[183594] in North American Network Operators' Group
Re: IPv6 Subscriber Access Deployments
daemon@ATHENA.MIT.EDU (Josh Moore)
Wed Sep 9 13:22:03 2015
X-Original-To: nanog@nanog.org
From: Josh Moore <jmoore@atcnetworks.net>
To: Owen DeLong <owen@delong.com>
Date: Wed, 9 Sep 2015 17:16:26 +0000
In-Reply-To: <EBDABE1C-070C-4E3B-BC4E-D08682A2D44B@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
It's not just the tag though... You have the /64 that has to be provisioned=
, the helper addresses for DHCP, ACLs/security policy, etc.
Thanks,
Joshua Moore
Network Engineer
ATC Broadband
912.632.3161
> On Sep 9, 2015, at 1:14 PM, Owen DeLong <owen@delong.com> wrote:
>=20
> VLAN tags aren=92t global and 4096 is only a limitation on ethernet.
>=20
> VPI/VCI is many more.
>=20
> Yes, if you need more than 4096 customers on a single switch, you=92ve go=
t an issue, but there are many potential issues in that scenario beyond VLA=
N tagging (like customers choosing not to use routers and filling up your M=
AC tables).
>=20
> Owen
>=20
>> On Sep 8, 2015, at 12:40 , Josh Moore <jmoore@atcnetworks.net> wrote:
>>=20
>> The question becomes manageability. Unique VLAN per customer is not alwa=
ys scalable. For example, only ~4000 VLAN tags. What happens when you have =
more than that many customers? Also, provisioning. Who is going to provisio=
n thousands of unique prefixes and VLANs, trunk them through relevant equip=
ment and ensure they are secured as well?
>>=20
>> We are talking very, very, small customers here. SOHO to say the most. /=
64 should be more than sufficient for their CPE router.
>>=20
>>=20
>>=20
>>=20
>> Joshua Moore
>> Network Engineer
>> ATC Broadband
>> 912.632.3161 - O | 912.218.3720 - M
>>=20
>>=20
>>=20
>> -----Original Message-----
>> From: Owen DeLong [mailto:owen@delong.com]=20
>> Sent: Tuesday, September 08, 2015 3:31 PM
>> To: Josh Moore
>> Cc: Valdis.Kletnieks@vt.edu; nanog@nanog.org
>> Subject: Re: IPv6 Subscriber Access Deployments
>>=20
>> Short answer to that is =93DHCPv6-PD=94
>>=20
>> Longer answer:
>>=20
>> Customer=92s router should get an address on the external interface thro=
ugh one of SLAAC, DHCP-PD, Static Assignment, depending on how the ISP pref=
ers to do this.
>>=20
>> If the ISPs equipment supports IPv6 on shared VLANs with DHCP snooping a=
nd other security, you can implement it with a single /64 giving each route=
r a unique address within that segment, but it=92s not really ideal. This w=
as mainly done in IPv4 to conserve addresses. Separate point to point VLANs=
are a cleaner solution and since there are enough addresses in IPv6 to do =
this, that is how most providers implement. I prefer using /64s (or at leas=
t assigning /64s) to these VLANs, but there are those who argue for /127, s=
ome equipment is broken and requires a /126, and yet others argue for other=
nonsensical prefixes.
>>=20
>> Once the router has an external address communicating point to point wit=
h the ISP router, it should then send an DHCPv6-PD request asking for a pre=
fix that it can manage. The ISPs DHCP server should then send back a /48 (o=
r if you want to be silly, a /56 or a /60, and if you want to be insane, a =
/64).
>>=20
>> The reality is that if you send a smaller prefix back, you risk having d=
ifficulty with your future ARIN applications as your Provider Allocation Un=
it is based on the smallest prefix you delegate to end-users. So if you, fo=
r example, assign /48 to business customers and /60 to residential customer=
s, you=92re going to have to justify why each of your business customers ne=
eded 4096 /60s when you claim that you need more IPv6 space.
>>=20
>> OTOH, if you simply issue /48s to everyone, you can just go back and say=
=93Each end site got a /48 and there are N end-sites=94 and you=92re good,=
no questions asked about the size of any of those end-sites.
>>=20
>> Owen
>>=20
>>> On Sep 8, 2015, at 12:12 , Josh Moore <jmoore@atcnetworks.net> wrote:
>>>=20
>>> We are talking a purely bridged environment. However, I have been wonde=
ring how in the world end-to-end IPv6 connectivity is supposed to work if a=
customer hooks up their own router. That is one of the points of IPv6...
>>>=20
>>>=20
>>>=20
>>>=20
>>> Joshua Moore
>>> Network Engineer
>>> ATC Broadband
>>> 912.632.3161 - O | 912.218.3720 - M
>>>=20
>>>=20
>>> -----Original Message-----
>>> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]=20
>>> Sent: Tuesday, September 08, 2015 3:08 PM
>>> To: Josh Moore
>>> Cc: nanog@nanog.org
>>> Subject: Re: IPv6 Subscriber Access Deployments
>>>=20
>>> On Tue, 08 Sep 2015 19:04:06 -0000, Josh Moore said:
>>>> I'm reading that the recommended method for assigning IPv6 addresses t=
o end-users is to do this via a dedicated VLAN and /64.
>>>=20
>>> Important question - are you talking about the IPv6 address supplied to=
the CPE router itself, or a /48 or /56 delegated to the CPE router to allo=
cate to subnets and devices behind it?
>>=20
>=20
