• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IP(v6) subnetting/routing newbie question

Started by Toucanfan, July 01, 2010, 09:04:38 AM

Previous topic - Next topic

Toucanfan

Hi all, this is my first post  ;D

I recently got my hands on IPv6, and got a tunnel connection working on a linux box.
Howerver, this hierachial routing/subnet assigning stuff is new to me, as I've always been behind a NAT solution previously.
So... I've got some questions for you:

1. My tunnel endpoint is at 2001:470:1f0a:12a5::2/64 and the tunnel server obviously at ::1. It seems that these are the only adresses in use in the subnet. Why then assign a whole /64 for that tunnel connection? Or can there exist other hosts, for example ::3? Where would such a host then exist?

2. I understand how to use the routed /64, since HE routes traffic to that subnet to my tunnel endpoint, which can have the whole /64 connected or subnets broken out of that /64 although i know that's not recommended. But assume you've got native IPv6 connectivity, and has been assigned a /48 from some provider. Where would that provider route traffic for that /48 to? What would the gateway for that /48 be? How would you eventually break subnets out of that /48, if the gateway address is something like xxxx:xxxx:xxxx::1 ?.

I hope my question wasn't too confusing, or that i'm not too confused myself.  ;)

Regards
Troels

cholzhauer

#1
1)  Correct; only ::1 and ::2 are usable at this time.  IIRC, a /64 was used for compatibility reasons.

2) Careful here, you don't want to break subnets out of that /64.  The /48 is routed to your side of the tunnel, which in your case would be 2001:470:1f0a:12a5::2.  To separate subnets from that /48, you just randomly (or systematically) chose a /64 and use it.  So, if you have 2001:db8:1234::/48 as your allocated /48, you could select 2001:db8:1234:0001::/64 as your first /64, 2001:db8:1234:0002::/64 as your second, ect.

EDIT:

I think I read #2 a little incorrectly the first time.  If you have native IPv6 connectivity, and are assigned a /48, it would be routed the same way the rest of your addresses are...to the same endpoint (router, firewall, ect)

patrickdk

using a /64 for router connections is still being debated I believe. You can't go wrong with using a /64, but using a /126 or something could possibly have future issues. So the places allocating a tiny subnet are currently reserving the /64 still, incase they have to expand it.

If you have a native ipv6 with a /48 subnet, your isp will do it one of two ways.

If they static route it, they will know where your subnet is, so none of this is an issue, they will internally handle it on their end.

If it's not, but your using a routing protocol (rip, bgp), then they will assign an ip for your router to use to talk to them, the same way he assigns you the ::2 ip to use, and you talk to ::1

Toucanfan

Hi again. Thankyou for your helpfulness  :)

Unfortunately i'm afraid i still don't understand all what your'e saying.
So

1. I understand "everything" regarding routing traffic to/from my HE assigned subnet through the tunnel.
2. But, I do not fully understand what's going on when having native IPv6 connectivity. Particularly i dont understand this:

Quote from: patrickdk on July 01, 2010, 09:16:22 AM
If you have a native ipv6 with a /48 subnet, your isp will do it one of two ways.

If they static route it, they will know where your subnet is, so none of this is an issue, they will internally handle it on their end.

If it's not, but your using a routing protocol (rip, bgp), then they will assign an ip for your router to use to talk to them, the same way he assigns you the ::2 ip to use, and you talk to ::1

Well, I'm not into any routing protocols yet, so lets just stay with the static route example ;).
I assume you'll have to have some kind of router with one or more LAN interfaces (for splitting the assigned /48 up) and a WAN interface (for communicating with the provider and rest of the world). I would know what adresses to assign the LAN interaces (xxxx:xxxx:aaaa:1::1, 2::1, 3::1 etc.), assuming my assigned subnet is xxxx:xxxx:aaaa::/48. But what would i assign to the WAN interface? Would that be an address in my /48 too? How would that fit with this "hierachial philosophy"?

Regards
Troels

patrickdk

Normally they will setup the router for you, and give the router an ip in that /48, and you use it for your gateway and you device it up how you want.

IF it's your own space, or it's a larger provider, they will give you a small block out of their own /32 or whatever they have, and use that to talk to your router (a /64 between you and your isp like he does).

Then they will route the /48 just like he does, over that /64 they setup with you, out of the providers /32 they have.

So the world only sees the /32 route, not the little /64, and the world also sees your /48

Toucanfan

Quote from: patrickdk on July 01, 2010, 10:25:31 AM
Normally they will setup the router for you, and give the router an ip in that /48, and you use it for your gateway and you device it up how you want.
But this is not my own /48 i suppose, but the providers. If they just give me a single ip, how would I then do subnetting?

Quote from: patrickdk on July 01, 2010, 10:25:31 AM
IF it's your own space, or it's a larger provider, they will give you a small block out of their own /32 or whatever they have, and use that to talk to your router (a /64 between you and your isp like he does).

Then they will route the /48 just like he does, over that /64 they setup with you, out of the providers /32 they have.

So the world only sees the /32 route, not the little /64, and the world also sees your /48
Okay, i understand that :D.

patrickdk

It doesn't matter if it's your own space or your providers, you do subnetting how ever you want to do it.

The only exception is if the ip space belongs to the provider, and they do something funny with the routing. Then you will have to reserve whatever subnet they are using for the router, and then you can do whatever you want with the rest of the space.

Toucanfan

I'm sorry, but i guess you'll have to explain a little bit further what you mean with this:

Quote from: patrickdk on July 01, 2010, 10:25:31 AM
Normally they will setup the router for you, and give the router an ip in that /48, and you use it for your gateway and you device it up how you want.

I don't think I understand it. What I understand from your quote are, that my routers WAN interface gets assigned an adresss in a random or specific /64 from that /48 i've been assigned by my provider. Through that /64 my router can communicate with the ISP and route traffic to/from the rest of the /48. But for that to happen, my provider should have some kind of gateway in that /64 right? It's here i don't understand it anymore.

Currently, i understand the "HE way" by using a /64 with two endpoints for communication between the router (and eventually a routed subnet) and the provider. However, that way seems to be very similar with what I think i've understood from your quote.

I guess i'm a bit confused  ???


patrickdk

Yes, it should always be setup the *he* way :)

The only question is if the /64 tunnel they use will be hidden from your view or not.

jimb

#9
Sometimes a picture is best (make your browser window wide):


                                                                                                           2001:db8:4567:1::/64
                                                                                                      :1 +<--------------------->
           :1     2001:db8:1234:5678::/64    :2                :1    2001:db8:4567::/64     :2      (int1)
[(int0)ISP(int1)]<------------------------>[(int0)your gateway(int1)]<------------------->[(int0)internal router]
                                                                                                    (int2)
                                                                                                      :1 +<--------------------->
                                                                                                           2001:db8:4567:2::/64


ISP router routing table:
2001:db8:1234:5678::/64 -> int1
2001:db8:4567::/48 -> 2001:db8:1234:5678::2 (int1)

Your gateway router routing table:
2001:db8:1234:5678::/64-> int0
2001:db8:4567::/64 -> int1
2001:db8:4567:1::/64 -> 2001:db8:4567::2 (int1)
2001:db8:4567:2::/64 -> 2001:db8:4567::2 (int1)

Internal router routing table:
2001:db8:4567::/64 -> int0
2001:db8:4567:1::/64 -> int1
2001:db8:4567:2::/64 -> int2
2001:db8:1234:5678::/64 -> 2001:db8:4567::1 (int0)

(all of these tables are simplified)

Where do the routes come from?  The interface/network routes are created when the IPv6 address is configured on an interface.  The subnet routes are either static routes (which could be entered manually, or via some automated provisioning method), or learned routes from a dynamic routing protocol (RIP, OSPF, IS-IS, BGP, etc).

How do the ISPs assign the /48s and so forth?  Through some automated provisioning system, perhaps (or perhaps not) making use of DHCPv6 Prefix Delegation.  

Hope this answers your Q.

- Jim

Toucanfan

Thankyour for that picture jimb. I think I understand it better now. Also thankyou to you patrickdk.

lnkddbz

#11
IPv6 Subbnetting is exactly the same as IPv4 subnetting - it's however you want to do split up your block and what is best for your physical set-up. There is no one right way to do it.

For example, on the /48 I have from Freenet6/Go6, I gave XXXX:YYYY:ZZZ:0::/64 to my OpenBSD firewall and the couple of Linux machines off the one NIC which run (IPv4) 'Net accessible services. XXXX:YYYY:ZZZ:10::/64 are my local Windows machines. XXXX:YYYY:ZZZ:1::/64 is for any wi-fi devices. XXXX:YYYY:ZZZ:20::/64 will be the VPN for my Mother, Sister and certain friends to access my systems when I finish setting that up.
I just picked things be easily match how I have my 192.168.* addresses partitioned out, and I think that would probably be the best place for you to start in allocating your blocks.
Regards

[edit] removed your advertisement link