I was recently doing some work at an ISP. They had been assigned their /32 IPv6 prefix a while ago, but other than a few internal test networks hadn’t done much with it since it was assigned.
I was pretty much asked “So I have my /32 … now what?” OK, so that’s not quite the question I was asked 🙂 but essentially they wanted some guidance on how to cut up the /32 for their own infrastructure, customers, etc and clarification on the RIPE IPv6 assignment policy.
Some people reading this post might not be familiar with how IP prefixes are allocated globally, so let’s start with a few definitions.
So how is all this IP stuff allocated anyway?
The Internet Assigned Numbers Authority (IANA) has authority over all IP address space and Autonomous system (AS) Numbers allocated and in use on the Internet and it is IANA that makes the allocations to the Regional Internet Registries.
“RIPE NCC” provides the IPv4, IPv6 and AS Number resources to it’s members in Europe, Central Asia and the Middle East.
Internet Registry (IR) – An Internet Registry is an organisation that is responsible for distributing IP address space to its members or customers and for registering those distributions. IRs are classified according to their primary function and territorial scope.
Regional Internet Registry (RIR) – Regional Internet Registries are established and authorised by respective regional communities and recognised by the IANA to serve and represent large geographical regions. The primary role of RIRs is to manage and distribute public Internet address space within their respective regions.
Local Internet Registry (LIR) – A Local Internet Registry is an IR that primarily assigns address space to the users of the network services that it provides. LIRs are generally ISPs whose customers are primarily End Users and possibly other ISPs.
Allocate – To “allocate” means to distribute address space to IRs for the purpose of subsequent distribution by them.
Assign – To “assign” means to delegate address space to an ISP or End User for specific use within the Internet infrastructure they operate. Assignments must only be made for specific purposes documented by specific organisations and are not to be sub-assigned to other parties.
End Site – An End Site is defined as an End User (subscriber) who has a business or legal relationship (same or associated entities) with a service provider that involves:
- that service provider assigning address space to the End User
- that service provider providing transit service for the End User to other sites
- that service provider carrying the End User’s traffic
- that service provider advertising an aggregate prefix route that contains the End User’s assignment
The definitions above are taken from RIPE document 589: IPv6 Address Allocation and Assignment Policy.
From Allocation to Assignment
When an ISP (an LIR) makes an application to get’s it’s IP space from the Regional Registry, in this case RIPE. Subject to meeting the criteria, the LIR will be provided with the current minimum IPv6 allocation size of a /32.
The LIR must then divide up their /32 and make IPv6 assignments in accordance with RIPE policy and network operator current best practice. It is at this point where I got involved.
Let’s start with the RIPE policy on allocating IPv6 to the ISPs own infrastructure…
ISP Infrastructure
RIPE document 589: IPv6 Address Allocation and Assignment Policy states:
“An organisation (i.e. ISP/LIR) may assign a network prefix per PoP as the service infrastructure of an IPv6 service operator. Each assignment to a PoP is regarded as one assignment regardless of the number of users using the PoP. A separate assignment can be obtained for the in-house operations of the operator.”
This means that an LIRÂ can allocate a prefix per PoP that provides IPv6 addressing to all infrastructure in that PoP, i.e. to routers, switches, servers, backbone p2p links, etc.
RIPE will allow a /48 to be assigned per PoP without sending a request to RIPE.
Whilst a large ISP might assign a /48 per PoP, a smaller ISP might pick the choose to use only a single /48 for it’s own infrastructure.
It’s important to keep separate blocks for infrastructure and customer assignments (customer ranges are not “trusted”, so it’s not desirable to assign customer ranges from the infrastructure block. For example, addressing these ranges from a separate block enables simpler ingress/egress edge filtering.)
More detail on address planning in part 2 of this series.
End Users / End Sites
Basically, for a /48 or longer, the LIR can assign prefixes however it feels is appropriate to and End Site. The current guidelines are documented in RFC6177 (IPv6 Address Assignment to End Sites), which obsoletes the previous RFC3177 recommendation of a /48 to all End Sites – “a one-size-fits-all recommendation of /48 is not nuanced enough for the broad range of end sites and is no longer recommended as a single default.”
RFC6177 makes recommendations as follows:
- The minimum allocation to sites should be a /64. Even where only a single IP address is needed, a /128 should no longer be allocated to End Sites (as a site implies multiple devices)
- RFC3177 recommended prefix lengths of /48, /64 and /128 and this raised some concerns that operational practice and implementation may become “hard coded” around these fixed boundaries. This has never been the actual intention and CIDR continues to apply to IPv6.
- A /48 is no longer the recommended default assignment size. End sites are all different and the assignment should be appropriate to their needs (be it a /48, /52, /56, etc)
But RFC6177 does not make a formal recommendation on what assignment sizes should be made. This is now left to the discretion of the LIR to allocate as appropriate, but it does reaffirm that the allocation should allow for growth:
“A key principle for address management is that end sites always be able to obtain a reasonable amount of address space for their actual and planned usage, and over time ranges specified in years rather than just months. In practice, that means at least one /64, and in most cases significantly more.”
What this really means is that an ISP should assign IPv6 space to End Sites based on their needs for the next few years. For ease of operation and to make things easier for us humans, the prefix subnet should be on the nibble boundary for (a power of 4 subnet boundary), i.e. a /48, /52, /56, /60 or /64. More on this in part 2.
An ISP might end up assigning IPv6 prefixes to it’s customers like this:
- /64 (1 subnet needed)
- /60 (16 subnets needed)
- /56 (256 subnets)
- /52 (4096 subnets)
- /48 (65536 subnets)
At the time of writing, an LIR can assign a /48 or longer prefix to a single End Site without asking RIPE for approval. Anything bigger than a /48 needs approval.
And now all these allocations need to be documented in the RIPE database. More on this in another part.
And finally, yes, this blog is accessible via IPv6 🙂