IPv6中的子网划分和网络隔离

严格意义上来讲,在IPv6中,不再有子网、网段的概念取而代之的是链路,因此基于IPv4的一些网络规划的概念(如子网/网段隔离等),需要做出调整。
IPv6中不再有掩码的概念取而代之的是地址的前 缀长度(简称 前缀)主机号的概念也不再存在,取而代之的是 “接口ID”。
但IPv6中的前缀 与 IPv4中的CIDR 掩码 工作原理仍然类似,IPv6地址的 前缀长度 决定了 在该IPv6地址中有多少bit位 用于定义 该地址所在的网络的 网络ID。
 

【IPv6的路由策略、寻址策略、网络隔离的实现等,均与IPv4不同,如在网络隔离上,由于不再有IPv4中的基于子网/网段来做隔离的概念,不同子网/网段的IPv6地址的主机,如果连到到一个相同的链路上,也是能够实现通信 的(基于自动配置的 链路本地地址),不再要求 两个子网/网段 的网关节点之间必须互通(IPv4中就要求各子网/网段必须配置默认网关,跨网段通信时,数据包会先传递给自己的网关,网关出去再去寻址到对端网关的路由,两个IPv4网关间必须有可达路由才能通信。但IPv6不再有默认网关的概念,基于链路本地地址,只要两个主机处在同一条L2链路上,就可以相互发现、完成相互通信,不管它们配置的IPv6 地址是否在同一子网/局域网/网段中)】
【即虽然IPv6前缀中也有subnet ID部分,但在L2处于同一链路的情况下(未划分不同的VLAN,不同VLAN属于不同L2链路),L3层无法再 通过 “给不同 subnet ID配置不同的 网段/子网/网关(网关之间不加路由)” 的方式来实现网络隔离,IPv6地址前缀中的subnet ID部分,应该只是用于路由策略规划、路由收敛等,也可以理解为IPv6的子网划分不再是出于网络隔离/细分 的目的,IPv6的网络隔离必须在L2层完成,如将主机划分到不同VLAN中去】

Pv6 subnetting is easier than IPv4. It’s also different. Want to divide or combine a subnet? All that is needed is to add or chop off digits and adjust the prefix length by a multiple of four. No longer is there a need to calculate subnet start/end addresses, usable addresses, the null route, or the broadcast address.

IPv4 had a subnet mask (dotted quad notation) that was later replaced by CIDR masking. IPv6 doesn’t have a subnet mask but instead calls it a Prefix Length, often shortened to “Prefix”. Prefix length and CIDR masking work similarly; The prefix length denotes how many bits of the address define the network in which it exists. Most commonly the prefixes used with IPv6 are multiples of four, as seen in Table IPv6 Subnet Table, but they can be any number between 0 and 128.

Using prefix lengths in multiples of four makes it easier for humans to distinguish IPv6 subnets. All that is required to design a larger or smaller subnet is to adjust the prefix by multiple of four. For reference, see Table IPv6 Subnet Table listing the possible IPv6 addresses, as well as how many IP addresses are contained inside of each subnet.
用4的整数倍的长度为 前缀长度时,比较容易让人们区分IPv6的子网,当需要增大或减少子网中的IP地址数时,只需要相应增加或减少4的整数倍即可。
但严格意义上来讲,前缀长度,可以是0 到 128的 任意整数。
如下:
IPv6 Subnet Table

Prefix

Subnet Example

Total IP Addresses

# of /64 nets

4

x::

2 124

2 60

8

xx::

2 120

2 56

12

xxx::

2 116

2 52

16

xxxx::

2 112

2 48

20

xxxx:x::

2 108

2 44

24

xxxx:xx::

2 104

2 40

28

xxxx:xxx::

2 100

2 36

32

xxxx:xxxx::

2 96

4,294,967,296

36

xxxx:xxxx:x::

2 92

268,435,456

40

xxxx:xxxx:xx::

2 88

16,777,216

44

xxxx:xxxx:xxx::

2 84

1,048,576

48

xxxx:xxxx:xxxx::

2 80

65,536

52

xxxx:xxxx:xxxx:x::

2 76

4,096

56

xxxx:xxxx:xxxx:xx::

2 72

256

60

xxxx:xxxx:xxxx:xxx::

2 68

16

64

xxxx:xxxx:xxxx:xxxx::

2 64 (18,446,744,073,709,551,616)

1

68

xxxx:xxxx:xxxx:xxxx:x::

2 60 (1,152,921,504,606,846,976)

0

72

xxxx:xxxx:xxxx:xxxx:xx::

2 56 (72,057,594,037,927,936)

0

76

xxxx:xxxx:xxxx:xxxx:xxx::

2 52 (4,503,599,627,370,496)

0

80

xxxx:xxxx:xxxx:xxxx:xxxx::

2 48 (281,474,976,710,656)

0

84

xxxx:xxxx:xxxx:xxxx:xxxx:x::

2 44 (17,592,186,044,416)

0

88

xxxx:xxxx:xxxx:xxxx:xxxx:xx::

2 40 (1,099,511,627,776)

0

92

xxxx:xxxx:xxxx:xxxx:xxxx:xxx::

2 36 (68,719,476,736)

0

96

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::

2 32 (4,294,967,296)

0

100

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:x::

2 28 (268,435,456)

0

104

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx::

2 24 (16,777,216)

0

108

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx::

2 20 (1,048,576)

0

112

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::

2 16 (65,536)

0

116

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:x::

2 12 (4,096)

0

120

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xx::

2 8 (256)

0

124

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxx::

2 4 (16)

0

128

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

2 0 (1)

0

A  /64 is a standard size IPv6 subnet as defined by the IETF. It is smallest subnet that can used locally if auto configuration is desired. /64前缀 是IPv6中由 IETF组织定义的标准子网大小。如果本地想获取自动配置,那么这个长度的子网地址是能获取到的最小子网(能自动获取到的最长 前缀)

Typically, an ISP assigns a  /64 or smaller subnet to establish service on the WAN. An additional network is routed for LAN use. The size of the allocation depends upon the ISP, but it’s not uncommon to see end users receive at least a  /64 and even up to a  /48.通常,ISP 分配/64 子网 或更小的子网在WAN上建立服务。另外大小的子网则通常用于路由到LAN中。子网分配的大小 取决于ISP,但终端用户获取到 /64 或更大 /48 子网IPv6地址的情况不常见。

A tunnel service provider such as tunnelbroker.net run by Hurricane Electric will allocate a  /48 in addition to a routed  /64 subnet and a  /64 interconnect. 管道服务提供商,如Hurricane Electric 的 tunnerlbroker.net 就会在分配 /64位子网的同时会分配一个/48位的子网,用于/48到 /64子网 或 /64子网之间的路由。【跟IPv4的CIDR 路由原理类似?】

Assignments larger than  /64 usually adopt the first  /64 for LAN and subdivide the rest for requirements such as VPN tunnel, DMZ, or a guest network. 前缀大于/64位的子网划分中,通常将第一个 /64位地址用于 LAN[之间的通信],其他更小的子网则 分别 用于 像是 VPN 管道,DMZ,或 访问网络等。

Special IPv6 Subnets

Special use networks are reserved in IPv6. A full list of these can be found in the Wikipedia IPv6 article. Six examples of IPv6 special networks and their addresses are shown below in IPv6 Special Networks and Addresses.

IPv6 Special Networks and Addresses

Network

Purpose

2001:db8::/32

Documentation prefix used for examples

::1

Localhost

fc00::/7

Unique Local Addresses (ULA) - also known as “Private” IPv6 addresses.

fe80::/10

Link Local addresses, only valid inside a single broadcast domain.

2001::/16

Global Unique Addresses (GUA) - Routable IPv6 addresses.

ff00::0/8

Multicast addresses

 









posted @ 2023-04-18 11:03  慢旅  阅读(3832)  评论(0)    收藏  举报