[157654] in North American Network Operators' Group
Re: IPv6 Netowrk Device Numbering BP
daemon@ATHENA.MIT.EDU (Glen Turner)
Thu Nov 1 23:31:13 2012
From: Glen Turner <gdt@gdt.id.au>
In-Reply-To: <20121101053157.GD1727@don.i.pumpky.net>
Date: Fri, 2 Nov 2012 14:00:44 +1030
To: cjc+nanog@pumpky.net
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>=20
> I have always been kind of partial to the idea of taking advantage
> IPv6 features and letting hosts set their own addresses with EUI-64
> interface numbers.
That's all fine and dandy until the NIC card is swapped out for a new =
one. It's best to use fixed IPv6 addresses for services (and have the =
service bind() to those) and use the EUI-64 address for machine-related =
tasks (ssh, backups, etc). You can use the same EUI-64 network for both, =
as the EUI-64 space is sparse and there are lots of "never will be =
autoconfed" address, conveniently including those with lots of zeroes. =
The router(s) interface addresses should be hardcoded within that EUI-64 =
subnet, and =85::1/64, =85::2/64 are the obvious choices.
There's an issue of address exhaustion is you use /64 for router-router =
links, and the best suggestion I've seen there is to use /126, as that =
makes the last octet consistently =851 or =852 for each end of a =
point-to-point link, which is operationally nicer than stuffing about =
with binary in your head to determine which address to ping (i.e., you =
take your interface's address and replace the last hexnumeral with 1 or =
2 to get your neighbours address).
The exception to router link addressing would be links with eBGP =
neighbours, where using the ASN of the networks is just so convenient.
You don't care much for correspondence between IPv4 and IPv6 addresses, =
except in the case of router loopback interfaces where it is very =
operationally convenient to be able to mentally determine "is this the =
same router which I just saw in IPv4". Since you'll be typing those most =
often they are the obvious candidate for "subnet zero" so that "::" =
reduces the typing to the minimum. The obvious thing to do is to reserve =
the entire =85:00:00:00:00::/64 and use the bottom N bits of that to =
match the binary IPv4 address of the loopback. N could be 32 bits if you =
like excessive typing or have a really big network.
I've seen a few schemes which try to decimal numerals of the IPv4 =
address in the IPv6 address, but I don't find any of them compelling. If =
you really, really think you want that, then putting the top 16b in hex =
numerals and the lower 16b in decimal numerals will do what you want =
without excessive address consumption. This sounds difficult to use, but =
operationally you soon get used to the hex prefix and only notice when =
it isn't one of the common ones.
--=20
Glen Turner <http://www.gdt.id.au/~gdt/>
