IPv6 in a big corporate

milan.kulik · ‎01-08-2015

Hi, does anybody here have a practical experience with IPv6 implementing within a big corporate network? Let's say the corporate has got several thousands of sites, some of them in Europe, others in Asia and Americas. 20 Data Centers are used for the Internet connectivity. So what kind of IPv6 addresses should it use? As all IPv6 documents are saying "Don't think about ULA and NAT, use GUA!", it should try to get PI (Provider Independent) addresses, I guess? Looking to RIPE web pages (http://www.ripe.net/ripe/docs/ripe-452) I found only an info it's necessary to have a contract with a LIR to get some PI addresses but no details :-( How big could such a block be? /32? But is it possible to use one PI address block worldwide? I don't think so, as ISPs in America would not accept prefixes provided by RIPE, I'm afraid? So the corporate should try to get a PI block from each RIR (RIPE, APNIC, ARIN, ...)? Even then with /32 PI per continent available, it would be necessary to advertise only some more specific subnet from each DC probably? Let's say /36? But would /36 be accepted by the ISPs connecting the DCs to the Internet? And propagated to the neighboring ASes? I've been told /32 is the maximum prefix length accepted? (But using an IPv6 looking glass I can see lots of /48s among the current IPv6 BGP prefixes within the Internet?). So it would be necessary to use a single ISP per continent? Even when all mentioned above would work, it would be necessary to advertise the default route into the corporate network a very sophisticated way to ensure all /36 clients would use the correct DC to enter the Internet to avoid an asymmetric routing! So I'd really like to discuss with somebody who fixed all the issues listed above already! Thanks, Milan

sumit menaria · ‎01-08-2015

Hi Milan,

I Did get a chance to be a member of deployment of such network for a customer ,and he had multiple AS as well as IPv6 addresses from RIRs .The RIRs are willing to give a /32 without much concern based upon simple justifications.The equivalent of a /24 IPv4 being advertised to the internet is a /48 in IPv6 world (This is the lowest any enterprise would get).

Regarding the inter-connectivity between the various sites and the path to the internet via the DC ,it would depend upon the architecture you have in mind.I mean if you have a Service provider MPLS backbone,provider independent inter-connectivity over the internet.

We used service provider backbone with multiple layers of route reflectors connectivity from the DCs to the sites and then diverting traffic to the nearest site.

However we could discuss in detail what exact scenario lies for your case.

milan.kulik · ‎01-09-2015

Hi, it's interesting to hear there should be no problem to get a /32 from a RIR. I've been told a month ago on an IPv6 training there is almost not possible to get a /32 PI address currently? Regarding the path to the Internet via the DCs: Let's imagine the whole corporate is using an MPLS backbone provided by a provider configuring also all CE routers. All sites are connected to a single MPLS VPN. And two DCs within one region (or country), e.g., each DC advertising its /40 to the Internet via BGP peering to an ISP. So how would be the default route advertised from each DC to the common backbone to ensure each PC would use the proper path to the Internet through the correct DC? There is a request all corporate sites must communicate each to the others via the backbone directly, of course - so no separate MPLS VPNs per DC would be available. Thanks, Milan