Request to verify ipv6 addressing scheme in my diagram
Hi Team, I have created a small IPv6 based corporate network diagram and want an expert to validate if the addressing scheme used is fine or not. I am attaching the diagram where I have created the network. Can you please assist me with validation of the address scheme and the network. If need be, I can speak to you on telephone or Skype too. But request you to help me by checking the diagram. Thanks Maninder Singh
Hi, I'm not sure if this list is the right place but I can make at least several suggestions. These are not rules - but suggestions. 1. Assign /64 for each Vlan. 2. Keep 4 bit boundary logic when dividing to subnets: e.g. /64, /60, /56, /52, /48 and so on. If I would on your place I would do something like this. 2001:a5d:4b1a::/48 2001:a5d:4b1a::/52 Infrastructure SCOPE 2001:a5d:4b1a::/56 Loopbacks 256*/64s are here for assigning to loopbacks - just in case 2001:a5d:4b1a:100::/56 Network Links 2001:a5d:4b1a:100::/64 Router-Internet-DMZ 2001:a5d:4b1a:101::/64 BB1-BB2 ---//--- And so on 254 /64s are left 2001:a5d:4b1a:1000::/52 Service SCOPE 2001:a5d:4b1a:1000::/56 Common Services 2001:a5d:4b1a:1000::/64 DNS1 because there are lot of IP addresses you can assign 2001:a5d:4b1a:1000::53/64 to DNS and 2001:a5d:4b1a:1001::53/64 to send DNS... 2001:a5d:4b1a:1001::/64 DNS2 2001:a5d:4b1a:1002::/64 Web Servers 2001:a5d:4b1a:1003::/64 Mail Servers 2001:a5d:4b1a:1004::/64 DataBase Servers ---//-- And so on... 2001:a5d:4b1a:2000::/52 Local User SCOPE 2001:a5d:4b1a:2000::/56 Building 1 2001:a5d:4b1a:2000::/64 Building 1 Vlan A 2001:a5d:4b1a:2001::/64 Building 1 Vlan B ---//--- rest /64s 2001:a5d:4b1a:2100::/56 Building 2 2001:a5d:4b1a:2100::/64 Building 2 Vlan X 2001:a5d:4b1a:2101::/64 Building 2 Vlan Y ---//--- rest /64s 2001:a5d:4b1a:3000::/52 Remote User SCOPE 2001:a5d:4b1a:3000::/56 Common VPN space 2001:a5d:4b1a:3000::/64 VPN Department 1 2001:a5d:4b1a:3001::/64 VPN Department 2 ---//--- rest of /52s Regards. /Alex On 06/07/2013 02:42 AM, Maninder Singh wrote:
Hi Team,
I have created a small IPv6 based corporate network diagram and want an expert to validate if the addressing scheme used is fine or not. I am attaching the diagram where I have created the network. Can you please assist me with validation of the address scheme and the network. If need be, I can speak to you on telephone or Skype too. But request you to help me by checking the diagram.
Thanks Maninder Singh
On Jun 7, 2013, at 11:02 AM, Alex Saroyan wrote:
Hi,
I'm not sure if this list is the right place but I can make at least several suggestions.
Of course this is the right place You don't really say how big of an assignment you get, if it is a full /48 I would leave some more gaps to deal with future growth. And as the previous speaker suggested, think a bit about your aggregation strategy a bit. There are two ways of looking at it: - Take a service oriented approach - Follow the structure of the network and aggregated for instance on buildings There are also various documents online that can help you with this, one was written by Surfnet, the Dutch NREN, and is available at https://www.ripe.net/lir-services/training/material/IPv6-for-LIRs-Training-C... And I'm sure there are people on this list who can help you, so hopefully there will be more responses. Cheers, Marco (co-chair of this group)
Hi Marco, I have assumed that a fixed /48 prefix is provided by the ISP to the organization. It is 2001:0A5D:4B1A::/48 Then, the network IDs (fourth field in address) are decided by the organization themselves and 2001:0A5D:4B1A:A120::/64 is the one that connects to Internet i.e. to ISP's edge router. Internally in organization, since NAT is not being used in IPv6, all of the routers will have public IPs. So, I have tried to change fourth field of the addresses and assigned to each interface of internal devices. Had it been IPv4, I would have used just one public address and all the internal interfaces would have private addresses. However, not having NAT is confusing me. Probably that's why I am not understanding what is meant by aggregating the IPv6 addresses at buildings. I am studying the IPv6-for-LIRs-Training-Course/IPv6_addr_plan4.pdf for more understanding. But can you please correct my understanding with an example? Thanks Maninder Singh P.S. - Is this just an email based forum or do we have web based forum where all responses can be seen? I have received just two responses. Seems like I have missed many. Can you please send a link where can I actively participate in this forum? On 6/7/13, MarcoH <marcoh@marcoh.net> wrote:
On Jun 7, 2013, at 11:02 AM, Alex Saroyan wrote:
Hi,
I'm not sure if this list is the right place but I can make at least several suggestions.
Of course this is the right place
You don't really say how big of an assignment you get, if it is a full /48 I would leave some more gaps to deal with future growth. And as the previous speaker suggested, think a bit about your aggregation strategy a bit. There are two ways of looking at it:
- Take a service oriented approach - Follow the structure of the network and aggregated for instance on buildings
There are also various documents online that can help you with this, one was written by Surfnet, the Dutch NREN, and is available at https://www.ripe.net/lir-services/training/material/IPv6-for-LIRs-Training-C...
And I'm sure there are people on this list who can help you, so hopefully there will be more responses.
Cheers,
Marco (co-chair of this group)
participants (3)
-
Alex Saroyan -
Maninder Singh -
MarcoH