How to choose IPv6 addresses for customer links?

Mohacsi Janos mohacsi at niif.hu
Fri Jan 30 15:06:57 CET 2009 


On Fri, 30 Jan 2009, Martin Horneffer wrote:

> Hello,
>
> I'd like to collect opinions from the experienced IPv6 network
> engineers that meet here so nicely:
>
> Consider a service provider that provides IPv6 services to leased line
> customers.
> In almost all cases the customer gets a /48 out of the aggregate of
> the service provider.
> In many cases and probaly in most future-oriented cases the physical
> interface is some kind of ethernet (10/100/100/10000 Mbit/s). Thus the
> link to the customer needs its own addresses.
> Some customers might want operate their own routers and maintain
> several subnets. But some customers might also be happy with having
> just one subnet and probably some kind of (layer-2) switches.
>
> My questions is now: How should the addresses for the link network be
> chosen?
>
> My understanding would be that it might be best to select one /64 out
> of the customer's /48. And to route the complete /48 to one address of
> that /64.
> Thus the customer can easily put their hosts in the simple /64 if they
> only have layer-2 devices.
> Or they can set up their own router. It would have to use the address
> mentioned above from the link network and can use up to 65535 more /64
> subnets. They lose one /64 for the link network, though.
>
> Would that be a sensible addressing scheme? Or would a customer insist
> to get a completely independet /64 for the link addresses?

I would ask you:

- Did you implement infrastructure protection with infrastructure ACL?  - 
protecting all you devices with edge filtering

If yes, then I would ask a customer to allocate /64 from their address 
block, otherwise would be mode difficult to manage protection against the 
potential malicius traffic coming from outside.


The selecting address for the last 64 bit is also a kind of challenge to 
prevent scanning attacks on this links see: rfc 5157 
http://www.ietf.org/rfc/rfc5157.txt

Best Regards,


>
>
> Best regards,  Martin
>
> -- 
> Dr. Martin Horneffer
> Deutsche Telekom Netzproduktion GmbH
> Technical Engineering Center
>
> Deutsche Telekom Netzproduktion GmbH
> Supervisory Board: Timotheus Hoettges (Chairman)
> Managing Board: Friedrich Fuß (Chairman), Albert Matheis, Klaus Peren
> Commercial register: Amtsgericht Bonn HRB 14190
> Registered office: Bonn
> VAT ident. no.: DE 814645262
>

More information about the ipv6-ops mailing list