pfSense Gold Subscription

Author Topic: Split up IPv6 /36 using VLAN  (Read 479 times)

0 Members and 1 Guest are viewing this topic.

Offline shar0119

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Split up IPv6 /36 using VLAN
« on: October 24, 2017, 11:00:21 pm »
Hi,

My provider has provided me with /36 which is routed through a static /64 IPv6 address. I am able to setup the entire /36 through a LAN but I would like to split up the /36 into VLAN.

The provider has the following static route:

2604:2c40:1eee:2::2/64 (assigned to pfSense WAN)

2604:2c40:1eee:2::1/64 (provider gateway)

IPv6 assigned: 2602:FF23::/36

I created a VLAN with 2602:FF23:8888::1/64 but it does not allow to get to the internet.

Is there something I need to do to allow 2602:FF23:8888::1/64 VLAN to route through the 2602:FF23::1/36 LAN?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14753
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #1 on: October 25, 2017, 08:51:12 am »
They gave you a /36... Wow.. That is freaking HUGE... You sure that they gave you a /36... A /48 is your typical site prefix.. Which allows for 65K /64s -- A /36 is what something like 268 Million /64's

2602:FF23:8888::1/64

Where did you come up with 8888..

Compressed Address:   2602:ff23::/36
Expanded Address:   2602:ff23:0000:0000:0000:0000:0000:0000/36
Prefix:   ffff:ffff:f000:0000:0000:0000:0000:0000
Range:   2602:ff23:0:0:0:0:0:0 - 2602:ff23:fff:ffff:ffff:ffff:ffff:ffff

Notice the prefix your 8888 would not be a subnet of your 2602:ff23::/36

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline pmisch

  • Jr. Member
  • **
  • Posts: 90
  • Karma: +1/-0
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #2 on: November 24, 2017, 12:59:56 pm »
johnpoz is right. You might want to use a subnet calculator like this one:
http://www.gestioip.net/cgi-bin/subnet_calculator.cgi

Online JKnott

  • Hero Member
  • *****
  • Posts: 1076
  • Karma: +43/-6
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #3 on: November 24, 2017, 08:04:20 pm »
Quote
A /36 is what something like 268 Million /64's

There are enough /36s, to give one to every person on earth, with lots left over!

I only get a measly /56 from my ISP.     :'(

« Last Edit: November 24, 2017, 08:35:11 pm by JKnott »

marjohh

  • Guest
Re: Split up IPv6 /36 using VLAN
« Reply #4 on: November 25, 2017, 01:34:36 am »
Yeah, but a /56 is enough surely.  :)

I've got a /48, and apart from one /64 for my LAN and a another /56 for my test router that's all I use.



Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14753
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #5 on: November 25, 2017, 04:30:44 am »
I don't see anyone giving out a /36 to one site.. I take it typo or misunderstanding from a /56.. Why would you give such a large network to a site?  /48 is the typical site space...  ARIN or any RIR would give you as an ISP in your initial space a /32... Why would said isp give out 16th of their /32 space to 1 site?  Doesn't allow for that many sites..  Sure you can more space, but doesn't make a lot of sense to give out such big chunks.

So I could give out 65K /48 or 16 /36 ;)  Which would do you think you should give out?

Didn't comcast get a /9 which was a HUGE freaking allocation... Doesn't allow for a lot of customers if you give away such large chunks of your space..  Even if you had a /9

While I agree sure lets give everyone on the planet a /36... There for sure is plenty to go around, but that is how we ran into trouble with ipv4 - lack of management of the space..  A /48 allows for a HUGE network!!  65k /64's there would be zero reason for a /36 to one site.. You might give that to a region of your global network if you had say a /32 to work with..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline pmisch

  • Jr. Member
  • **
  • Posts: 90
  • Karma: +1/-0
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #6 on: November 25, 2017, 11:08:08 am »
Again I would have to agree with johnpoz. Even if the provider is actually handing out /36 I would consider it a waste and a bad practice. The odds are high that this information is actually wrong. Ask you provider!
This reminds me of a news article (sorry, german only):
https://www.heise.de/newsticker/meldung/Kaufland-und-britisches-Militaer-fordern-weit-mehr-IPv6-Adressen-2651973.html
It basically says there is military and other companies that actually demand to get smaller prefixes. There is this guy called Alexander Brinkmann from Kaufland (a big retailer) who claims a /29 prefix is too big for large companies. German military btw received a/26 prefix.

Online JKnott

  • Hero Member
  • *****
  • Posts: 1076
  • Karma: +43/-6
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #7 on: November 25, 2017, 11:57:51 am »
^^^^
That article can be translated.  However, if an organization is world wide, then they might want to have blocks from the various regions.  One of the reasons for having such a large address space is to have address blocks tied to a region, to reduce the size of routing tables.  There was a problem a few years back, where the memory of some routers was overloaded, causing routing failures.

Offline bimmerdriver

  • Sr. Member
  • ****
  • Posts: 509
  • Karma: +21/-3
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #8 on: November 26, 2017, 01:08:49 am »
I don't see anyone giving out a /36 to one site.. I take it typo or misunderstanding from a /56.. Why would you give such a large network to a site?  /48 is the typical site space...  ARIN or any RIR would give you as an ISP in your initial space a /32... Why would said isp give out 16th of their /32 space to 1 site?  Doesn't allow for that many sites..  Sure you can more space, but doesn't make a lot of sense to give out such big chunks.

So I could give out 65K /48 or 16 /36 ;)  Which would do you think you should give out?

Didn't comcast get a /9 which was a HUGE freaking allocation... Doesn't allow for a lot of customers if you give away such large chunks of your space..  Even if you had a /9

While I agree sure lets give everyone on the planet a /36... There for sure is plenty to go around, but that is how we ran into trouble with ipv4 - lack of management of the space..  A /48 allows for a HUGE network!!  65k /64's there would be zero reason for a /36 to one site.. You might give that to a region of your global network if you had say a /32 to work with..
IMO, it's just stupid giving out a /36 to any single organization. Even a /56 is overkill for end-users. Sure, there are 64 bits of networks, but pissing it away in such massive chunks at this early stage in its adoption is short-sighted.

marjohh

  • Guest
Re: Split up IPv6 /36 using VLAN
« Reply #9 on: November 26, 2017, 01:21:17 am »
IoT - Everything will be connected to the Internet. For example, your underpants will be connected one day. Rather then changing them every day, they will email you when they require changing, this will save on laundry and thus this is eco friendly and saving the planet. This applies to all garments, under and over, in fact all forms of apparel.

Thus you can start to see how a basic /56 allocation for each person on the planet will be the bare minimum, those with larger wardrobes, like my wife, mainly down to her handbags and shoes, will of course need to apply possibly for a /48.
« Last Edit: November 26, 2017, 01:37:25 am by marjohn56 »

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9565
  • Karma: +1084/-309
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #10 on: November 26, 2017, 02:29:56 am »
IPv6 really shouldn't be thought of in terms of host address counts.

There are 18-billion-billion host addresses in the standard interface subnet (/64). That amount of hosts on one subnet is, for all intents and purposes, infinite and not worthy of any consideration or thought. The 64 host bits in a /64 interface subnet simply do not exist from a network design perspective. And no, it is NOT wasteful. Just get over it, set your /64 interface subnets, and move on.

IPv6 should be thought of in terms of available networks to delegate to different to sites (The /36 mentioned here could delegate to 4096 /48,  65536 /52, or  1.048M /56 sites) or in terms of the number of available interfaces (/64 of course) at that site (/48 = 65536, /52 = 4096, /56 = 256).

That is why assigning a /48 to any reasonably-sized campus is not obscene. If they decide to set up some VPNs or whatever out of that they only have 256 /56s (or 16 /52s, or 4096 /60s) to play with. When you start splitting the space up like it is intended, you start to get down to numbers the typical dude can understand - like 256 and 16.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14753
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #11 on: November 26, 2017, 04:25:33 am »
Well put Derelict.. Which was the point I was trying to make myself ;)

Its not about the number addresses in that space, its the number of prefixes that can be used under it.. I just do not see handing a specific site/user a /36 -- makes zero sense.. Then take into account they do not even know how to subnet it ;)  And points to typo even more..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Online JKnott

  • Hero Member
  • *****
  • Posts: 1076
  • Karma: +43/-6
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #12 on: November 26, 2017, 07:00:55 am »
Quote
IMO, it's just stupid giving out a /36 to any single organization. Even a /56 is overkill for end-users. Sure, there are 64 bits of networks, but pissing it away in such massive chunks at this early stage in its adoption is short-sighted.

One reason for the huge address space is so that it won't be necessary to worry about saving addresses.  Bear in mind, only 1/8th of the entire IPv6 address space is used for unique global addresses and a much smaller amount for everything else.  This means well over 3/4s of the address space has not been assigned any purpose and is available if needed.

Offline bimmerdriver

  • Sr. Member
  • ****
  • Posts: 509
  • Karma: +21/-3
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #13 on: November 26, 2017, 11:02:26 am »
Well put Derelict.. Which was the point I was trying to make myself ;)

Its not about the number addresses in that space, its the number of prefixes that can be used under it.. I just do not see handing a specific site/user a /36 -- makes zero sense.. Then take into account they do not even know how to subnet it ;)  And points to typo even more..
My point was not about 64 bits on an individual network, it was about squandering networks. This is the money quote.

Online JKnott

  • Hero Member
  • *****
  • Posts: 1076
  • Karma: +43/-6
    • View Profile
Re: Split up IPv6 /36 using VLAN
« Reply #14 on: November 26, 2017, 11:31:20 am »
Its not about the number addresses in that space, its the number of prefixes that can be used under it.. I just do not see handing a specific site/user a /36 -- makes zero sense.. Then take into account they do not even know how to subnet it ;)  And points to typo even more..
My point was not about 64 bits on an individual network, it was about squandering networks. This is the money quote.
[/quote]

Given the huge address space, there's plenty to squander.  That was intentional.  As I mentioned above, there are enough addresses to give every person on earth a /36.  That's 4096 /48s each.  Seems to me there's plenty to squander.  Unlike IPv4, we don't have to squeeze out every last address.  The immense size of the IPv6 address space is pretty much inconceivable, until you start making comparisons.  For example, a single /64 has as many addresses as the entire IPv4 address space squared!  And there are the same number of /64 prefixes.  That is, for every single IPv4 address, there are over 4 billion /64 prefixes.  It would really take some effort to run out of IPv6 address, even with only 1/8th the address space being used.  The address space was made huge, to avoid worrying about such things.

Here's another interesting comparison.  I recently watched a show about multiple universes.  One point made is there are about 10^80 elementary particles in the entire known universe.  Well, 2^128 is about 3.4 x 10^38 addresses, so if you take that number, multiply by 30 and then square the result, you're in the same ball park as the number of particles in the universe.  128 bits provides a *LOT* of addresses.