Subnetting for IPv6: /48 to /64 and Beyond

IPv6 Subnetting Is Different

In IPv4, subnetting is about conserving scarce addresses. In IPv6, the address space is so vast (2^128) that subnetting is purely about network organization. You never need to worry about running out of addresses.

The standard allocation from an ISP looks like:

# UFW example: deny all, allow SSH and HTTPS only
sudo ufw default deny incoming
sudo ufw allow 22/tcp
sudo ufw allow 443/tcp
sudo ufw enable

The IPv6 Address Hierarchy

wzxhzdk:1

Why /64 Is the Standard Subnet

Every IPv6 subnet should be a /64 -- no exceptions for normal LANs. This is because:

• SLAAC requires /64 -- Stateless address autoconfiguration generates a 64-bit interface ID.
• Neighbor Discovery assumes /64 -- The protocol operates within /64 boundaries.
• Standards mandate it -- RFC 6164 is the only exception (point-to-point links can use /127).

Never use /112 or /120 to "save" IPv6 addresses on a LAN. The address space is designed to be used generously.

Practical Subnetting Example

Given a /48 allocation of 2001:db8:abcd::/48, create subnets for a campus:

wzxhzdk:2

A structured scheme using the 16-bit subnet ID enables logical grouping: 01xx for Building A, 02xx for Building B, 0fxx for infrastructure.

Nibble Boundaries

In IPv6, it is best practice to subnet on nibble boundaries (4-bit increments). Since IPv6 addresses are written in hexadecimal, each hex digit represents exactly 4 bits. Subnetting on nibble boundaries makes addresses human-readable.

wzxhzdk:3

Point-to-Point Links

RFC 6164 recommends /127 for point-to-point links (similar to IPv4's /31). This prevents the "ping-pong" attack where a packet addressed to the subnet-router anycast address bounces between two routers.

wzxhzdk:4