One thing that struck me was the sizes of blocks assigned. I get a dynamic /64 prefix from my ISP at home, which would be large even if it were assigned to my work office; why is the maximum prefix length /48 for a single site and /32 for 3k sites? Aside from the obvious argument of wastefulness, aren't we just priming the same issue we have with IPv4 now to occur thirty, forty years down the line?
jeroenhd|3 years ago
The reason for these larger blocks isn't that you need several hundred billion IP addresses per se, but that IPv6 can't create subnets (without terrible tooling issues) smaller than /64. In a way, getting a /64 from your ISP is like being forced to use a router that's stuck in the 192.168.0.x space for DHCP. A /56 will give you 255 subnets, a /48 will give you 65k in total. More than enough I'd say.
A /32 will give you as many subnets are there are IPv4 addresses out there today, I don't see why you'd need that. It's nice of them to offer it (for a significant price, of course) but I don't think businesses really need address space that huge.
IPv6 has a ridiculous amount of address space, we may as well use it.
lokedhs|3 years ago
I switched from my previous ISP because they only have me a /64. It was quite honestly useless for me, since I couldn't even split it into two subnets. They did it because they clearly had old network equipment and were using 6rd to provide IPv6.
GoblinSlayer|3 years ago
philjohn|3 years ago
aaronax|3 years ago
A /48 for a site allows a decent number of subdivisions along the easily human-readable nibble (16 bit) boundaries. Four characters each can be 0 through f.
A very small portion of addresses have been allocated so far. "According to the IPv6 Global Unicast Address Assignments list from IANA (last updated in Nov 2019), there have been 33 allocations made to the five Regional Internet Registries in total so far. This is equivalent to about 7,396,864 IPv6 /32 subnets which is approximately 0.172% of the total available IPv6 space." https://www.cidr.eu/en/ipv6
throw0101a|3 years ago
To put it in IPv4 terms:
* an IPv6 /64 subnet is equivalent to 'typical' IPv4 /24 (though you can fit much more than ~250 hosts in it)
* if assigned a /48, this gives you 16 bits to play with
* if you start with a typical IPv4 /24, and would be assigned 16 bits to use, that would bring you up to a /8
So the 'bog standard' IPv6 /48 is the equivalent of an entire IPv4 Class A address.
Some folks who have Class As assigned to them: AT&T, Apple, Cogent, Comcast, multiple assignments to US military.
* https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...
And none of those IPv6 addresses have to be NATed to be accessible to the Internet if you wish to provide public services: just change the config of your firewall from default-deny to allowing whatever portions of the network you wish to host service in.
hampereddustbin|3 years ago
I think it's great that the smallest subnet size is designed to be as large as to never run out of addresses in any conceivable application, no more wasting precious time manually assigning addresses and thinking about subnet economics
aaronax|3 years ago
Effectively yes.
> I thought /56 was the smallest allocation an ISP could make for a residential allocation.
They can and often do make /64 allocations. There is an RFC (I think, might just be RIPE guidance or something) that recommends that ISPs issue larger to each customer. Many don't (as it is just a recommendation). Ideally they would allow a customer's router to request a larger allocation like /60 or /56 via a prefix delegation message.
jeroenhd|3 years ago
A /64 can actually cause problems if you're chaining routers together. In IPv4 that'd give you double NAT which is obviously terrible and not recommended, but in IPv6 that's a fine use case that shouldn't cause any trouble as long as you have the ability to create sufficient subnets. With a /64, you're stuck doing weird stuff with DHCPv6 to get the subnets to work regardless.
tsimionescu|3 years ago
sigio|3 years ago
Then we still have 32^32 times the amount of address-space we have in v4.
VLM|3 years ago
In theory you could have 10 bits just of VLANs without doing microsegmentation and strange virtualization games which everyone is encouraged to do, so smaller than a /54 for a corporate ISP account seems very questionable; may as well round each site to /48.
There is a high human labor cost to customization even with computer assistance for IPAM. Life is faster, simpler, and more reliable if "every generic ISP connection gets a /48"
At some point, for "IoT" and "security" reasons the concept of one broadcast domain per residential home will go away, hopefully soon. I don't want my soon to be exploited smart TV to have any access to my "real" VLAN, for example. My "home" and "home-guest" wifi networks should be on separate VLANs on separate /64 address blocks.
tialaramex|3 years ago
Why? Do the arithmetic.
ninkendo|3 years ago
If you start assigning semantic meaning to the bits in an address (the trailing 64 are the devices, the leading 0-31 are the ISP customer, 32-63 are the subnet) then things really do start to exhaust if you have a use case where the lines blur (a multitenant datacenter for instance, where it's not clear who the "ISP customer" is and different tenants want their own subnet ranges, etc.)
There's a lot of IP's, but it's easy to paint yourself into a corner if you make the wrong assumptions about what bits should mean what.
HyperSane|3 years ago
postultimate|3 years ago
(Seriously. Just how fucking stupid do you have to be to replace a protocol whose addresses are too short, with one whose addresses are too short.)
throw0101a|3 years ago
The default subnet size for IPv6 is /64, and a single "site" is /48. There are 16 bits between those.
Comparing with IPv4, where a 'typical' subnet is /24, if you were given 16 of space to play with as you see fit, you'd be assigned a /8—i.e., an entire Class A. (Which is what most companies use now anyhow—i.e. 10/8—and then have to futz around with NAT.)
So a 'typical' IPv6 allocation is as many IP addresses as what some of the largest corporations have. Plus all of those addresses are available for use on the public Internet is you wish: just change your firewall from default-deny to allow certain segments.
> Aside from the obvious argument of wastefulness, aren't we just priming the same issue we have with IPv4 now to occur thirty, forty years down the line?
No. The numbers involved with IPv6 are literally astronomical:
* Stars in the Milky Way: 400 Billion
* Galaxies in the universe: 2 Trillion
So (4x10^11 )x(2x10^12 )=8x10^23 stars in the universe.
* Size of IPv6 address space: 3.4x10^38
Find the ratio between addresses and stars:
* 3.4x10^38 / 8x10^23
IPv6 offers about 430 trillion times more addresses than estimated stars in the universe. From Tom Coffee's presentation "An Enterprise IPv6 Address Planning Case-Study"
* https://www.youtube.com/watch?v=7Tnh4upTOC4
Another way of looking at it:
* math property: x^y = x^(a+b) = (x^a )x(x^b )
* IPv4 addresses are 32 bits (2^32 )
* 2^32 ~ 4.3 billion
* So the IPv4 Internet has ~4.3B devices on it
* IPv6 subnets are 64 bits, /64 (2^64 )
So, a IPv6 2^64 subnet is the same as (2^32 )x(2^32 ), which means (4.3B)x(IPv4 Internet). I.e., a single IPv6 subnet can hold the equivalent of four billion (IPv4) Internets.
A third way:
* On the surface of the Earth (land+water), there are 8.4 IPv4 addresses per km^2. Not counting the oceans, that would be 28 IPv4 addresses per km^2 land.
* IPv6 gives 10^17 addresses per mm^2 (yes, square millimeter).
In terms of volume, 10^8 IPv6 addresses per mm^3 throughout the Earth.
* Via: https://news.ycombinator.com/item?id=28326806#unv_28331245
ikiris|3 years ago