Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, it's really the same thing with just different (and more structured) prefix lengths. In IPv4 you usually block a single /32 address first, then a /24 block, etc. In IPv6 you start with a single /128 address, a single LAN is /64, an entire site is usually /56 (residential) or /48 (company), etc.


Note that for the sake of blocking internet clients, there's no point blocking a /128. Just start at /64. Blocking a /128 is basically useless because of SLAAC.


Some cloud providers only give out /128 so it's fair to start blocking just a /128 at first.


Hmmm... that isn't my experience:

/128: single application

/64: single computer

/56: entire building

/48: entire (digital) neighborhood


A /64 is the smallest network on which you can run SLAAC, so almost all VLANs should use this. /56 and /48 for end users is what RIRs are recommending, in reality the prefixes are longer, because ISPs and hosting providers wants you to pay like IPv6 space is some scarse resource.

[1]: https://www.ripe.net/publications/docs/ripe-690/


Everyone at my isp is issued a /56 (and as far as I can tell, the entire country is this way).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: