Warly wrote: > Hello, > > This mail is about a deployment of computers with IPv6 network stack > and questions about best practices in this regard. > > Please feel free to redirect me to more appropriate mailing lists if > this is not the right one.
I think this list is fine. There are [EMAIL PROTECTED] and [EMAIL PROTECTED] lists that may discuss this from a standardization perspective. There may also be a list at RIPE talking allocation policy. > I am working on the device management for an initial set of about > 10000 computers for the end of 2008. Those computers will be included > in a Internet subscription by an Internet Service Provider. Is this ISP kind of ADSL home subscription? Or is it Enterprise? > Those computers will use a classic IPv4 network stack for Internet > connectivity with dynamic IPv4 addresses. > > However those computers will be remotely administrated. To do so I > intend to use an IPsec VPN with IPv6 unique address per computer. > > The management servers will have IPv6 connectivity to the IPv6 > backbone, so the IPv6 VPN used for network administration could also > be used as tunnel to access the IPv6 backbone by the computers. > > My initial idea was to assign to each computer an unique 64 bit host > id and a /64 network prefix based on the management server it depends > on. The 64bit HostID can easily be derived from the MAC address, especially if it's a PC with Ethernet card - the IPv6 stacks all do that. No need for a person to assign these host ids (if that's what you meant). The /64 network prefix depending on the central server - hmmm... Do you consider that the PC at the user's site is part of a network which is _already_ IPv6? For example, an ADSL operator deploys IPv6 at home and there's already an IPv6 /64 prefix assigned to each ADSL subscriber. One would better re-use that prefix, I think, instead of assigning new prefixes through some tunnels. If the ISP doesn't deploy IPv6 to subscriber then there are several methods to deploy IPv6 to a SOHO when one has control on the ADSL box - 6to4 is a possibility and there are others. With 6to4, the end user gets a /48 out of a single IPv4 address. > The initial 10000 computers may then be followed by several other > bunch of 10000 computers, depending on the commercial success of the > offer. > > Depending on the charge on the server, each server may handle a few > thousands of computers to a few tens of thousands. > > Each home with the same Internet connection will share the same /64 > prefix. Each server will have a /48 prefix and could handle up to > 2^^16 different home networks. Likely this means I will need a /44 or > /40 prefix as soon as I use more than two management servers. > > Should I use site local or global adresses for each computer, given > that it could be connected to the IPv6 backbone ? Can my application > for a /32 prefix could be granted for such a need ? No, no use of the site-local addresses, being deprecated. Go for global addresses. If your technical solution is IPv6-through-IPv4 then you may as well go for link-local addresses only (fe80::). I think yes, your application for a /32 could be granted, but I have no precise idea. I would be more reasonable and ask for a /48, because you're talking about tens of thousands of subnets. Is 65535 subnets enough? Do you ask a RIR (RIPE)? Or do you ask a super-provider? > Should I use 64 bit host id for the computer, or, given the high > number of /64 subnet needed, I should go for /80 net prefix and 48 > bit only for host id ? That is a very good question that deserves pondering over, a lot. Software-wise: if you use the 64bit Ethernet IDs then there's much widely available software for address auto-configuration, whereas for more than 64bit (/80 net prefix) one needs to use DHCPv6 - less implementations, but available. If you deliver /64 to a household and the manager of the household can't, or doesn't know, use DHCPv6 then that household is effectively limited to using one single IPv6 subnet. At least by the current state of affairs in standardization. This may prove constraining for the deployment of IPv6. Many households have multiple IPv4 subnets (one for wifi, one gaming, one printing, one kids, etc.) and would like to migrate to IPv6 while keeping the same multi-subnet structure. So it is more interesting to deliver less than /64 to a household (e.g. /60) so that the household manager can further split it up to /64. But, I'm not sure I understand the goal: is the goal to deliver IPv6 to household? Or is to simply use IPv6 to remotely administer some machines? Or is the goal to deploy a remote management system that is just compatible with IPv6 (be ready for IPv6 when it arrives)? And finally, is the household already having IPv6 or not. Alex > > Thanks! > ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ _______________________________________________ Users mailing list Users@ipv6.org https://lists.ipv6.org/mailman/listinfo/users
