Tuesday, August 30, 2011

ARIN IPv6 end user address allocations

I recently attended one of the ARIN Road show events and one of the topics of discussion was the recent change in IPv6 allocation justification. I wanted to review through the new policy guidelines and give more of a quick overview guide and thoughts to what they are doing in their approach to IPv6 address allocations.

The quick and dirty for those that have an existing ASN and are multi-homed is that you automatically qualify for a /48 delegation from ARIN which is considered a single "site." Translating that into number of subnets you have to build out as /64 networks is 64-48=16 which would be 2^16 or 65,536.

Not bad but there are a lot of use cases where that will not be enough depending on what your organization is providing in terms of services. To reduce the amount of work that ARIN has to do in terms of justification they have made some very simple breakdowns based on the number of sites an organization has or will have within the next 12 months. An initial size allocation will be based off the largest site you operate and the following:
- More than 1 but less than or equal to 12 sites justified, receives a /44 assignment
- More than 12 but less than or equal to 192 sites justified, receives a /40 assignment
- More than 192 but less than or equal to 3,072 sites justified, receives a /36 assignment
- More than 3,072 but less than or equal to 49,152 sites justified, receives a /32 assignment

If you have more than 49,152 sites you should look at the ISP Address Space Guidelines, that will cover the allocation requirements for much larger organizations.

As you can tell, it is pretty simple, you take the largest site you have and use that as the allocation basis. More than likely it fits within the /48 definitions. If so, then the allocation rules above (which allocate on natural nibble boundaries) are very generous. Keep in mind, the largest site you have dictates the use case so the reality is even if you have a smaller remote office with 12 folks they will get a /48 in this design. It allows you to grow that site to be identical to your largest current site topology.

The /40 allocation is really large, if you are at 16 sites for example you end up with 256 sites (because of the round up to the next nibble boundary) with /48 address blocks each with 65,536 /64 subnets. That /40 is 16,777,216 /64 subnets for a single organization to operate and use. If your organization today is making use of RFC 1918 IPv4 address space this allocation is identical in terms of the number of subnets in IPv6 verses the total number of IPv4 addresses in RFC 1918 10.0.0.0/8. You get as many subnets in a /40 delegation from ARIN as the total number of addresses you are used to using in RFC 1918 10.0.0.0/8 IPv4, that is an insane amount of address space!

By moving on a natural nibble boundary ARIN is being incredibly generous with IPv6 addresses but they are also simplifying the routing table by summarizing on easy subnet boundaries. They are gambling that the routing table summarization will pay off long term with service providers supporting end user delegations. This assumes that end users are not going crazy breaking up their subnet advertisements from their early initial allocations or at least do them on even nibble boundaries.

So, from the example above you can see that ARIN is doing the opposite of the sparse allocations traditionally done for IPv4. They are massively over allocating IPv6 address space in the hopes of not having to re-allocate address space and also simplifying the routing tables at the same time. Seems like a good plan out of the gate for now but I wonder what challenges there will be with some of the multi-national organizations that are getting IPv6 address block from multiple regional registries and each request is including all their "sites." Arguably the IPv6 address space is so large it really doesn't matter but I think more on principle that it is potential wasteful. Thoughts?
- Ed



Monday, August 01, 2011

Presenting Deploying IPv6 in a Microsoft Enterprise Network at Pacific IT Professionals

I will be presenting an updated version of my Rocky Mountain IPv6 Task Force presentation tomorrow at the Pacific IT Professional User Group meeting at Microsoft's office in San Francisco on August 2nd. It is a free and open meeting to attend. Only request if for everyone to RSVP so they know how much pizza to order. Hope to see you there.
- Ed