Re: using IPv6 address block across multiple locations

[Dmitry Cherkasov <doctorchd () gmail com>]

Thanks to everybody who responded.

To summarize it all, these are the guides for non-ISP company to use
PI IPv6 addresses:

case 1: single POP, no plans to have more
- get single /48 from your RIR, announce it to one or multiple ISPs
that POP is connected to

case 1a: multiple separate POPs (no VPN interconnections)
- the same as for case 1 but for each POP independently; each POP has
individual AS, btw

case 2: extranet like multiple POPs interconnected with VPNs
- get greater then /48 block (like /44) so each POP gets its /48 part
- each POP announces its corresponding /48 prefix to their local ISPs
- decide if you wish that traffic from Internet to some POP passes
through some other of your POPs (security or other considerations); if
this is desirable you may announce the whole aggregate (like /44)
additionally to /48 from all or some of the POPs; optionally you may
wish to announce /44 with community 'no-export'


As for /48 IPv6 blocks being like /24 for IPv4.
It really seems that /48 may be the most popular PI block and this may
lead to overcrowding of DFZ. Probably, this is logical consequence of
getting bigger address space. We needed more IP addresses and we get
them. Anyway getting greater then /48 just because you do not want to
pollute DFZ is not justified.

Thank you.

Dmitry Cherkasov



2011/11/1 Ricky Beam <jfbeam () gmail com>:
> On Mon, 31 Oct 2011 05:39:57 -0400, Richard Barnes
> <richard.barnes () gmail com> wrote:
> > Couldn't you also advertise the /48 from all the sites, if you're
> > willing to sort things out over the inter-site VPNs?
>
> If we're talking about a site-to-site IPsec VPN "over the internet", then
> that's a very bad idea.  Even if "the internet" in this case is entirely
> within the same provider's network. (and it doesn't sound like it is.)
>
> --Ricky