In many tutorials I see examples to add an IPv6 address on Linux like
ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0
Since an IPv6 address has 128 bits and this is only supposed to add a single IP, why is it done /64 and not /128 ?
Asked
Active
Viewed 1.8k times
6
-
1Thanks for your answers on subnets, but why would one add a _single_ IP as /64 subnet and not as /128 ? – Gene Vincent Sep 20 '10 at 20:07
-
The subnet masks tells the computer which addresses are on the local segment (and which can be communicated with directly) and which addresses must go through a router. A /128 mask means "this machine and this machine only" which isn't very useful for talking to other machines. – Gerald Combs Sep 20 '10 at 20:27
-
When I add an address to a local interaface, I don't think traffic to it should travel anywhere but my machine. In fact I have IPv4 adresses that are globally reachable bound /32 to the same interface. – Gene Vincent Sep 20 '10 at 21:33
-
You are definitely misunderstanding subnetting. Start reading cause you're globally reachable addresses are **not** on the interface as a /32 or they would not be reachable by anyone except the local computer. The /32 tells your computer that this address is reachable by nobody, and there are no other computers on this subnet. I posted a link to Evan's Subnetting article, please start reading. – Chris S Sep 26 '10 at 00:00
-
1@Chris S: The /32 tells your computer only that the address isn't part of a subnet but is strictly a host address. It's reachable by anyone who knows to get to this machine to reach it. (Typically the machine would advertise it by OSPF, RIP, or the like.) That's a very common thing to do for addresses that aren't associated with a particular network. – David Schwartz Dec 31 '11 at 00:37
3 Answers
12
64 is the subnet mask. In IPv6 /64 is the "default" subnet mask. In most *nix OSes you can specify the subnet mask by specifying the IP in CIDR notation.
See Evan's Subnetting answer for a lot more info on Subnets.
7
The IPv6 addressing architecture (RFC4291) requires all unicast addresses always have a prefix length of 64 bits. Using something other than a /64 will break a number of IPv6 features such as neighbor discovery, secure neighbor discovery (SEND), privacy extensions, mobile IPv6, embedded-RP (multicast), etc.
The current IPv6 address assignment guidelines call for allocating a /64 only when it is known that one and only one subnet is needed, otherwise a /56 should be allocated to small sites that are "expected to need only a few subnets over the next 5 years", or a /48 for larger sites. (ARIN policy 6.5.4.1)
A number of free tunnel brokers currently offer /48s. You could easily set up 65,536 globally routed /64s at home right now if you wanted to. (e.g. Hurricane Electric will give anyone a /48)
If that seems wasteful, consider that there are over 16 million times as many /48s possible as IPv4 /24s. And twice as many /48s as there are square centimeters of landmass on the earth. (2.8✕1014 versus 1.4✕1014 cm2).
-
8... which will be a problem once every nanobot has its own IPv6 address... – Ignacio Vazquez-Abrams Jan 04 '11 at 05:15
-
I think they went with /64 because they weren't being very creative. I've stood up an IPv6 network at home using /120 and so far, basic services work fine. It even seems like ICMPv6 neighbor discovery works fine. – Kumba Apr 06 '11 at 05:13
-
IPv6 addressing is based around the fundamental assumption that address space is not scarce. So even if you aren't going to have a real network and will only use one IP address, you are still supposed to assign a /64. Even if it's strictly a host address, you still assign a /64. (The only reason we don't do that with IPv6 is because address space is scarce. Otherwise, it'd be convenient if the subnet mask was always the same length -- one less thing to get wrong, plus plenty of spare addresses in case we discover we need another.) – David Schwartz Dec 31 '11 at 00:39
-
1@DavidSchwartz I think you mean "The only reason we don't do that with **IPv4**". Using a /120 makes addresses much easier to administer, even if you don't use the rest of the /64, you get to cut all of those extra octets and take full advantage of the "::". – Chris S Dec 31 '11 at 02:39
4
Most tunnel brokers (or native ipv6 delegations) give you a /64 and then route the whole /64 to your endpoint. Since the two endpoints (the one on the broker/ISP side and the one on your side) are part of this /64, you need to configure the /64 prefix.
It's basically the same as getting an ipv4 range from an ISP. If you get a /24, you add the netmask 255.255.255.0 (or /24) to your IP address. Otherwise, your host doesn't know how big the subnet is.
Wouter de Bie
- 719
- 5
- 7