Re: IPv6 allocation plan, security, and 6-to-4 conversion

[Dustin Melancon <DMelancon () venyu com>]

Hey Eric,

I did not see anyone else post this, but the NANOG BCOP (Best Current
Operating Practices) group has released the following document to help
guide new IPv6 allocation plans which you and others may find helpful:
http://bcop.nanog.org/images/6/62/BCOP-IPv6_Subnetting.pdf

Another useful document from Department of Defense on IPv6 Addressing:
http://www.v6.dren.net/AddressingPlans.pdf



BCOP Conclusions
1. Every        individual      network segment requires        at      a       minimum,        one     /64     prefix
2. Only subnet  on      nibble  boundaries
3. Implement    a       hierarchical    addressing      plan    to      allow   for     aggregation
    a. Each     individual      site should     be      allocated       a       /48 prefix
4. One  /48     from    each    region  should  be      reserved        for     infrastructure
    a. Loopbacks        should  be      allocated       from    the     top     /64
    b. 
Point-to-point  links   should  be      allocated       a       /64     and     configured      with    a       
/126    or      /127
5. 
Sites/PoPs/locations    and     regions,        etc.    should  be      laid    out     such    that    within  
each    level   of      the     hierarchy,      each    subnet  prefix  is      of      equal   size
    a. Each     ³site²  should  likewise        have    an      equalized       internal        hierarchy



Regarding your management block, I would use the recommendation above to
maintain a /48 in each region for management with the top /64 used for
loopbacks. However I definitely would NOT bother removing this network
from your advertised blocks as there are much better ways to implement
security and it would screw with your ability to cleanly aggregate your
IPv6 allocation.

Thanks,

Dustin Melancon
Sr. Network Engineer
Venyu