IPv6 Subnetting¶
IPv6 subnetting is easier than IPv4. It’s also different. Want to divide or combine a subnet? All that is needed is to add or chop off digits and adjust the prefix length by a multiple of four. No longer is there a need to calculate subnet start/end addresses, usable addresses, the null route, or the broadcast address.
IPv4 had a subnet mask (dotted quad notation) that was later replaced by CIDR
masking. IPv6 doesn’t have a subnet mask but instead calls it a Prefix Length,
often shortened to “Prefix”. Prefix length and CIDR masking work similarly; The
prefix length denotes how many bits of the address define the network in which
it exists. Most commonly the prefixes used with IPv6 are multiples of four, as
seen in Table IPv6 Subnet Table, but they can be any number between
0
and 128
.
Using prefix lengths in multiples of four makes it easier for humans to distinguish IPv6 subnets. All that is required to design a larger or smaller subnet is to adjust the prefix by multiple of four. For reference, see Table IPv6 Subnet Table listing the possible IPv6 addresses, as well as how many IP addresses are contained inside of each subnet.
Prefix |
Subnet Example |
Total IP Addresses |
# of /64 nets |
---|---|---|---|
4 |
x:: |
2 124 |
2 60 |
8 |
xx:: |
2 120 |
2 56 |
12 |
xxx:: |
2 116 |
2 52 |
16 |
xxxx:: |
2 112 |
2 48 |
20 |
xxxx:x:: |
2 108 |
2 44 |
24 |
xxxx:xx:: |
2 104 |
2 40 |
28 |
xxxx:xxx:: |
2 100 |
2 36 |
32 |
xxxx:xxxx:: |
2 96 |
4,294,967,296 |
36 |
xxxx:xxxx:x:: |
2 92 |
268,435,456 |
40 |
xxxx:xxxx:xx:: |
2 88 |
16,777,216 |
44 |
xxxx:xxxx:xxx:: |
2 84 |
1,048,576 |
48 |
xxxx:xxxx:xxxx:: |
2 80 |
65,536 |
52 |
xxxx:xxxx:xxxx:x:: |
2 76 |
4,096 |
56 |
xxxx:xxxx:xxxx:xx:: |
2 72 |
256 |
60 |
xxxx:xxxx:xxxx:xxx:: |
2 68 |
16 |
64 |
xxxx:xxxx:xxxx:xxxx:: |
2 64 (18,446,744,073,709,551,616) |
1 |
68 |
xxxx:xxxx:xxxx:xxxx:x:: |
2 60 (1,152,921,504,606,846,976) |
0 |
72 |
xxxx:xxxx:xxxx:xxxx:xx:: |
2 56 (72,057,594,037,927,936) |
0 |
76 |
xxxx:xxxx:xxxx:xxxx:xxx:: |
2 52 (4,503,599,627,370,496) |
0 |
80 |
xxxx:xxxx:xxxx:xxxx:xxxx:: |
2 48 (281,474,976,710,656) |
0 |
84 |
xxxx:xxxx:xxxx:xxxx:xxxx:x:: |
2 44 (17,592,186,044,416) |
0 |
88 |
xxxx:xxxx:xxxx:xxxx:xxxx:xx:: |
2 40 (1,099,511,627,776) |
0 |
92 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxx:: |
2 36 (68,719,476,736) |
0 |
96 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:: |
2 32 (4,294,967,296) |
0 |
100 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:x:: |
2 28 (268,435,456) |
0 |
104 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx:: |
2 24 (16,777,216) |
0 |
108 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx:: |
2 20 (1,048,576) |
0 |
112 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:: |
2 16 (65,536) |
0 |
116 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:x:: |
2 12 (4,096) |
0 |
120 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx:: |
2 8 (256) |
0 |
124 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx:: |
2 4 (16) |
0 |
128 |
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx |
2 0 (1) |
0 |
A /64
is a standard size IPv6 subnet as defined by the IETF. It is smallest
subnet that can used locally if auto configuration is desired.
Typically, an ISP assigns a /64
or smaller subnet to establish service on
the WAN. An additional network is routed for LAN use. The size of the allocation
depends upon the ISP, but it’s not uncommon to see end users receive at least a
/64
and even up to a /48
.
A tunnel service provider such as tunnelbroker.net run by Hurricane Electric
will allocate a /48
in addition to a routed /64
subnet and a /64
interconnect.
Assignments larger than /64
usually adopt the first /64
for LAN and
subdivide the rest for requirements such as VPN tunnel, DMZ, or a guest network.
Special IPv6 Subnets¶
Special use networks are reserved in IPv6. A full list of these can be found in the Wikipedia IPv6 article. Six examples of IPv6 special networks and their addresses are shown below in IPv6 Special Networks and Addresses.
Network |
Purpose |
---|---|
2001:db8::/32 |
Documentation prefix used for examples (RFC 3849) |
3fff::/20 |
Documentation prefix used for examples (RFC 9637) |
::1 |
Localhost |
fc00::/7 |
Unique Local Addresses (ULA) - also known as “Private” IPv6 addresses. |
fe80::/10 |
Link Local addresses, only valid inside a single broadcast domain. |
ff00::0/8 |
Multicast addresses |
Neighbor Discovery¶
IPv4 hosts find each other on a local segment using ARP broadcast messages, but IPv6 hosts find each other by sending Neighbor Discovery Protocol (NDP) messages. Like ARP, NDP works inside a given broadcast domain to find other hosts inside of a specific subnet.
By sending special ICMPv6 packets to reserved multicast addresses, NDP handles the tasks of neighbor discovery, router solicitations, and route redirects similar to IPv4’s ICMP redirects.
pfSense® software automatically adds firewall rules on IPv6 enabled interfaces that permit NDP to function. All current known neighbors on IPv6 can viewed in the firewall GUI at Diagnostics > NDP Table.
Router Advertisements¶
IPv6 routers are located through their Router Advertisement (RA) messages instead of by DHCP. IPv6-enabled routers that support dynamic address assignment are expected to announce themselves on the network to all clients and respond to router solicitations. When acting as a client (WAN interfaces), pfSense software accepts RA messages from upstream routers. When acting as a router, pfSense software provides RA messages to clients on its internal networks. See Router Advertisements (Or: “Where is the DHCPv6 gateway option?”) for more details.
Address Allocation¶
Client addresses can be allocated by static addressing through SLAAC (Router Advertisements (Or: “Where is the DHCPv6 gateway option?”)), DHCP6 (IPv6 Router Advertisements), or other tunneling methods such as OpenVPN.
DHCP6 Prefix Delegation¶
DHCP6 Prefix Delegation delivers a routed IPv6 subnet to a DHCP6 client. A WAN type interface can be set to receive a prefix over DHCP6 (DHCP6, Track Interface). A router functioning at the edge of a large network can provide prefix delegation to other routers inside the network (DHCPv6 Prefix Delegation).