Wednesday, November 13, 2013

IPv6 block allocation tools

There's much to consider when developing an IPv6 address plan. Such a plan defines how you intend to allocate subnets from the IPv6 block you received from your ISP or Internet Registry. The first step entails defining how much address space is required across and into the depths of your IP network to provide IPv6 address capacity for those devices requiring it. You can use your current IPv4 address allocation database as a guide to define the active utilization of your IPv4 address space and should provide a solid basis for IPv6 capacity needs barring new network initiatives that increase address space usage. Once you've defined where in your network you require IPv6 addresses and how much, you should consider how to perform your allocations.

One approach is to simply allocate all required /64 subnets directly from your base ISP allocation, using a monotonic, sparse, best-fit or random allocation approach. This single-tier allocation approach may work fine for small networks, but for modest to larger networks, mapping your allocations to network topology (and other factors we'll consider next) can simplify routing and ongoing management of your network. For example, if you operate a traditional three layer core-access-local network architecture, you may want to consider allocating large address blocks from your ISP allocation to your core components or core routers. Subtending access components or routers can then be allocated blocks that "roll-up" or are allocated from their respective core blocks. Likewise local networks and subnets can be allocated from respective access blocks. This approach renders a hierarchical aggregation model that streamlines route advertisements within your network as routers need only communicate summarized (rolled-up) address space and not individual sub-allocations.

However you may also want to consider inserting additional hierarchical layers to facilitate network management and security processes that are based on IP address assignments. If your network supports multiple applications or classes of service, such as voice, video, and data, you may configure your routers to inspect source/destination IP addresses in the IP header to apply corresponding packet treatment. Imposing such a policy within a purely topological allocation scheme can be cumbersome. However if your first allocation tier is for class of service, followed by core, access and local tiers, the application of a class of service policy is a single router entry in every router in your network!

If you map out your IPv6 address plan up front, you can design in a strategy that will simplify implementation of network and security policies. And you can design in the ability to visually recognize locations, applications or security domains by sight based on the value of certain hex digits within the IPv6 address. Read my post on the Internet Society IPv6 Deploy 360 website for details and examples of such address plans. In addition, I've just posted a free online tool that enables you to experiment with different multi-layered allocation strategies to help you define how many layers you may need and of what size for each.