Do you recommend to use IPv6 addressing with /120 subnet. I personally prefer having 2^8 addressess is good and it is more than enough to my server farm. But some others says that since we don't have any restrictions in address space, its ok to go with /64 subneting. What you guys prefer.
Have any one faced any issue with IPv6 address planning with more than /64 subnetting before for your server farm.
You can subnet to /120 in IPv6 if you want. Certainly you will save address space. If your service provider assigns you a /64 network, you will have 56 bits of subnets addresses to assign. That's 16 million times the size of the entire IPv4 space * 256-host blocks.
Lots of folks are used to addressing out of /24s, and /120s make sense. /120 is even on a nibble boundary, which makes subnetting simpler if not easy. Subnetting in hexadecimal to non-nibble boundaries is painful and confusing for a lot of people.
Finally and most convincingly, /120 reduces your exposure to ND cache exhaustion attacks. This attack is a bit like an ARP flooding attack for IPv6, except that many of us haven't worried about ARP table sizes in IPv4 for years. IPv6 subnets are large enough that your router can't possibly actually resolve ND entries for every host in a /64.
All that said, I don't necessarily recommend subnetting to /120 in IPv6. I've said here before that my own IPv6 plan has been to assign a /64 to all of my network segments, but not necessarily to number the interface with a /64. This makes renumbering easier if the subnet has to expand. I think subnets longer than /64 make sense in networks that are reachable from the Internet - because they are most vulnerable to attack - but not necessarily anywhere else. Address conservation is unnecessary, because as a business you're going to get a /48 from your provider. That's 65536 /64 subnets. If you need more subnets than that or you're numbering more than one site in your AS, you can go to your RIR and get provider-independent space.
Thanks Bradford, well said.
If you feel /120 is not comfertable, what about /116. We will have last octect's last three bit for hosts and it can easly map our /24 subnets. And eventually it will address ND chache exhaustion also.
Cisco IPv6 addressing white paper address some other issues also such 71th and 72nd bit represent some special meaning. Do you have any idea?
In most implementations with subnets longer than /64 that I know of, the admins are ignoring the problem of the 71st and 72nd bit because few IPv6 implementations care. I don't think that this is actually a good idea, but that's how it's being done regardless. There don't seem to be any consequences of it yet.
I'm not saying that you should not use /120. /120 may make sense for your network. I'm just saying that there are a lot of considerations before you make the decision to make such long prefixes. Do you want to use SLAAC? DHCPv6? Static addressing? Do you have a plan for managing that many bits of address space? What is the motivation for using /120? If it's familiarity with 8-bit subnets or address conservation, I think these are weak motivations. If it's security, then consider whether the subnet is actually vulnerable to outside attack and ND exhaustion, or if it will have protection from a stateful firewall that can prevent that attack.
I'm not making a one-size-fits-all recommendation. You have to analyze your network and your requirements and decide if /120 meets those requirements better than /64.
Well, I'm planning for Datacenter network. So, my intention is
1. Managing servers and static IP address allocations. I will not use DHSP.
2. Of course, security. I dont want to comlecate my network & ND- cache exhaution .
If there is not other things, I prefer to go with /120. Make sence?
And If we continue to use auto-configurating IPv6 address using Mac-Address, It doesnt make full use of IPv6 address. Again we will fall in limitation at 2^64 range. That is I can have limited devices in my local network with MAC address space. Of course, this is not my consideration at this point for allocating /120 subnets.