dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
574
share rss forum feed


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

Subnetting check...

I just received a /64 from HE.net and want to see if I am doing this correctly.

I am trying to split it up into 4 subnets, /66, and just want to run it past those more knowledgeable then me.

Here is what I have:

Original network

2001:0470:0007:0bd7:0000:0000:0000:0000/64

Networks (4 total)

2001:0470:0007:0bd7:0000:0000:0000:0000/66 2001:0470:0007:0bd7:4000:0000:0000:0000/66 2001:0470:0007:0bd7:8000:0000:0000:0000/66 2001:0470:0007:0bd7:c000:0000:0000:0000/66

My router LAN and servers are on 2001:0470:0007:0bd7:4000:: and I am trying to create the setup so that all my dynamic clients are on 2001:0470:0007:0bd7:5000::

My tunnel IP is on the 2001:0470:0007:0bd7:0000 subnet.


Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL
Nothing stands out to me as being a problem, except for one little issue:

If you're going to be using autoconfiguration for your dynamic IP assignment, I believe this configuration breaks eui-64. I usually set up different subnets with /64 so I don't run into any issues with autoconfiguration. DHCPv6 should be fine, just keep in mind a lot of devices don't support DHCPv6. Android is the first platform that comes to mind that doesn't support DHCPv6.


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

2 recommendations

reply to ropeguru
You can request a routed /48 from HE. Wouldn't that be the more straight forward approach?


Clever_Proxy
Premium
join:2004-05-14
Villa Park, IL
I forgot about that! I would suggest that as well.


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA
reply to graysonf
I sure can but was wondering why I should waste all those addresses. And yeah, I know there are PLENTY available..


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2
It's not a matter of waste. It's a matter of having it work. As already mentioned, splitting a /64 further breaks some things.


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

3 recommendations

Thanks for all the comments. I will get a /48 assigned and do it the right way.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

3 recommendations

reply to ropeguru
said by ropeguru:

I sure can but was wondering why I should waste all those addresses. And yeah, I know there are PLENTY available..

Because the morons who designed IPv6 didn't learn anything from the mistakes of IPv4. They demand you waste space like this. SLAAC is the lamest of optimizations in a sea of bloated specifications; address selection logic in 4 machine instructions, but IPsec has to be builtin. (after many years, IPsec is now "optional", but SLAAC still requires a prefix-len of 64.)

[While it's unlikely we'll run out of v6 addresses within our lifetime, our inefficient handing out of the new, longer Pez(tm) means we're dooming our children to repeat our (or our parent's, depending on how young you are) mistakes.]


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA
reply to ropeguru
/48 obtained and initial network setup complete.

THanks everyone...


mackey
Premium
join:2007-08-20
kudos:12

1 edit

2 recommendations

reply to cramer
said by cramer:

said by ropeguru:

I sure can but was wondering why I should waste all those addresses. And yeah, I know there are PLENTY available..

Because the morons who designed IPv6 didn't learn anything from the mistakes of IPv4. They demand you waste space like this. SLAAC is the lamest of optimizations in a sea of bloated specifications; address selection logic in 4 machine instructions, but IPsec has to be builtin. (after many years, IPsec is now "optional", but SLAAC still requires a prefix-len of 64.)

[While it's unlikely we'll run out of v6 addresses within our lifetime, our inefficient handing out of the new, longer Pez(tm) means we're dooming our children to repeat our (or our parent's, depending on how young you are) mistakes.]

I used to think like that, but then I realized just how big the IPv6 address space really is. Our children will not have to worry about it. Neither will their children. Or their children.

As 64 bits of the address are required for SLAAC, pretend for a moment IPv6 addresses are only 64 bits long. How many different networks is that compared to IPv4 hosts? With binary, every bit added DOUBLES the number of values, so take the total number of IPv4 addresses and double it. Then double it again. And again. And again. Once you've doubled it 32 times you'll have the number of networks IPv6 supports.

If we double the number of networks/households (networks, not devices) connecting to the internet every 10 years, it will be 310 years before we run out of IPv6 addresses.

/M

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

1 recommendation

said by mackey:

I used to think like that, but then I realized just how big the IPv6 address space really is.

Big, but not infinite. One can be wasteful with anything.

As 64 bits of the address are required for SLAAC

That's a paper requirement only. There is ZERO technical justification for that today.

How many different networks is that compared to IPv4 hosts?

An irrelevant number. What is at issue is how sparse or dense one uses that space. IPv6 has 256 /8's. Of which 4 are already used:
• ff::/8 - multicast
• fe::/8 - contains link-local (which itself is a massive we-did-not-learn-shit-from-ipv4 mistake... fe80::/10 118bits where only 64 ever get used.)
• fc::/7 - ULA
There are 16mil (2^24) /32's in the currently assigning /8.[*] That's one PI block for every IPv4 /24 (actually more since a lot of IPv4 space is reserved); we'd blow through that in a day if IPv4 were magically shut off. "There's plenty more..." until there isn't. There are over 6billion people on earth -- over 2^32; IPv6 isn't large enough to give them all their own /32. (I'm not saying everyone needs a /32 or that anyone is going to try, but the point is we can waste (and to some measure ARE) IPv6 just like we did IPv4.)

The IPv4 designers also thought 32bits was so huge they'd never be used. "There will never be that many machines (or people) in the world."

[*] ARIN's current policy is /48's for end-users and /32's for ISPs.


mackey
Premium
join:2007-08-20
kudos:12

2 edits

1 recommendation

said by cramer:

said by mackey:

As 64 bits of the address are required for SLAAC

That's a paper requirement only. There is ZERO technical justification for that today.

There is technical justification for 48 bits, and rounding it up to the next largest easy to read/write block to allow room for eventually increasing MAC addresses to 64 bits or room for both manual and auto assignments on the same network makes it 64.

said by cramer:

said by mackey:

How many different networks is that compared to IPv4 hosts?

An irrelevant number. What is at issue is how sparse or dense one uses that space. IPv6 has 256 /8's. Of which 4 are already used

That may be, but there are also 256 /8's with IPv4 but more then 36 of those are reserved making IPv6 MUCH more efficient in that respect.

said by cramer:

There are over 6billion people on earth -- over 2^32; IPv6 isn't large enough to give them all their own /32.

No, but we could give everyone their own "end user" /48 and the population would have to grow 256 times the current size before we'd exhaust the currently assigning /8, and we'd still have 251 /8's left over.

/M

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
said by mackey:

There is technical justification for 48 bits

Negative. That, too, is a mere paper-constrained convenience. And for the record, SLAAC was a /80 in the beginning, but moved to /64 to accommodate EUI-64, common in post-ethernet systems. That doesn't change the fact that using a layer-2 address to form a layer-3 address is an unnecessary constraint -- and an overall Bad Idea(tm) in general. Even when privacy is enabled, the system generates a random address, but SLAAC's /64 requirement is still there.

I'll say it again... SLAAC is an entirely misdirected optimization. IPv6 is a huge complicate ball of requirements. Making automatic address selection a single line of code (c/c++) given all the other crap is lame. The proponents of SLAAC should've been executed as soon as the words came out of their mouth... IPv6 is classless, yet SLAAC forces a "class" into the mix; everybody now assumes 64bit network plus 64bit host. And that is absolutely g** d*** WRONG. (I've heard of idiots designing hardware with that in mind.)

Say it with me children: C-L-A-S-S-L-E-S-S. The (sub)network can be ANY size.

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

2 recommendations

You're representing an awful lot of opinions as facts, which they are not. It seems pretty obvious you're not a fan of SLAAC, I don't believe there is any absolute requirement that you need to support it on your own network. Though I'd imagine there is a fair amount of pain involved with that decision depending on the different types of devices that connect to the network.


mackey
Premium
join:2007-08-20
kudos:12

2 recommendations

reply to cramer
So what you're really saying is the elimination of a DHCP server and allowing the hosts to configure themselves using a well-known subnet size is very bad. You could just say that without pulling the "wasteful!" card as justification; even if SLAAC used a /120 we still end up with the same problem of brain-dead designers assuming everything is always that size. Heck, I've run into issues with router software assuming the (IPv4) LAN is always a /24.

If we're going to have SLAAC at all, might as well make it simple and give everyone a guaranteed-to-be-unique, static address thereby eliminating manual configuration on devices and hardcoded lists on DHCP servers.

/M

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to AVonGauss
said by AVonGauss:

I don't believe there is any absolute requirement that you need to support it on your own network.

In the beginning, SLAAC was not optional in any measure of the word. Mentioning "DHCP" would get your thrown out of IPng WG -- they hated DHCP beyond measure. (this just shows how far disconnected they were from the Real World(tm), as DHCP was everywhere, and enterprises and home users (of the day) loved it.) DHCPv6 was a much later concession -- there are many things a host needs to know beyond just an address but this was obscured by DHCPv4 filling that in, turn off IPv4 and everything became very broken.

Today, SLAAC is still very much required -- both in the IPv6 stack for standards compliance, and operationally as too many things don't support anything else. Yes, on paper, it's use is optional; setting bits in the RA can tell hosts not to use it, falling back to manual addressing or DHCPv6 -- if they support either. But not everything supports DHCPv6, and a smaller set doesn't even support manual static addressing. (I'm looking at you Android! Yes, your android devices support IPv6, but there's nothing in any GUI anywhere to show it, and you'll have to root the device to do anything about it.)

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to mackey
On the point of "wasteful"... everything about v6 is wasteful with the justification of "it's so mind alteringly huge." 2^64 for a LAN segment??? There aren't that many IPv6 things in the world -- and likely won't be for many decades -- yet every LAN will be that big. More or less, infinitely sparse. Randomly selecting an address and checking for duplicates isn't that hard (and is part of the standard now.) (Windows has done this [DAD] since 1995. Most Linux distro have done the same for just as long (see also: arping))

Wasteful is wasteful, whether you agree or not. Would you assign a globally routable IPv4 /24 to a LAN with 5 hosts? No. Then why is it ok to do worse [2^64 LAN segment] in IPv6? ("because we have soooo many addresses" is the wrong answer and shows how well people have not learned anything from IPv4.)

said by mackey:

So what you're really saying is the elimination of a DHCP server and allowing the hosts to configure themselves using a well-known subnet size is very bad.

In part... adding a "class" into a "classless" addressing system is THE problem with SLAAC. It leads people to stupid, lazy assumptions like "all networks are /64". Hosts selecting their own address based on a provided prefix isn't bad per se, but the way SLAAC rams a prefix size down your throat is a serious error. (and one I've bitched about for ~20 years) Anything capable of running a modern IPv6 stack is trivially capable of randomly generating an address of any size and running duplicate address detection [DAD] to ensure it's not in use.

AVonGauss
Premium
join:2007-11-01
Boynton Beach, FL

1 recommendation

With all this focus on SLAAC, you're going to be horribly disappointed with the average prefix length in the global routing tables.


mackey
Premium
join:2007-08-20
kudos:12

1 recommendation

reply to cramer
said by cramer:

Randomly selecting an address and checking for duplicates isn't that hard (and is part of the standard now.) (Windows has done this [DAD] since 1995. Most Linux distro have done the same for just as long (see also: arping))

Anything capable of running a modern IPv6 stack is trivially capable of randomly generating an address of any size and running duplicate address detection [DAD] to ensure it's not in use.

Yes they can give themselves a random address, but how do you make it static and unchanging without a stateful DHCP server which has a hardcoded list of MAC<->IP assignments or hardcoding addresses in devices? Once you start punching holes in the firewall you NEED the devices to retain the same address every time they boot, no matter which order similarly configured devices come up in. SLAAC makes it trivial to make sure a device always has the same and guaranteed to be unique address.

said by cramer:

Would you assign a globally routable IPv4 /24 to a LAN with 5 hosts?

If we were not running out then yes. The network I'm on right this second uses a /24 but only has 3 devices (plus router), though it's not publicly routable. I for one do not wish to reconfigure my entire network or request an address range increase from my ISP every time I add a device.

No IPv6 isn't the most efficient, but IPv4 lasted us 33 years (and counting) while IPv6 (assuming everyone gets a /48) doubles the address space 16 times in addition to being more efficient with the 256 topmost /8's.

said by cramer:

In part... adding a "class" into a "classless" addressing system is THE problem with SLAAC. It leads people to stupid, lazy assumptions like "all networks are /64". Hosts selecting their own address based on a provided prefix isn't bad per se, but the way SLAAC rams a prefix size down your throat is a serious error. (and one I've bitched about for ~20 years)

You obviously have never tried to run an online service. I for one like having a well-known network size I can use when making decisions about banning an address/range. It also keep ISPs from nickle-and-diming me to death by charging per IP address (oh you want a /125 instead of a /126 ? That'll be $14.99/month.).

/M


mackey
Premium
join:2007-08-20
kudos:12

1 recommendation

reply to cramer
said by cramer:

"because we have soooo many addresses"

Just wondering, have you looked to see exactly how much bigger the IPv6 address space is?

Assume we assign /48's to everyone out of the currently assigning /8 block. This gives us 2^40 (or 1,099,511,627,776) addresses. Assuming every IPv4 /32 address automatically gets a /48, this leaves us with 1,095,216,660,480 addresses available. Looking at the IPs-assigned-per-day burn rate chart, we see a huge spike in 2011 of approx. 2.4M addresses used per day. Assuming that spike is the normal per-day assignment rate, our 1,095,216,660,480 available addresses will be used up in 456,340 days or 1,250 years. And this is just for the currently-assigning /8!

However, I know of no ISPs which are handing out /48's. Comcast and AT&T are only giving you a /60. Even the datacenters I have servers in are only handing out /56's.

/M


graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:2

1 recommendation

HE will hand out a (tunneled) routed /48 to anyone who wants it.


mackey
Premium
join:2007-08-20
kudos:12

1 recommendation

I don't consider HE an ISP (though they actually are) because they don't do residential or cheap/common (DSL, cable) connections; they are more of a carrier. AFAIK they are the only ones who hand out /48's.

/M

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
reply to mackey
said by mackey:

Yes they can give themselves a random address...

There's "random" as found in privacy extensions, and then there's "pseudo-random" (read: we run the same fixed algorithm every time) you'd want here: something that returns the same number given the same input (prefix length.) Or you do it the way we've been doing it for decades... explicit static configuration, or "sticky" dhcp reservations. (or if you're a complete mental, uPNP)

If we were not running out then yes.

Gee, where have I heard that before? Early 80's... "no way we're ever going to use all this address space, here, have a /8." And ya' know, it sounded perfectly reasonable then, too. No one then had the remotest idea it would grow into what we use everywhere, for almost everything, today. No one knows what the landscape for IPv6 is going to become in 10, 50, or 100 years. Yet we're dooming ourselves with the same mistake: such a huge address-scape where we cannot envision ever using even a faction of it, so we hand out astronomically large chunks "Because we can"

You obviously have never tried to run an online service. I for one like having a well-known network size I can use when making decisions about banning an address/range.

Indeed I do. I've known for a long time, IP bans are futile game of whack-a-mole. Banning a single address is completely useless -- it's too easy to get a dynamic address to change. Banning a netblock, entire ISP (if you can find all their space), entire countries (again, good luck) will almost always end up pissing on many good users because of one bad apple.

As for ISPs charging for address space... I really don't see that going away. They are, after all, still paying for that space. And they never want to "leave money on the table".


Cabal
Premium
join:2007-01-21
reply to mackey
SixXS hands out /48s on request (web form). They include a /64 with a tunnel by default.
--
If you can't open it, you don't own it.


mackey
Premium
join:2007-08-20
kudos:12
And they provide cable or DSL connections where?

I'm well aware TUNNEL BROKERS hand out /48's. Now, who can name a ISP (as in, provides DSL or cable connections to at least an entire city) which hands out a /48 without calling them up and justifying/paying for it?

/M


mackey
Premium
join:2007-08-20
kudos:12

1 recommendation

reply to cramer
said by cramer:

Gee, where have I heard that before? Early 80's...

But by the late 80's they realized they were going to have a problem. That's less then 10 years. IPv6 has been out what, 17 years now? Has ANYONE predicted the depletion of IPv6 addresses yet?

said by cramer:

As for ISPs charging for address space... I really don't see that going away. They are, after all, still paying for that space. And they never want to "leave money on the table".

And yet Comcast and AT&T (and presumably TWC) give out /60's for free. Plus even if they didn't you get at least a /64 thereby preventing them from charging per address/device.

/M

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

1 recommendation

said by mackey:

IPv6 has been out what, 17 years now? Has ANYONE predicted the depletion of IPv6 addresses yet?

That's funny. It's been decades and we cannot, yet, predict when people are actually going to START using it. Much less when we're going to run out.

"We have IPv4; why the h*** would we touch IPv6?" Catch-22. Nobody is using it, so nobody wants to use it. Nobody's asking for it (less true today, but still not that big a number.) It doesn't get you anywhere, or get us anything. Net result: almost no (US) ISP supports IPv6 in any serious way. There's been a great deal of World IPv6 Day hand wavey "support".

And yet Comcast and AT&T (and presumably TWC) give out /60's for free. Plus even if they didn't you get at least a /64 thereby preventing them from charging per address/device.

It's too soon to tell how this is going to finally shake out. Comcast, Uverse, and TWC IPv6 support/coverage is far too limited and "experimental" still. Neither of my TWC connections have IPv6 (one res, one wideband small biz.) The "backup" uverse didn't last time I looked -- it's a 6rd tunnel if it is.

I have a sneaking feeling their engineers are in a back room cooking up a means of dynamic assignment of prefixes, so your prefix will change from time to time. (just like your IPv4 DHCP address can, and does, change from time to time.)


NetDog
Premium,VIP
join:2002-03-04
Parker, CO
kudos:79
said by cramer:

Nobody's asking for it (less true today, but still not that big a number.) It doesn't get you anywhere, or get us anything. Net result: almost no (US) ISP supports IPv6 in any serious way.

Comcast does ...

Comcast, Uverse, and TWC IPv6 support/coverage is far too limited and "experimental" still.

Not true at Comcast IPv6 is not experimental it is production where it is supported..

I have a sneaking feeling their engineers are in a back room cooking up a means of dynamic assignment of prefixes, so your prefix will change from time to time. (just like your IPv4 DHCP address can, and does, change from time to time.)

IP Addresses don't change that much today I have had the same IPv4 for the past 4 years and IPv6 for the past 2 years..
--
Comcaster.. Network Engineer with NETO