IPv6 has a big enough address space that it's more than reasonable to consider subnetting to the port. Effectively this means Layer 3 routing at a port level for an entire enterprise network.
The benefits to this are many, and should be straight forward to understand.
- Reliability
- Performance
- Fault tolerance
- Simplicity
- Security
I'm not going to go into any depth at this time on those bullet points, I'll save that for future articles.
Here's an example interface config for a Cisco L3 capable switch.
interface GigabitEthernet1/0/19
no switchport
ip address 10.0.4.9 255.255.255.248
no ip redirects
no ip unreachables
ip pim sparse-mode
ipv6 address FDAA:AAAA:AAAA:AA00:0:13:7F77:1/96
ipv6 enable
ipv6 nd other-config-flag
no ipv6 redirects
no ipv6 unreachables
ipv6 verify unicast source reachable-via rx allow-default
arp timeout 60
One of the items that I've learned since Version 1 of this post is that some devices *do* consider EUI-64 to be a hard set standard, and will not accept the variable subnet mask on the interface.
EUI-64 is a mistake, as integrating the MAC address into the IP address doesn't enhance the function of IP, and doesn't provide the additional level of security it was intended to (RFC 4941). Converting the network to completely L3 to the port performs most of the intended functions of EUI-64 much better than EUI-64 ever could.
So, the /96 bit subnet mask wouldn't be possible with the way the current RFC is being interpreted right now by some devices it seems.
So, EUI-64 on every port is the direction that this standard is going to push us. The idea of L3 to the port isn't going to go away once enterprise network engineers understand the concept. It provides too many benefits to the enterprise network, particularly in the area of security. (But, performance and reliability are key as well).
The issue is, at this time, EUI-64 wasn't constructed with the idea of port level layer 3 in mind. As big as a 64 bit subnet address space seems, allocating subnets per port wasn't in the minds of the designers.
That doesn't mean per-port layer 3 is wrong, quite the opposite. Layer 3 to the port is a worthwhile goal. EUI-64 simply needs to be changed to accommodate it.
Before dismissing the idea of a complete layer 3 network, keep in mind that most ideas like this in IT were dismissed as impractical, but later found to be beneficial to the environment. Some examples are enterprise networks completely converting to all switch ports, or of computers using more than 64k of memory, or 640k of memory. IT is filled with concepts like these that didn't seem practical at the time, but eventually did come to pass. The Internet itself as an idea is probably the best example of this.
This idea will happen in the enterprise, it's simply a matter of this decade, or the next. It would be better if the standards were scaled appropriately to the eventuality.
Rob
No comments:
Post a Comment