 sites in six locations.
In the three co-location facilities, there are independent complexes of independent consumer facing services and extensions of the office (internal) networks for DR. At each so-lo, these consumer services are in distinct “sub-facilities”, each leased to a separate business entity and a unique site. There are six sub-facilities spread across the three hosting locations. The sub-facilities have separate ISPs and must be able to announce their own public routes, providing additional justification that the sub-facilities must be distinct sites. Two co-lo facilities host DR sub-facilities which are also separate sites. Two co-lo’s also have internal services that are used by the office sites. This means that three co-lo facilities actually contain 10 unique sites.
That’s a total of 24 sites in all. Per NRPM Section 22.214.171.124, the allocation of a /40 prefix is justified.
We now know that P is 40 bits, the host ID is 64 bits so we have 24 bits for “subnet”. We also need to work in the /48 definition for “site”, so we end up with something that looks like this. We’re switching from /prefix notation to showing the actual IPv6 address format, which is how people will see the address plan:
In this format:
- PPPP:PPPP:PP represents the /40 IPv6 address prefix assigned to us by ARIN.
- CC represents an 8-bit (2 nibble) “site code” that represents a location, usage, organizational unit or other network “slice” as needed. There are 256 site codes in this plan, numbered 0x00 through 0xFF. A “site” is a /48 prefix that may be announced publicly via an ISP for Internet routing. Sites may be internal (behind a firewall, not announced) or external (publicly announced and routed) as defined by each region.
- SSSS represents a 16-bit (4 nibble) network (subnet) number. These are the traditional “subnets” as used in IPv4, there are just more of them and they are larger. Subnets are on the /64 prefix boundary. Subnets are unique within a single site code, but are not unique beyond site code boundaries. There are 65536 possible subnets per site code, numbered 0x0000 through 0xFFFF. Subnets are NOT publicly routable and will not be accepted by most ISPs for public routing.
- HHHH:HHHH:HHHH:HHHH represents the 64-bit (16-nibble) host interface identifier. This is the same as the host part of an IPv4 address; it is just much larger. Host identifiers can be assigned in many ways including SLAAC, DHCPv6 or by static assignment.