How to choose IPv6 addresses for customer links?
Dan White
dwhite at olp.net
Fri Jan 30 16:54:18 CET 2009
Martin Horneffer wrote:
> Hello,
>
> I'd like to collect opinions from the experienced IPv6 network
> engineers that meet here so nicely:
>
> Consider a service provider that provides IPv6 services to leased line
> customers.
> In almost all cases the customer gets a /48 out of the aggregate of
> the service provider.
> In many cases and probaly in most future-oriented cases the physical
> interface is some kind of ethernet (10/100/100/10000 Mbit/s). Thus the
> link to the customer needs its own addresses.
> Some customers might want operate their own routers and maintain
> several subnets. But some customers might also be happy with having
> just one subnet and probably some kind of (layer-2) switches.
>
> My questions is now: How should the addresses for the link network be
> chosen?
>
> My understanding would be that it might be best to select one /64 out
> of the customer's /48. And to route the complete /48 to one address of
> that /64.
> Thus the customer can easily put their hosts in the simple /64 if they
> only have layer-2 devices.
> Or they can set up their own router. It would have to use the address
> mentioned above from the link network and can use up to 65535 more /64
> subnets. They lose one /64 for the link network, though.
>
> Would that be a sensible addressing scheme? Or would a customer insist
> to get a completely independet /64 for the link addresses?
>
>
> Best regards, Martin
>
>
I can't offer much experience on this situation, but I have a somewhat
similar network environment, except that we use the VLAN-per-subscriber
model.
It seems that splitting out a /64 and routing to a specific IP defeats
the purpose of having router advertisements.
The approach I'm trying to design for is this (pardon the ASCII diagram):
---------------- ----------------
| Router A | | Router B |
---------------- ----------------
\ /
\ /
-----------------
| Transport |
-----------------
/ \
/ \
--------------
| CPE |
--------------
| |
-------------- -------------
| cust. | | cust. |
| router 1| | router 2|
-------------- ---------------
With all four routers (2 customer routers, 2 provider routers)
participating in the same VLAN/Network. This should facilitate the
failure of any one router, without operator intervention, as long as the
two customer routers are allowed to advertise the same /48. Assignment
to customer may be a static assignment or DHCP prefix delegation, but
the IP block numbering will be based on some hash of the customer's VLAN
(as previously suggested on this list).
For the two routers on the provider side, Dibbler running on a Linux box
seems to look promising. I can configure a VLAN interface on each router
corresponding to each customer, which allows me to control DHCP/RA *to*
the customer. It also gives me the option of configuring a /64
advertisement to each customer that does not wish to use a router, but
connects clients directly to the (bridged) CPE.
An issue I'm struggling with is how to filter router advertisements
*from* the customer. I know which /48 advertisement I want to allow, on
the specific vlan interface, but IP tables does not seem to let me
filter on specific incoming RA routes. I'd be interested in any ideas
how to accomplish that.
- Dan
More information about the ipv6-ops
mailing list