Assigning IPv6 /48's to CPE's?

I see there is a long thread on IPv6 address assignment going, and I apologize that I did not read all of it, but I still have some unanswered questions.

I believe someone posted the ARIN recommendation that carriers assign out /64’s and /56’s, and in a few limited cases, /48.

I can understand corporations getting more than a /64 for their needs, but certainly this does not mean residential ISP subscribers, right?

I can understand the need for /64’s because the next 64 bits are for the client address, but there seems to be this idea that one and only one node may use a whole /64. So in the case of Joe, the residential DSL subscriber who has 50,000 PCs, TiVo’s, microwaves, and nanobots that all need unique routable IP addresses, what is to stop him from assigning them unique client ID’s (last 64 bits) under the same /64? We can let Joe put in some switches, and if that isn’t enough he should consider upgrading from his $35/month DSL or $10/month dial up anyway.

My next question is that there is this idea that there will be no NAT in the IPv6 world. Some companies have old IPv4 only software, some companies have branch offices using the same software on different networks, and some like the added security NAT provides.

There are also serious privacy concerns with having a MAC address within an IP address. Aside from opening the doors to websites to share information on specific users, lack of NAT also means the information they have is more detailed in households where separate residents use different computers. I can become an IPv4 stranger to websites once a week by deleting cookies, IPv6 means they can profile exactly what I do over periods of years from work, home, starbucks, it doesn’t matter. I don’t see NAT going away any time soon.

I believe someone posted the ARIN recommendation that
carriers assign out /64's and /56's, and in a few limited cases, /48.

I can understand corporations getting more than a /64 for
their needs, but certainly this does not mean residential ISP
subscribers, right?

Then you misunderstand ARIN's recommendations. The basic IPv6
assignment size is /48. ARIN recommends assigning a /48 to all
customers who cannot be guaranteed to only need a single subnet.
It is possible that some ISPs offer a specialty service, say
IPv6 connectivity to CCTV cameras, which only needs a single
/64 but general purpose ISPs providing general Internet accesss
to consumers and businesses should assign a /48. Some ISPs have
very large numbers of consumer customers and feel that the large
number of /48s they will need may be excessive, therefore ARIN
also recommends that in the case of providing connectivity to
a private residence, a /56 may be used. In order to support the
use of a /56 assignment in this situation, ARIN has adjusted some
parts of their policy to do with counting, so that they measure
/56 assinments rather than /48 assignments. But a /48 assignment
is still fully justified.

There are also serious privacy concerns with having a MAC
address within an IP address. Aside from opening the doors to
websites to share information on specific users, lack of NAT
also means the information they have is more detailed in
households where separate residents use different computers.

Aside from the fact that you can change your MAC at will,
there is no need to use the MAC as the IPv6 node address.
You can change your IPv6 node address every day if you wish.

I can become an IPv4 stranger to websites once a week by
deleting cookies, IPv6 means they can profile exactly what I
do over periods of years from work, home, starbucks, it
doesn't matter. I don't see NAT going away any time soon.

This only works if your ISP assigns your IP address dynamically
and your lease times out without renewal, i.e. you power down
your gateway device long enough to get a new IP address. Same
applies to IPv6.

--Michael Dillon

Hi,

Rick Astley schrieb:

I see there is a long thread on IPv6 address assignment going, and I apologize that I did not read all of it, but I still have some unanswered questions.

The basic problem is, there are no answers, that's why there is this and similar discussion every 6 months again and again.

So the only sane answer to most of your questions is: think about it yourself and just do it to finally get out IPv6 to the world. YOU will have to live with the consequences some day in the future in the end

I believe someone posted the ARIN recommendation that carriers assign out /64's and /56's, and in a few limited cases, /48.

I'm not that active in the ARIN region myself, but the GENERAL consensus amongst the people who already run (production!) IPv6 networks for years now is - just hand out /48s to every customer, DO NOT THINK ABOUT IT!

But i'm well aware of ARIN guideline like

[...]
   The following guidelines may be useful (but they are only guidelines):

     * /64 when it is known that one and only one subnet is needed
     * /56 for small sites, those expected to need only a few subnets over the next 5 years.
     * /48 for larger sites
[...]

but notice the annotation "...but they are only guidelines".

In general, if you're really really sure that there's only one device, you can use /128, if you're sure there is only one subnet needed, a /64 is fine, but in general, make your life easy by handing out /48s to everyone by default.
But if you really want to think about it and make your life complicated - noone can stop you from assigning /56s if you think that's a better choice - for whatever reason you might come up with in your setup.

I can understand corporations getting more than a /64 for their needs, but certainly this does not mean residential ISP subscribers, right?

Why not?

I can understand the need for /64's because the next 64 bits are for the client address, but there seems to be this idea that one and only one node may use a whole /64. So in the case of Joe, the residential DSL subscriber who has 50,000 PCs, TiVo's, microwaves, and nanobots that all need unique routable IP addresses, what is to stop him from assigning them unique client ID's (last 64 bits) under the same /64? We can let Joe put in some switches, and if that isn't enough he should consider upgrading from his $35/month DSL or $10/month dial up anyway.

Well, that's the IPv4 business model which is basically saying "the more you pay, the more IP addresses you can get".
This will most likely happen in the IPv6 world too, and there is nothing we can do about it.

But if you think about that in a sane way, and you and the ISP you're working for are nice "netizens", you don't put a pricetag on IP-addresses. Especially not in the IPv6 world, since there is no shortness of addresses like there might be in the IPv4 world which might again support such a business model.

==> just hand out /48s even if 90% of your customers won't ever need it, addresses are not scarce here. Thinking about it too much might just be a bigger waste of time than this is a waste of address resources.

My next question is that there is this idea that there will be no NAT in the IPv6 world. Some companies have old IPv4 only software, some companies have branch offices using the same software on different networks, and some like the added security NAT provides.

Again, marketing gets the lifetime achievement award for making a bad thing like NAT, born out of the simple need for some solution for the we-dont-have-enough-IPv4-addresses-problem - into a "security and administrative easy and anonymity" .. well.. "thing".

My only answer to this is: go out and educate the people.
But this again often might not work in the real world.

There are also serious privacy concerns with having a MAC address within an IP address. Aside from opening the doors to websites to share information on specific users, lack of NAT also means the information they have is more detailed in households where separate residents use different computers. I can become an IPv4 stranger to websites once a week by deleting cookies, IPv6 means they can profile exactly what I do over periods of years from work, home, starbucks, it doesn't matter. I don't see NAT going away any time soon.

That's a myth, too, for example there is this privacy extension thing (RfC3041 i believe?) in almost every current IPv6-stack like Vista and so which doesn't use "MAC-addresses" and also constantly changes the address (which is a PITA for administrators again).

In the end, you don't NEED any NAT for any sane reason.
But i'm not saying it won't exist, i'm actually quite sure that there will be NAT for IPv6 in the end, right.
It's just sad that even engineers and administrators are so lazy and just want to handle IPv6 like IPv4 even there are major differences.

Bottom line: Think about the best practice yourself, read the whole thread if you still have to make up your mind.
At the moment noone really can help you with definite answers.

Rick,

The standing recommendations are:
* /32 for ISPs unless they can justify more
* /48 for subscribers unless they can justify more
* /64 when you know for certain that one and only one subnet will ever
be required
* /128 when you know for certain you're dealing with a single device
* Sparse allocation so whichever size you choose you can usually
increase it by simply changing the prefix length.

Some folks also suggest:

* /56 for small customers (residential DSL and similar "always on" services)

But the real answers to your question are:

1. Be flexible. A /64 is four billion times less valuable than a
single IPv4 address. If the customer tells you he wants a /56 or even
a /48, just give it to him. At the /48 level, the customer is vastly
more valuable than the addresses.

2. The world won't end if you assign /64's to traditional dynamic IP
address residential customers and replace them with a /56 or /48 on
request.

3. The world won't end if you assign one of your 16 million /56's to
each customer up front.

4. No one has enough operational experience with IPv6 to know what the
right answer will turn out to be here, so do what makes you happy and
plan to adjust it later.

Regards,
Bill Herrin