building a transparent ipv6 address plan

Hi

While watching ipv6 design and deployment course on safari, i came across a cool addressing design tip.

As an organisation, you will get a /48 address space, which gives you 16 bits for subnets which equals 65535 subnets. A good idea, especially taking into account how firewall rules are created is to use first 4 bits for traffic type, next 4 bit for the location, next 4 bit for the building and last 4 bits for the floor.

 

In an example address 2001:db8:0001:8149:: we have traffic type 8, location 1, building 4, floor 9. If a fw admin wants to ban only this traffic type in this particular location across all buildings and floors, he (or she 😉 will have an easy job configuring an deny acl for 2001:db8:0001:8100/56, and in the future this can be modified to include all locations only by changing one hex character to 2001:db8:0001:8000/52

So cool.

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie na Google

Komentujesz korzystając z konta Google. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s