nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv6 Subscriber Access Deployments

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Tue, 8 Sep 2015 22:17:01 +0200
On 8 September 2015 at 21:40, Josh Moore <jmoore () atcnetworks net> wrote:


The question becomes manageability. Unique VLAN per customer is not always
scalable. For example, only ~4000 VLAN tags. What happens when you have
more than that many customers? Also, provisioning. Who is going to
provision thousands of unique prefixes and VLANs, trunk them through
relevant equipment and ensure they are secured as well?




VLAN tags can be stacked (QinQ). This allows 4096*4096 VLANs. Also it
allows you to group them and use wildcard VLAN forwarding (ie. outer vlan
100 innervlan ANY). Or you can stuff the whole thing into a MPLS L2VPN
tunnel.

We are forced to use this scheme by the incumbent telco. It is simply the
way they hand off customer links to us. One end user per VLAN, each
"areacode" has an assigned outer tag and users within an area are assigned
inner tags sequentially starting with vlan 2. Ie. user #1 is 100.2, user #2
is 100.3, user #3 living in a different area is 101.2.

However we still want to preserve IPv4, so users will be sharing the same
IPv4 subnet even though they are on different VLANs. This is done by vlan
ranges on a layer 3 interface. As a consequence we are more or less forced
to do the same for the IPv6 setup. Every user that shares a IPv4 subnet
will also share a IPv6 /64 prefix on their uplinks.

We use DHCPv6-PD to allocate a /48 prefix to each user, so the shared
prefix is only used by the CPE on the uplink. Users will normally only see
the shared prefix if they do a traceroute. Their computer will have an
address from the /48 prefix.

Regards,

Baldur
Previous By Date Next
Previous By Thread Next

Current thread: