Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Do any router has it's own IPv6 subnet? Or do the IPv6 comes from the cabel modem?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Do any router has it's own IPv6 subnet? Or do the IPv6 comes from the cabel modem?

Hello.

I have enabled my modem to IPv6 and also did the same in my router (Asus RT- N66U)
In the router I get a IPv6/48 subnet.

Is this subnet the same on every router or is it just my router that has that subnet?

The reason I ask, is because I have some RDC servers around the world, and I restrict the IPs that can connect to the RDC. It would be great to give the whole subnet access, so I don't have to put in every IPv6 from every computer that going to have access.
But it's not a so good idea, if every router get the same subnet. Then everybody with that router (or modem) can get access to my servers (of course, they need to know the IP, and username and password), but still.

I understand that not every computer using the same router gets the same IPv6, I'm talking about the subnet. 2002:xxxx:xxxx::1/48

Comments

  • WilliamWilliam Member
    edited July 2015

    Depends on your ISP - You SHOULD get a dedicated /56 (or larger) to your router and then hand out /64s to each client.

    Check if the range is private or public - If public it is likely dedicated.

    Thanked by 1myhken
  • ClouviderClouvider Member, Patron Provider

    @William /64 to each network segment, not each client.

  • ClouviderClouvider Member, Patron Provider

    @myhken visit http://test-ipv6.com and see what the test says.

  • WilliamWilliam Member
    edited July 2015

    Clouvider said: @William /64 to each network segment, not each client.

    Partially, each client device will get a /64 with current implementations.

  • ClouviderClouvider Member, Patron Provider
    edited July 2015

    @William incorrect. Each client will get a /128 from within a /64 that is delegated to the network segment where the client resides. /64 is the smallest and the largest allocation to a segment for the RA to work correctly.

    See RFC: https://tools.ietf.org/html/rfc4291

  • WilliamWilliam Member
    edited July 2015

    According to RIPE, a /128 should NEVER be assigned - Each Device/MAC should get a /64 by autoconf/dhcp6.

  • ClouviderClouvider Member, Patron Provider

    @William again incorrect. Please point source.

    Look RFC above.

    Each device = 1 IP as it was before. 1 IP is /128, but obviously the network mask is /64.

  • 4n0nx4n0nx Member

    I think @Clouvider is correct and that I also get a /64 and then each of my devices a different /128

    think. not know because I disabled it :D

    Thanked by 1Clouvider
  • ClouviderClouvider Member, Patron Provider
    edited July 2015

    Official RIPE NCC training guide for preparation of Addressing Plans for ISPs:
    http://www.slideshare.net/ripencc/ipv6-addressing-plan-fundamentals

    Please visit slide 11.

    Also, page 7: https://www.ripe.net/support/training/material/IPv6-for-LIRs-Training-Course/Preparing-an-IPv6-Addressing-Plan.pdf


    Aside, logically. What a point in expanding IP address space if we decide that each device will now be assigned 18 446 744 073 709 551 616 addresses ?

    Usually ISPs assign /56 to a Customer Site to give the Customer some space for multiple segments. We assign to each Customer /56 to a DSL by default, or /48 if requested.

  • KuJoeKuJoe Member, Host Rep
    edited July 2015

    It's supposed to be a /64 for each end user so every ISP should give their customers at least a /64 so they can assign IPs to each device on their network from that /64. I have a /60 routed to my house from Comcast but I have my DHCP server setup to only serve from a /64 block from that /60.

    Also, IPv6 > IPv4 always! :)

    Thanked by 1Clouvider
  • ClouviderClouvider Member, Patron Provider

    @KuJoe /64 is deemed not enough, /48 is deemed too much. DSL should be assigned a block of at least a few /64s as was done in your case. It depends on the ISP though :)

    Glad to see your IPv6 routing works better than v4! This is usual outcome, unless that's tunnelled via HE.net, as the connection goes via newer (usually also higher capacity) core routers.

  • KuJoeKuJoe Member, Host Rep

    @Clouvider said:
    Glad to see your IPv6 routing works better than v4! This is usual outcome, unless that's tunnelled via HE.net, as the connection goes via newer (usually also higher capacity) core routers.

    Comcast in my area is awesome because they basically handoff their IPv6 to Level3 as soon as they can so my traceroutes over IPv6 usually have a third less hops than to the same server over IPv4 and as you can see nobody in my area uses IPv6 so I've never seen less than 100Mbps on my network.

    Thanked by 1Clouvider
  • Clouvider said: Official RIPE NCC training guide for preparation of Addressing Plans for ISPs: http://www.slideshare.net/ripencc/ipv6-addressing-plan-fundamentals

    Kinda interesting - RIPE itself told me (2015) to allocate a /48 per end user site/client, a /56 per end user network and a /64 per device when i justified my current /27 to them.

    You are probably right - I'll still assign a /64 per client device however, after all i have 2 million /48s by now anyway, which is more than enough for any number of users even with a /64 per device.

  • hostnoobhostnoob Member
    edited July 2015

    I'm sure I read something once about how each server should have a /64 assigned because instead of banning/blacklisting individual IPs, the entire /64 will be banned/blacklisted.

  • KuJoeKuJoe Member, Host Rep
    edited July 2015

    hostnoob said: I'm sure I read something once about how each server should have a /64 assigned because instead of banning/blacklisting individual IPs, the entire /64 will be banned/blacklisted.

    Each end user, not server. If a user has 5000 servers and each one of them is spamming, then a mailserver only needs to block the /64 to stop the spam from that end user (now of course they can get 5000 servers in 5000 data centers and 5000 /64s to bypass this, but it prevents them from rotating IPs from one /64 for the same data center). IRC networks do the same for people trying to evade bans from what I've read which is why a lot of people using VPSs for IRC don't want a shared /64 because the networks could block them for something another person, with a different IP but in the same /64, did.

  • @KuJoe said:
    Each end user, not server. If a user has 5000 servers and each one of them is spamming, then a mailserver only needs to block the /64 to stop the spam from that end user (now of course they can get 5000 servers in 5000 data centers and 5000 /64s to bypass this, but it prevents them from rotating IPs from one /64 for the same data center). IRC networks do the same for people trying to evade bans from what I've read which is why a lot of people using VPSs for IRC don't want a shared /64 because the networks could block them for something another person, with a different IP but in the same /64, did.

    Sorry yeah that's what I meant. That's why I don't like VPS providers who only give out a couple of IPs, even though IPv6 isn't used much now

  • ClouviderClouvider Member, Patron Provider
    edited July 2015

    Don't get me wrong here, server is a slightly different story as it might have legitimate need for an entire subnet assigned to it but you still can't say 1 host needs /64 on every case.

    We do assign /64 or even /48 if Customer requests so.

  • KuJoeKuJoe Member, Host Rep

    Clouvider said: We do assign /64 or even /48 per server if Customer requests so.

    We only assign a /64 per client per location, that block is shared with all of their services in that location. I know most data centers will assign a /48 per server though so I guess it's different based on the service (virtual vs dedicated).

  • rds100rds100 Member

    Actually /48 per server is not right according to RIPE. It's /48 per customer. If the customer has several servers - he has to split and use the same /48 on all of them. Giving more than a /48 to a single customer requires paperwork and is not worth it.

  • KuJoeKuJoe Member, Host Rep
    edited July 2015

    @rds100 said:
    Actually /48 per server is not right according to RIPE. It's /48 per customer. If the customer has several servers - he has to split and use the same /48 on all of them. Giving more than a /48 to a single customer requires paperwork and is not worth it.

    I would agree with you but what if a data center's client has 1000 of their own clients on a single server? In theory the data center's client would effectively be an ISP (using ARIN's wording) and the client's clients would be end users so the ISP would have /48 and the end users would have /64s basically. Now ideally the data center would assign a /48 to the client's VLAN so all of their dedicated servers can share that one /48 but when you're dealing with rented equipment usually each dedicated server is on it's own VLAN and each VLAN is treated individually in terms of IP assignments (at least in my experience).

  • rds100rds100 Member

    /48 is for a network. An end customer with a VPS is not a network, he is a single host. A single host gets a /64 (that's more or less the equivalent of a /32 ipv4, although not exactly). Giving a /48 to a single end host (VPS) would be like giving it a /24 ipv4. And giving a /16 ipv4 to the customer with the dedicated server, so he can give /24s ipv4 to his end customers.

  • KuJoeKuJoe Member, Host Rep
    edited July 2015

    @rds100 said:
    /48 is for a network. An end customer with a VPS is not a network, he is a single host. A single host gets a /64 (that's more or less the equivalent of a /32 ipv4, although not exactly). Giving a /48 to a single end host (VPS) would be like giving it a /24 ipv4. And giving a /16 ipv4 to the customer with the dedicated server, so he can give /24s ipv4 to his end customers.

    I agree, but an end customer who sells VPSs on a dedicated server is essentially a network (/48) and the VPS clients are end users who should receive a /64 each (not per VPS, per person).

  • ClouviderClouvider Member, Patron Provider

    @rds100 I wasn't clear enough. We give up to /48 on a private VLAN and that's shared across the location. It was hypothetical single server scenario.

  • myhkenmyhken Member

    Lots of reply, but no reply on if my router/modem gives me a uniqe set of IPv6 or of Asus routers uses the same IPv6 subnet.

  • Again, as said, look if the range is PRIVATE or PUBLIC - If public then no, if private then it is doing some sort of NAT.

    Thanked by 1myhken
Sign In or Register to comment.