IPv6 Address Planning Process for Enterprises
Scott HoggIPv6 Addressing Concepts
IP addresses are one of the most obvious ways that IPv6 differs from IPv4. IPv6 addresses initially appear intimidating, but as one learns about the abundance of IPv6 addresses, the simplicity reveals itself.
To those new to IPv6, the 8-hextet hexadecimal address representation seems initially intimidating but that feeling quickly disappears. Once one learns about the structure of the IPv6 address, they realize that working with hexadecimal characters is easier than having to perform IPv4 address decimal to binary conversion. Prefix lengths for IPv6 are simpler, there is more space, no need for NAT, and no overlapping addresses. This can be like a “breath of fresh air” for someone who has spent decades in the trenches of IPv4 network administration.
IPv4 addresses may initially appear simple with their quad-dotted-decimal notation. The prospect of having 232 (4,294,967,296) IP addresses seemed sufficient in the 1990s through the early 2000s. However, with a hierarchical addressing scheme, Classless InterDomain Routing (CIDR), fine-grained subnetting, extensive multiple layers of NAT, and address overlaps, operational difficulties arose. This actually increases the operational costs due to the difficulties of working with a high-utilized, often-overlapping limited address space. We can even attempt to quantify the hidden operational costs of IPv4 addressing.
However, due to the extremely high density of address usage there is a scarcity of available addresses. This requires increased fragmentation of the IPv4 address space into ever-smaller subnets, which causes network administrators to use even smaller prefixes. As a result of multiple layers of NAT, IPv4 addresses are Only “Locally Significant” anymore. IPv6 removes these obstacles so large organizations can use a single addressing structure for any imaginable network infrastructure and have plenty of room for future expansion.
As an organization prepares for an IPv6 implementation, it must determine its IPv6 addressing needs and develop an addressing plan.
Address Allocation Request
IPv6 Global Unicast Addresses (GUA) are defined by the Internet Engineering Task Force (IETF) in the protocol specifications and the Internet Assigned Numbers Authority (IANA) is the steward of IPv6 addressing. Addresses are assigned to the five global Regional Internet Registries (RIRs) that provide those addresses to organizations within those continents.
This is illustrated in the following picture whereby the American Registry of Internet Numbers (ARIN) can allocate Provider Independent (PI) global IPv6 addresses to end-user organizations or service providers. Each RIR maintains their own policies, and in ARIN’s case, they support their members by following their Number Resource Policy Manual (NRPM). The NRPM defines the policies of IPv6 address allocations to its members.
Source: https://www.arin.net/participate/policy/nrpm/
Early in an IPv6 project, an organization must determine how large an IPv6 allocation they should request from their RIR (or from multiple RIRs). Determining how large a prefix to request depends on RIR policies and the organization’s long-term future network architecture. The organizations should consider the size of their current IT environment including on-premises and virtual cloud infrastructure. The allocation sizing should take into account network topologies such as clouds, containerized workloads, security enclaves and realms, zero trust network architectures, routing domains, overlay and underlay networks, IoT deployments, and broader future IT architectures. The organization should also consider the distant future organization structure, business operations plan, growth model, mergers and acquisitions and unforeseen future technological trends and transformations. This is a long-range plan to determine how much globally-unique IPv6 address space is needed in the near term and the long term.
Historically, enterprises were allocated smaller prefixes decades ago. Now RIR policies have become more relaxed and generous toward allocating more address space. The pendulum has swung toward more liberal IPv6 allocations. Many enterprises tend to ask for the de-facto /32, but a larger prefix may be more appropriate for facilitating future expansion. However, extremely large enterprises often have a core network that acts like a service provider for other lines-of-business/divisions/agencies/departments. Therefore, they may fall into the RIR’s policies for Local Internet Registries (LIRs). Multi-national corporations may have a need to request IPv6 prefixes from multiple RIRs in the various geographies they operate.
Once this analysis is performed, the organization is ready to submit applications to one or more RIRs to obtain their global unicast IPv6 address allocations.
High-Level Addressing Plan
Now that the enterprise has developed the high-level design and has worked on the other plans, they are ready to document their high-level addressing plan. This plan will detail how they will utilize their global unicast address prefixes they were allocated by the RIRs.
The enterprise will define the zones, realms, regions, routing domains, and broad sections of their networked environment and determine how many addresses each requires. Addresses are set aside for future growth, additional sites, expansion, and other future requirements.
This high-level addressing plan will follow some generally accepted guidelines for IPv6 address planning. The plan will consider address summarization boundaries per the routing design and how addresses will be used to support the security architecture. The plan will consider the use of prefixes based on hex digit boundaries, use of /64 prefixes for end-networks, point-to-point interfaces, and virtual loopback interfaces.
The document that details the high-level addressing plan may take several iterations. However, it is essential to get this step correct to avoid mistakes that would result in re-addressing later on.
This broad addressing plan will follow best practices and break up the IPv6 addresses on a hex-digit boundary. Sticking with standard prefix lengths (as shown below) is considered the best practice and will allow for the simplicity and scalability of the addressing plan.
During this phase of the IPv6 address plan development it is best to reflect of the philosophical principle of parsimony (Occam’s razor) and with all things being equal choose the simpler option. Often times, IPv6 address planning can be done simply and require far less work that dealing with extracting the maximum efficiency and utilization in an IPv4 address plan.
Some of the guiding principles of IPv6 address planning include planning for number of networks (subnets) not the number of host addresses in those networks. All hosts on a network can fit within a /64 so there is no need to even consider the number of end hosts. It is best to allocate or assign prefixes in a way that leaves many in reserve for future use. However, sequential assignments may be perfectly valid depending on the type of networks being addressed.
It is best to define a site in a way that best fits the organization’s operational and administrative needs. Not all sites are identical, and the nature of the site drive the addressing plan. Base the IPv6 address plan on what is known about the current network topology but leave room for future expansion and new requirements. Think in terms of sites and the networks within the sites. Also, it is advisable to avoid creating artificial boundaries or divisions if they don’t naturally exist or are not well defined. Don’t try to overcomplicate the depth of the addressing plan hierarchy for the sake of over-engineering it. Try to make the plan as simple as possible with as few levels of hierarchy as absolutely necessary (but no fewer than that).
With these principles in mind, it is possible to create a simple and elegant IPv6 address plan that is easy to communicate with others, easy to maintain operationally, and has longevity.
Detailed Addressing Plan
With the IPv6 address allocation now in hand and the high-level addressing plan documented, the organization is ready to proceed with the detailed addressing plan. The details of the implementation of the IPv6 addressing plan are typically performed using IP Address Management (IPAM) software. This IPAM system will be the single-source-of-truth for all global unicast IPv6 addresses. This IPAM software will keep track of how IPv6 prefixes are assigned to various infrastructure components in a hierarchical fashion.
The detailed addressing plan will be documented using the IPAM system and output the IPv6 addresses that will be used with the low-level configurations as IPv6 implementation planning is finalized.
During this phase, an organization should aim to maximize the use of software automation for the assignment of prefixes to physical and virtualized network environments. They may also be leveraging Infrastructure as Code (IaC) scripts when deploying cloud environments. In these environments they may also elect to Bring Your Own IPv6 (BYOIPv6) addresses into the cloud infrastructure, so they maintain control of the addressing resources, regardless of the geography or network topology.
Summary
This process of IPv6 address planning does not need to take very long or be a very complicated endeavor. IPv6 addressing can be simple and elegant if done correctly.
Just like many things in life, the first time you try a new task on your own you might run into challenges. After several tries and you gain experience and improve. Hogg Networking has performed many IPv6 address planning projects for large enterprises and has the experience that can help guide organizations through this process. With a bit of assistance, HoggNet can shorten the duration of the address planning tasks. Our guidance can provide assurance that the IPv6 address plan is being structured based on leading best practices and leverage our experience to make sure it is done correctly the first time. This will reduce the need for future re-work of the address plan and certainly avoid any future IPv6 re-addressing.
Developing the IPv6 address plan is part of a larger enterprise IPv6 deployment project. The following “flowchart” shows the various phases that most enterprises move through as they develop their IPv6 design and move toward implementation.
Hogg Networking has decades of experience guiding enterprises along their IPv6 deployment journey. Every organization approaches IPv6 in a unique way due to the nature of its business and the benefits it hopes to derive from using the protocol. We work with you to develop a plan that suits your organization’s needs and mission. HoggNet will also strike the perfect balance of providing you with the right amount of support while empowering your teams to deploy and operate IPv6 independently.
HoggNet helps organizations move through these IPv6 transition phases as they strive for a successful implementation. Some of these phases can be performed in parallel, while other phases have dependencies. We can help your organization make the right architecture and design choices based on leading best practices.
Other Information on IPv6
Hogg Networking provides other information on IPv6. This information can be accessed via the website. If you need additional information on IPv6, please contact me (info@hoggnet.com) and I’ll share it with you.
