06-15-2011 03:31 AM - edited 03-01-2019 05:27 PM
I've got a best practices question.
We're planning our transition to IPv6. We've gone to ARIN and aquired a /48 for the company. My question is about the best way to manage that space.
Our company already has one a second office location (which is international) in addition to our corporate offices. I expect we will have more within the next couple of years. I can allocate pieces of our /48 to these locations (trying to plan careful to support route aggregation) or I can have each of our international locations get their own /48 from their respective registries.
What's the intent about the best way to handle this?
Thx
Patrick
06-15-2011 05:43 AM
Many companies dislike the idea of having a globally unique address on every node in their networks (and with good reason I think). You may consider using ULA's instead for internal corporate addressing.
http://en.wikipedia.org/wiki/Unique_local_address
The /48 can then be used in your DMZ and when you have more countries, you may request address space there if needed or required. There still is plenty.
regards,
Leo
06-17-2011 06:52 AM
Hi Leo,
I like the ULA idea!
But when I attended Cisco presentation during the World IPv6 Day, the recommendation presented was:
"Don't make things complicated, use only Global addresses!"
And also all IPv6 books I've seen are just mentioning ULA but then expect global addresses only implemented, sometimes saying "there's no NAT available in IPv6 world" :-(
BR,
Milan
06-20-2011 12:27 PM
ULAs are a good idea for:
1. Network Infrastructure (Internal routers, switches, management of DMZ switches/equipment)
2. Extranet
3. Enterprise VoIP infrastructure
4. HIghly Restricted servers/services
Basically, anything you don't ever want to be accessible from the Internet.
And yes, with some of these, a firewall/ACL would stop Internet conversations; but I don't assume the firewall won't have it's policy dropped, replaced with an any-any-accept etc.
06-20-2011 08:32 PM
I agree, get more PI (provider independent) space for each location. No smaller than a /48 to help ensure routability.
06-21-2011 04:26 PM
You mentioned an International site.
Beyond simply getting a /48 for each site, be sure to allocate the address space from the appropriate RIR; ARIN, RIPE, APNIC etc.
06-15-2011 09:34 AM
I would get a /48 for each inetrnational location, since you then have the option to advertise independent prefixes to local carriers.
Optionally, you can instead use network prefix translation (sometimes called NAT66) with your internal provider independent addressing to a local carrier.
You can never have enough addresses, really :-)
07-11-2011 12:56 PM
So you think your companies network need's more than 65000 subnets?
Sent from Cisco Technical Support iPad App
07-13-2011 01:24 AM
Getting a /48 from the regional registry would be more appropriate.
But if Global Internet access for all regional sites is controlled centrally via VPN services then no point of taking regional /48 instead delegation from HQ's /48 would do.
07-30-2011 01:33 PM
Hi Patrick,
before jumping to provide an answer I would like you to consider the nature of the network you are building and whether or not you will be using own dedicated links or using the Internet as transmission infrastructure.
In the first case you own provider independent IPv6 addressing could be a good idea if you run BGP. This also would allow you to be multihomed in different countries and could also become a transit AS.
But if you only are forwarding own traffic and have a couple of connection in different countries with stable and reputable ISPs maybe the only thing you need is provider assigned space for each location and you do not even need to run BGP only an IGP to prevent your internal traffic from spilling on the Internet. This would prevent rerouting of traffico from a different link to a network with a failed ISP connection.
You might also consider provider independent address space assigned by RIR in the country where you have your subsidiaries and use BGP to advertise the whole address space to the entire world and achieve redundancy.
Fact is more parameters are needed to answer you question:
Are you running BGP now (do you have an AS number)
Are you (or willing to be) a transit network
Are you looking for multihoming (in a single RIR area or multiple)
How much money are investing to obtain resilience and reliability.
I hope this question will help you better define your problem
Cheers
Fabio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide