IPv6 Subnetting: /48, /64, and Beyond
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/guide/ipv6-subnetting-guide/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/guide/ipv6-subnetting-guide/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/guide/ipv6-subnetting-guide/)Use the native HTML custom element.
Master IPv6 subnetting — from prefix delegation and nibble boundaries to /48 site assignments, /64 subnet standards, and /128 host routes.
IPv6 Subnetting: /48, /64, and Beyond
Why IPv6 Subnetting Feels Different
If you are comfortable subnetting IPv4, IPv6 will initially feel strange. The address space is astronomically larger (128 bits vs 32 bits), the notation is hexadecimal, and the conventional subnet sizes are almost laughably generous. But underneath the surface, IPv6 subnetting follows the same binary logic as IPv4 — it just operates at a different scale.
The good news is that IPv6 was designed with subnetting hierarchy in mind. The address space is so large that the conventions are simpler than IPv4 VLSM for most deployments. You will rarely need to calculate exact host counts or borrow bits to avoid waste.
IPv6 Address Structure Review
An IPv6 address is 128 bits, written as 8 groups of 4 hexadecimal digits separated by colons:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
^^^^ ← each group is 4 hex digits = 16 bits
Simplified notation rules:
- Leading zeros in each group may be omitted: 0db8 → db8
- One contiguous run of all-zero groups may be replaced with ::: 0000:0000 → ::
Full: 2001:0db8:0000:0001:0000:0000:0000:0001
Compressed: 2001:db8:0:1::1
The Conventional Hierarchy
IPv6 was designed around a three-level hierarchy for globally routed addresses:
/48 ← Site prefix (given to an organisation)
/64 ← Subnet (one per LAN segment)
/128 ← Individual host address
This means a typical organisation receives a /48 prefix and has room for 65,536 separate /64 subnets — enough for any conceivable network topology.
Prefix Delegation: How IPv6 Addresses Are Distributed
Global Unicast Address Structure
The global unicast range is 2000::/3 (all addresses starting with binary 001). The allocation hierarchy flows from IANA to RIRs to ISPs to end users:
IANA → /12 → ARIN/RIPE/APNIC (Regional Internet Registries)
├── ISP Large → /32
├── ISP Small → /36
├── Enterprise Organisation → /48
└── Home User → /56 or /60
What Your ISP Gives You
| Customer Type | Typical Prefix | Subnets Available |
|---|---|---|
| Enterprise | /48 | 65,536 × /64 subnets |
| Small business | /52 | 4,096 × /64 subnets |
| Home broadband | /56 | 256 × /64 subnets |
| Some ISPs give homes | /60 | 16 × /64 subnets |
DHCPv6-PD (Prefix Delegation) is the protocol used by a router to request a prefix block from an ISP. The ISP assigns, say, a /56, and the router can then sub-delegate /64 prefixes to individual network segments (Wi-Fi, wired, IoT VLAN, etc.).
Nibble Boundaries: Subnetting Along Hex Digit Lines
A nibble is 4 bits — exactly one hexadecimal digit. Subnetting along nibble boundaries makes IPv6 addresses much easier to read and troubleshoot because the boundary falls cleanly on a hex digit boundary.
Common Nibble Boundary Prefixes
| Prefix Length | Bits | Hex digits into address | Subnets from /48 |
|---|---|---|---|
| /48 | 48 | 12 (entire prefix) | Base allocation |
| /52 | 52 | 13 | 16 |
| /56 | 56 | 14 | 256 |
| /60 | 60 | 15 | 4,096 |
| /64 | 64 | 16 | 65,536 |
Non-Nibble Boundaries Are Possible But Painful
You could subnet at /50 or /53, but then your subnet boundary falls in the middle of a hex digit. This makes mental arithmetic much harder and is strongly discouraged for manually managed networks.
# /64 boundary — clean hex digit:
2001:db8:1234:0001::/64 ← boundary is after the 4th group, a clean ':'
# /50 boundary — messy:
2001:db8:1234:0040::/50 ← boundary is inside a hex digit, hard to read
Unless you have a specific need (and enough experience to justify it), always subnet IPv6 on nibble boundaries.
The /48 Site Prefix
A /48 prefix is the standard assignment for a single organisation or site. With 48 bits fixed as the global routing prefix and 16 bits of subnet space before reaching the interface ID (/64), there are:
2^16 = 65,536 possible /64 subnets in a /48
For any organisation, 65,536 subnets is effectively unlimited. You will never come close to exhausting it.
Typical /48 Subnet Plan
Organisation prefix: 2001:db8:1234::/48
Marketing VLAN: 2001:db8:1234:0001::/64
Engineering VLAN: 2001:db8:1234:0002::/64
Guest Wi-Fi: 2001:db8:1234:0010::/64
Servers: 2001:db8:1234:0100::/64
Point-to-point links: 2001:db8:1234:0f00::/64 to 2001:db8:1234:0fff::/64
Future expansion: 2001:db8:1234:1000::/52 (4096 subnets reserved)
Second floor: 2001:db8:1234:2000::/52
The enormous address space means you can organise subnets by semantic groups (floor, department, purpose) without any concern about wasting addresses.
The /64 Subnet Standard
/64 is the standard subnet size for any network segment that contains hosts. This is not merely a convention — it is required for several IPv6 features to function correctly.
Why /64 Is Mandatory for Host Subnets
SLAAC (Stateless Address Autoconfiguration): Hosts automatically generate their own Interface ID (the low-order 64 bits) using either Modified EUI-64 or a randomly generated Privacy Extension address. SLAAC only works on /64 subnets. If you use /65 or anything longer, SLAAC breaks.
NDP (Neighbor Discovery Protocol): The Neighbor Discovery Protocol uses multicast groups derived from the low-order 24 bits of the interface ID. The protocol's efficiency assumptions are based on /64 networks.
RFC 7421: Formally documents that /64 is the de facto standard for host-facing subnets and that deviations cause interoperability issues.
What a /64 Contains
Each /64 subnet has 2^64 = 18,446,744,073,709,551,616 host addresses. Even at one address per nanosecond, you could assign addresses for nearly 585 years before exhausting a /64.
This abundance means you never need to be stingy with addresses on a subnet. Assign a /64 to every VLAN, every point-to-point link, and every loopback group — the waste is irrelevant at this scale.
/127 for Point-to-Point Links
For router-to-router links, you could use /64, but many operators use /127 (equivalent to IPv4's /30 — exactly two addresses) to eliminate waste and certain types of attacks.
RFC 6164 explicitly recommends /127 for inter-router links:
Router A interface: 2001:db8:1:1::0/127
Router B interface: 2001:db8:1:1::1/127
The two addresses are:
- 2001:db8:1:1::0 — one endpoint
- 2001:db8:1:1::1 — other endpoint
There is no subnet-router anycast address concern with /127 because RFC 6164 resolved the original objection to using /127.
/128 Host Routes
A /128 is a route to a single specific IPv6 address — the IPv6 equivalent of a host route (/32 in IPv4).
Common Uses of /128 Routes
Loopback addresses: Every router has a loopback interface with a /128:
Router loopback: 2001:db8:ffff::1/128
Anycast addresses: Service anycast addresses (like DNS servers in a BGP anycast setup) use /128 routes to attract traffic to the nearest instance.
Blackhole routes: Null routing (dropping) specific attacker IPs:
ip route add 2001:db8:evil::bad/128 blackhole
Host-specific policy routing: Applying specific routing policies to individual hosts.
SLAAC: How Hosts Generate Their Own Addresses
One of IPv6's most elegant features is that hosts can generate their own addresses without DHCP.
Modified EUI-64 Method
The interface ID is generated from the MAC address:
MAC address: 00:1A:2B:3C:4D:5E
1. Split at middle and insert FF:FE:
001A:2BFF:FE3C:4D5E
2. Flip the 7th bit (Universal/Local bit) of the first octet:
00 = 0000 0000 → flip bit 7 → 0000 0010 = 02
Result: 021A:2BFF:FE3C:4D5E
3. Combine with prefix:
2001:db8:1234:1::/64 + 021A:2BFF:FE3C:4D5E
= 2001:db8:1234:1:21a:2bff:fe3c:4d5e
Privacy Extensions (RFC 4941)
Because EUI-64 embeds the MAC address, it enables tracking across networks. Privacy Extensions generate a random Interface ID that changes periodically. Most modern OSes use Privacy Extensions by default for outbound connections.
Router Advertisement (RA) Parameters
Routers send RA messages containing the network prefix. Hosts use this prefix combined with their Interface ID to form a complete address:
RA contains: Prefix 2001:db8:1234:1::/64, A flag set, O flag unset
Host receives: prefix 2001:db8:1234:1::/64
Host generates: interface ID :021a:2bff:fe3c:4d5e
Host configures: 2001:db8:1234:1:21a:2bff:fe3c:4d5e/64
Default gateway: link-local address of the router (from RA source)
Practical IPv6 Subnetting Example
Given a /48 prefix 2001:db8:cafe::/48, design a subnet plan for a small enterprise:
Global prefix: 2001:db8:cafe::/48
Bits available for subnets: 64 - 48 = 16 bits → 65,536 /64 subnets
Subnet allocation plan:
Building A, Floor 1:
Corp VLAN 10: 2001:db8:cafe:0110::/64
Guest VLAN 20: 2001:db8:cafe:0120::/64
IoT VLAN 30: 2001:db8:cafe:0130::/64
Building A, Floor 2:
Corp VLAN 10: 2001:db8:cafe:0210::/64
Guest VLAN 20: 2001:db8:cafe:0220::/64
Data Centre:
Servers: 2001:db8:cafe:1000::/64 through :100f::/64
Storage: 2001:db8:cafe:1010::/64
Management:
Out-of-band: 2001:db8:cafe:f000::/64
Loopbacks: /128 addresses from 2001:db8:cafe:f001::/64
Point-to-point links (using /127):
Core–Dist1: 2001:db8:cafe:ff00::0/127
Core–Dist2: 2001:db8:cafe:ff00::2/127
Core–Dist3: 2001:db8:cafe:ff00::4/127
Notice the semantic organisation: second octet encodes building/floor, making subnets immediately human-readable in logs and firewall rules.
Summary
IPv6 subnetting is fundamentally simpler than IPv4 VLSM because address conservation is not a concern. The key rules to internalise are:
- Always use /64 for host-facing subnets — SLAAC and NDP require it
- Subnet along nibble (4-bit) boundaries for readability
- Use /127 for router-to-router point-to-point links
- Use /128 for loopback addresses, anycast, and host-specific routes
- Your /48 gives you 65,536 /64 subnets — organise them semantically, never worry about waste
The abundance of IPv6 address space is a feature. Use it to create clean, readable, purpose-organised subnet plans that will serve your network for decades.