none
Will iPv6 make the creation of VLANs a thing of the past?

    Question

  • I just bought an HP 2910 series Switch, Managed Layer 3 routing and iPv6 compliant. In addition I have a CISCO Switch, equally Layer 3 Managed and iPv6 compliant.

    I plan to setup my new network based on iPv6. This includes also the WAN connection, so not just my internal network.

    Considering the fact that each host in an iPv6 network will have an iPv6 address which is directly related to the MAC address of the NIC in the host, how would it be possible to create iPv6 based segments in the network with VLANs?

    In the iPv4 world the maximum number of hosts in an IP range is limited, hence one would be able to determine which hosts should belong to a VLAN. However in the iPv6 world this would be a very very large pool and as a consequence pretty difficult to determine (assuming thousands of hosts).

    Or am I missing something here?

    I look forward to your feedback.

    Monday, April 16, 2012 3:04 PM

Answers

  • IP protocols are used for much more than just the web and it is false that a web server can identify a user or even a computer without the user providing that  information in the first place. This is a much bigger deal than the ignorant masses communicating with their high school "friends". Google analytics can track down source IPs and provide ISP information but not user information.

    Being able to see which computer, as identified by a hardware address, is sending IP packets, that's a big deal.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Sunday, June 17, 2012 1:17 AM

All replies

  • Maybe, but don't confuse VLANs with subnets. They are two very different things although most organizations have a 1 to 1 mapping between them, this is just a convention.

    Also note that the use of the MAC address in the IPv6 address is deprecated because of privacy concerns. Windows 7 does not do this by default.

    Also, don't confuse IP addresses with subnetting concepts in general. IPv6 addresses are 128-bits in length, MAC addresses are only 48-bits so even if you are using MAC addresses in the IP address, you still have 80 bits available for the subnet.

    In the IPv6 world, the number of hosts on a subnet is also limited, its jus ta lot bigger. The reason for the smaller numbers in IPv4 was because of the extensive use of broadcasting and its negative effect and bandwidth consumption. With IPv6, there is no such thing as boradcasting; that is combinatin with the much larger amounts of bandwdith available on today's networks reduces/eliminates the need for the large amounts of subnettiung used today.

    For IPv6, same as IPv4, you can simply look at the subnet mask to figure out which subnet the client is actually on.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Monday, April 16, 2012 7:30 PM
  • Jason, thank you for your response.
    My understanding of a VLAN is that I can create, in an iPv4 world, a LAN (or VLAN) e.g. 10.24.149.0 with subnetmask 255.255.255.0. In addition I can create a VLAN with an IP range e.g. 10.25.150.0 with subnetmask 255.255.255.0. I can continue creating a number of VLAN. 

    Different subnets would be e.g. 10.24.149.0 with subnetmask 255.255.255.0 and another one e.g. 10.24.149.0 with subnetmask 255.255.254.0. These are NOT VLANs, as I understand.

    OK, so in a VLAN with iPv4, I can have a max of 254 hosts. So, I can hav a max. of 254 hosts in a VLAN-pool.

    Considering the fact that I can have an unlimited number of hosts in an iPv6 world because of the fact that each host is identified by the MAC address (it is my understanding that an iPv6 address always includes the MAC address), a VLAN-pool equally could consist of an (almost) unlimited number of hosts.

    Assume I have 12 hosts. I want 6 hosts in an iPv6 based VLAN and the other 6 in a different iPv6  based VLAN. How am I going to accomplish this? Should I determine the MAC address of each hosts NIC? I think there is no such thing as a iPv6 based DHCP server, isn't?

    Jason, you notice that I am a newbee on this subject, so please be patient with me if you consider me to post non-expert questions. Thanks for your understanding. Look forward to your feedback.

    Kind regards,


    switch6343

    Friday, April 20, 2012 12:20 AM
  • As mentioned, don't confuse VLANs with subnets. Subnets (what you are describing above; e.g., 10.25.150.0/24) are an IP address concepts and are part of the layer three network stack. VLANs are a layer two network concept that have nothing to do with IP addressing; there are very distinct concepts. Also as mentioned, most organizations have a 1 to 1 mapping of their VLANs to subnets and thus the misperception that they are the same thing.

    Thus, a VLAN is not limited in any way by number of hosts. Subnets with a 24-bit subnet mask (255.255.255.0) are limited to 254 hosts because there simply are only 254 IP addresses in those subnets.

    IPv6 addresses (as mentioned) are no longer based in any way on MAC addresses in Windows 7+.

    Yes, there actually are DHCP servers for IPv6 but IPv6 also automatically assigns IPv6 addresses to systems and was designed to work without them.

    Why do you need/want multiple subnets?


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, April 20, 2012 3:49 AM
  • "Also note that the use of the MAC address in the IPv6 address is deprecated because of privacy concerns. "

    YOU are right saying this. BUT: Folks are using both cookies and Google analytics! So what is the point whether a cookie is transferred via IPv4 or IPv6? In either case the client computer, or even the user, can be identified by the web server.

    And if someone is both concerned about her privacy AND is using Facebook, that makes me *LOL*!

    Friday, June 15, 2012 6:54 PM
  • IP protocols are used for much more than just the web and it is false that a web server can identify a user or even a computer without the user providing that  information in the first place. This is a much bigger deal than the ignorant masses communicating with their high school "friends". Google analytics can track down source IPs and provide ISP information but not user information.

    Being able to see which computer, as identified by a hardware address, is sending IP packets, that's a big deal.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Sunday, June 17, 2012 1:17 AM
  • One point in this discussion that seem to be missing (or not specified enough) is that because VLANs are living on layer 2, and subnets are living on layer 3, you can easily create many identical subnets on different VLANs.

    For example, you could "create" a vlan numbered "1", and assign the subnet 10.1.1.0/24 to that vlan.
    Then you could create another vlan numbered "2" and assign the same subnet to that vlan.
    The computrs on these two vlans obviously would not be able to talk to each other, because of the "blocking" on layer 2 (different VLANs).

    I'm not an expert, but you could do some advanced routing (OSPF?) to correctly route between those subnets (in different VLAN's) if you need to, but for it to work you'll need unique ip-addresses across subnets. If you don't care about routing between the hosts on the subnets you really don't have to do anything.

    Please correct me if I'm wrong and please fill in the blanks, but this is the way I understand it.

    Wednesday, August 16, 2017 5:37 PM