Wednesday, March 31, 2021

Layer 3 Access and IPv6

We are working on an IPv6 addressing scheme for our enterprise. We also use layer 3 access for IPv4 and have for 15+ years. Each switch stack has its own production, VoIP, and management subnets (and special networks as needed). The reasons for L3 access were to limit broadcast domain size and minimize the spanning tree.

Now we're working on our IPv6 addressing. My organization is large enough that we have a /32. And we're trying to keep to the /64 subnet boundary so we can still use SLAAC if we choose to.

But we're having a disagreement on whether to continue layer 3 access, especially in light of IP fabrics and CRB.

  • In our existing design, every access switch stack will get its own IPv6 addressing for production/VoIP/management.
  • In an IP fabric design with CRB, a building has single production/VoIP/management subnets.

The objection to CRB is that we go back to having a building-wide broadcast domain and more difficulty identifying the switch stack. (Example: if a production subnet is 10.47.88.0/24 and we see an IP 10.47.88.36, DNS resolution on 10.47.88.1 will tell us the switch stack, as that's the gateway IP. We're still flailing in our automation chops. Acknowledged.)

So I'm looking for input from people who have implemented IPv6 in a L3 access and want to know what you did. Is the broadcast domain size still a concern? Did you maintain individual subnets per stack? Are you switching to a fabric? Did you change to CRB (regardless of a fabric or not)? Any other input?



No comments:

Post a Comment