My Personal Practices for Handling IPv6 Allocations

This is going to be based on a bit of both practical deployment experience and opinion. Let us start with what is acceptable for BGP announcements. RIRs hand out /48s as the smallest allocation. This is perfectly fine for BGP announcements. If you got a larger allocation, say a /32, you should be announcing that master prefix. This will help curb de-aggregation of routes and keep the IPv6 routing table smaller. Is anyone going to tar and feather you for announcing a few specifics? Most likely not, especially if you are providing some sort of anycasted service. Otherwise, until an RIR starts allocating and handing out something more specific than a /48, put in some global filters to make sure nothing gets leaked like /64s.

When providing someone with an abundance of IPv6 subnets (/48, /56, multiple /64s, etc.), make certain that you aren’t putting them ON-LINK, and instead are routing them to a destination IPv6 address on a downstream router. Either by static routes or accepting and properly filtering BGP advertised routes. If you allocate someone a /48 and configure 2001:db8:1::1/48 on the interface facing their router, you basically do a disservice to them. They would need to hack around with proxy NDP and other headaches, rather than have something straight forward and working in seconds.

As far as I’m aware, only 2 popular providers out there seem incompetent regarding this: OVH and FDC. Either they don’t understand how to set static routes on their routers, or don’t want to learn. Seriously, what is so hard about typing in:

conf t
ipv6 route 2001:db8:2::/48 2001:db8:1:2::2
end
wr mem

With RA, a host will usually configure their default gateway as the link-local address based on the upstream router’s interface, facing that host. For static IPv6 configurations, the 2001:db8:1:2::/64 network address tends to be reserved for just that purpose, being the network address. Some software out there might not like trying to bind on this address, or perhaps there are some older and possibly poorly designed and deployed networking code that won’t like treating that as a host’s address. My recommendation is just use the first “usable” address out of an allocation as the gateway address for hosts, like 2001:db8:1:2::1/64. However any address will work, as with a /64 you get 18+ quintillion of them to pick from (as long as it doesn’t conflict with the host).

Another thing to consider is using /126 allocations for links between routers. This gives a few IPs to use on the link which can be good for multiple BGP sessions, etc. It will also limit the possibility for a ND table overload by someone trying to hit all possible addresses in a larger range, if the link is configured with something smaller (I’ve oversimplified this explanation).

Sure some players like Sprint will plop down 2600:: as that host’s AAAA record and address. Maybe it is a /127 with 2600::1/127 set as gateway; who knows other than Sprint. Point is, to avoid any potential issues, you are better served treating it as the reserved network address for the allocation.

5 thoughts on “My Personal Practices for Handling IPv6 Allocations

  1. :: address should be left out for anycast address not something else… at least per the RFC 5375, anycast is subnet prefix plus all zero’s

    • Indeed, however what guarantee is there that Sprint is actually anycasting it? Every IPv6 traceroute I’ve performed to it from various locations and networks, all points to the exact same path and location, which isn’t much of an anycasted solution.

  2. hi
    unfortunately, you can add the french dsl provider Free.
    i juste setup ipv6 on my lan, behind a debian router, and had to use proxy_ndp, because the provider box is set to use prefix::1/64 as default….
    which means no autoconfiguration because each ip6 address set on my lan cant communicate with outside without activating the ndp proxy on my router for this specific addres…
    this excepted, it works fine.

    • So wait, they created 6rd, but you aren’t getting a /48 similar to 6to4 (what they modeled 6rd on)? Is this an issue with the provider box, and can that get changed out?

      • yep.
        basically, the box is managing a 6rd tunnel, and gets the ip prefix::1/64, so it acts as a router.
        I’m not getting and /48 routed, i have to use ndp proxy for the box to see every ipv6 i set on my lan… it works but it’s dirty 🙁
        An alternative solution coud be to use an standard adsl modem, then create the tunnel on my debian box…

Leave a Reply