Are Provider-Independent IPv6 prefixes really global?

Aleksej sent me an intriguing question: “Can the /48 PI block that a global company is assigned be attached to any region, or it is region-specific?”, or, more specifically:

Imagine a company with major DC with public services in EMEA. Centralized internet break-out in Europe fails and this DC must be reachable from Asia or America - but with the same IPv6 address? That would require Asia or America's ISPs to accept injection of this same subnet in their region. Do they do that?

In theory, the answer is yes. In practice, some global organizations are hedging their bets.

A PI IPv6 prefix should be just that – a range of globally unique IPv6 address space that could be advertised from anywhere and should be accepted (and routed to) everywhere. A minimum globally routable IPv6 prefix length is a /48 and that’s how much PI address space you get if you don’t ask for more.

Hint: If you have more than one location, you need more than a /48. If you have more than a few locations, always ask for at least /32 the largest prefix you can get (see the comment by nosx).

Today, a PI IPv6 prefix is (usually) globally routable (but nobody could guarantee you that). Even more, PA prefixes not longer than /48 should be globally routable, but they’re not – at least the latest measurements from RIPE labs indicate some providers still use PA-specific route advertisement filters.

However, once mid-size organizations start migrating to IPv6, they’ll start asking for PI address space (because it’s too much hassle to renumber the internal network ... and because everyone is telling them NAT stinks). Likewise, at least some customers using poor man’s multihoming will start applying for PI prefixes (unless we admit we need NPT66 and someone actually implements it). End result: explosion in global BGP tables and forwarding tables (unless LISP gets implemented everywhere), that just might force some ISPs to implement geo-aggregation or region-based filters.

Summary: if you’re a global organization with data centers spread across multiple RIR regions, apply for PI address space in every region where you need mission-critical connectivity.

More information

IPv6 addressing is just part of the bigger picture (you'll find a good overview of what's needed in the Enterprise IPv6 - the first steps webinar). If you need more information on IPv6 access network design and deployment, check out my Building Large IPv6 Access Networks webinar.

Need help?

I can review your design or you could engage our professional services team in a full-blown network design/implementation project or customized on-site training/design workshop (some global organizations already did).

6 comments:

  1. regarding your hint, using ARIN (Number Resource Policy Manual)
    as an example:
    More than 1 but less than or equal to 12 sites justified, receives a /44 assignment;
    More than 12 but less than or equal to 192 sites justified, receives a /40 assignment;
    More than 192 but less than or equal to 3,072 sites justified, receives a /36 assignment;
    More than 3,072 but less than or equal to 49,152 sites justified, receives a /32 assignment; etc...
    ( Documentation in detail at https://www.arin.net/policy/nrpm.html )
    Its great to "ask for" a /32, but you will more than likely be unable to obtain it without documented evidence with regard to the number of physically distinct locations your company has.

    Regarding IPv6 address plans and design advice, you may want to sync up with some of the individuals in a consultant role at cisco, such as advanced services. The output from AS and central engineering reference architecture seems to be going along a different path than your current track.

    ReplyDelete
  2. Thanks for the feedback, so nice to see they nailed it down precisely. Fixed the text.

    As for syncing the addressing recommendations, do you have something specific in mind? Links to design documents? The ones I was able to find don't go beyond "use /64 on LAN interfaces".

    ReplyDelete
  3. Thanks for the feedback, so nice to see they nailed it down precisely. Fixed the text.

    As for syncing the addressing recommendations, do you have something specific in mind? Links to design documents? The ones I was able to find don't go beyond "use /64 on LAN interfaces".

    ReplyDelete
  4. Thanks for the information. However, I've heard other RIRs are less specific about this, giving away /36, /32 long before the above requirements are met. Companies also seem to be in an 'IP-address-panic' after the IPv4 shortage, and want large ranges to be sure. Even though a /32 with four billion subnets seems absolute overkill for anyone.

    ReplyDelete
  5. Due to other brokenesses, the /32 actually gets you "only" 64K sites. Even though you can address 64K subnets with a /48, anything longer than a /48 is not globally routable, so you're forced to assign a /64 to every site with a public Internet exit.

    ReplyDelete
  6. Jeff Loughridge07 January, 2012 04:14

    Will any providers take a strict stance on IPv6 prefix filtering a la Sean Doran/Sprint in the 1990s? (http://www.merit.edu/mail.archives/nanog/1998-10/msg00281.html). I would think not, although Ivan's RIPE pointer seems to indicate otherwise. Router memory is much bigger these days, and there's more maturity in the community in intelligent IP address allocation & management. No SP would be serving the public good by blocking /48s.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.