Before you skip this with a tl;dr, here’s the long story short:
- If you want to make your life easy, just use /64 subnets for everything, nuff said;
- If you really want to make things exact, in the original old-school “save-precious-IP-addresses” way that you have continuously experienced while using IPv4, then use /112 subnets when working on point-to-point links between two routers, and not /126 or /127, as this interferes with some logic internal to IPv6. However, generally speaking, this hardcore approach is not advisable.
Quick review of IPv6 addressing.
If you’re really reading this article, then it probably means that you hardly need to understand how IPv6 addressing is different than IPv4. However, I’ll try to make it as simple as possible.
All the fuss about IPv6 goes around the fact that 30 years ago nobody would have probably ever imagined that 4.3 billion (yes, billion) IP addresses would have been really used completely at some point. There were few computers, the Internet was almost nothing, and it looked like it was going to be like that for a very long time. The reason why soon we moved from classful IP networks to CIDR was that whole Class A networks (now known as /8 subnets) were given to institutions like MIT and Stanford University just like offering peanuts: do you really need 16 million (yes, million) unique IP addresses, especially since NAT and VPN tunnelling can make 1 IP address quite enough for a quite reasonable number of users?
IPv6 was a radical solution: free unique global addresses for everyone, no more frustrations configuring NAT! When you read that a 128-bit IP address can offer a staggering number of unique combinations (think about 3 followed by 38 zeros), this is really a dream coming true.
An IPv6 address doesn’t even consider classful IP routing, doesn’t have subnet-zero issues, doesn’t need NAT (even if it still exists), makes configuration pretty easy with some mechanisms that assign unique IP addresses and get most of the info a host normally needs just automagically (kinda).
One of the most useful mechanisms is certainly EUI-64. How does it work? In short, it takes the MAC address, adds and changes bits here and there and – voilà! – you get 64 bits that are pretty guaranteed to be unique inside your subnet. Think about it as an evolution of the APIPA algorithm, the one that works as a failover for DHCP (or, more simply, the one that generates a hideous 169.254.0.0/16 address when you less expect it).
EUI-64 on P2P links.
Let’s calculate a little bit what we got exactly:
- IANA assigned only 2000::/3 to be used for unicast. This lowers the number from the original 2128 down to 2125 (which is still a lot, a number 37 zeros);
- At the moment what is being really used is 2001::/16, which brings the total down to 2112 (still awesome, 33 zeros);
Now here we got the tricky part. It seems that the main advice on implementing an IPv6 network, regardless of its size, is to get a /48 network (which can give you 264 networks, which is 2 followed by just 19 zeros) and split it in /64 networks (65536 networks), regardless of how big is the subnet.
Yes, this means that even a point-to-point network, with just 2 routers, will actually lay into an address space that could host an incredible number of more hosts. Why this? It’s because of EUI-64. Thanks to this, a configuration gets pretty easier: you just need to write something like
ipv6 address 2001:db8:0:0:x::/64 eui-64, and just care about assigning a unique x for each subnet.
Adieu to the IPv4 mindset?
Now, is this a waste or an advantage? My first thought when I’ve seen half IP address wasted in automatic addressing was, obviously, the MIT & Standford effect, i.e.: what if we’re giving out IPv6 addresses too easily and one day we’ll run out of them too?
But then I’ve realized this. While point-to-point links really need a global IP address (because a local IP address wouldn’t show up in a traceroute and make troubleshooting even more problematic), it’s quite hard that even the largest company would have more than 65536 subnets, counting both P2P links and LANs; even in that case, they can still request an additional /48, which wouldn’t hurt considered how many /48 are available in the address space (264).
Plus, while we’re witnessing a moment in which really everything is getting connected to the global network, even imagining a worst case scenario of a future where there will be, say, 10 billion people, and each person will have 50 devices connected to the network between mobile phones, TVs, computers, tablets, routers, switches, and whatever you could think of (intelligent washing machines?), and each device will have its own global unicast IPv6 address, we’re still talking about a demand of billions and billions against an offer of billions of billions.
So, answering the question: yes, I think that we can actually forget about the IPv4 “spacesaving” mindset we got used to and embrace this new hideously wasting way of allocating IP addresses.
Still into the old-skool addressing?
There are reasons for which you might want to ration IP addresses anyway. One of the reasons might be that you’ve been allocated a single /64 addresses. Another one might be that you’re really into static addressing for some reason. Another one can be that just like pain.
Since in IPv4 we got used to /30 links, giving you just 2 usable IP addresses, you might want to do something similar in IPv6 and use /127 as a prefix. Well, there are some caveats in this case. Some have been summed up in RFC 3627, which is bearing a quite explicitly Dijkstra-ish title: Use of /127 Prefix Length Between Routers Considered Harmful. An even easier document is IPv6 address architecture on point-to-point links by M. Yoshinobu (you may want to jump to page 25).
In very short terms, if you really want to do this, better find a compromise and use a /112 instead. There’s still waste of IP addresses, but this would give less routing issues and it’s still easier to configure.