Skip to main content

IPv6 Subnetting - How and Why to Subnet IPv6

In the previous tutorials, I went through the need for IPv6, and followed it up by drawing out the salient features which overcomes issues with IPv4. We took the journey of looking inside the headers, the structure and purpose of each and every extension headers. By now I sincerely hope, as readers, you all have got a good grasp of what entails this new protocol.

In this tutorial, I will be talking about subnetting. Subnetting is one of the most talked about, practiced, and supposedly confusing topics encountered by network professionals. In retrospect, all I would say, and do take it as a personal opinion, subnetting is one of the easiest things that can be mastered. The question you might ask is, why do we need to do subnetting if IPv6 already caters to the need for an absurd amount of IP addresses? Yes, I would agree to it at first but because IPv6 does make itself and subnetting two very disjoint terms. I might say, subnetting decreases broadcast traffic, but then you can counter it by saying IPv6 doesn’t have broadcast traffic. It does become difficult to justify.

However if you see it logically, you will still need reduce unnecessary network traffic. Subnetting also will give you an element of security. You can force people to follow a certain route, or even go through a specific router, where you can apply security policies.

For network administrators, subnetting increases flexibility in designing networks, route summarisation becomes easy, routing itself becomes efficient and management of networks improves. If you are given a /48 subnet to work with, you will have more than enough spaces to work with i.e. you get 65536 subnets with 18,446,744,073,709,551,616 hosts per subnet. I think that’s more than enough.

So, in all, subnetting is necessary in IPv6, but not for the reasons why we did it with IPv4.

Before diving into subnetting IPv6, I'd like to present a diagram which illustrates the differences between the IPv4 & IPv6 header. This will help understand the major structural differences between the two protocols. Notice the additional addressing space provided in the IPv6 Source and Destination Address which is now 128bit long (each), compared to 32bits in IPv4:

ipv6-ipv4-vs-ipv6-header

Courtesy of ls-a.org

Now, let us all exercise our birthright to subnet, and dig deeper into how we go about doing it. I can bet you, there are more than thousands of ways you can do this, and perhaps a similar if not greater number of videos on the web, that teaches you to do this as well. What follows is my personal humble attempt of practicing the dark arts, in perhaps a simple way possible.

An IPv6 subnet mask is written in hexadecimal, but let's start by explaining that IPv6 uses 128 binary digits for each IP address, as opposed to IPv4's 32 binary digits, and those 128 binary digits are divided into eight 16-bit words (8 x 16 = 128), like this:

0000000000000000.0000000000000000.0000000000000000.0000000000000000.0000000000000000.0000000000000000.0000000000000000.0000000000000000


It would be a little difficult to use IPv4's old octet notation for 128 bits, which might look like this:
182.222.101.003.255.074.112.200.000.010.135.016.208.192.136

So, a hexadecimal representation is used instead, which makes a little bit easier. Hexadecimal is a 16-digit numbering system, as opposed to binary's 2-digit system and decimal's 10-digit system. The 16 digits of hexadecimal run from zero to nine, then use the letters A to F: {0123456789ABCDEF}.

One 4-digit hex word represents 16 binary digits, like this:
Bin 0000000000000000 = Hex 0000 (or just 0)
Bin 1111111111111111 = Hex FFFF
Bin 1101010011011011 = Hex D4DB

So, this 128-bit binary address:

1111111111111111.1111111111111111.1111111111111111.1111111111111111.1111111111111111.1111111111111111.1111111111111111.1111111111111111
...would be represented by 8 hex words, separated by colons:

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

A full IPv6 subnet mask uses the same 8-hex-word format as an IPv6 address, although some tools allow you to specify only 1 hex word. 

Like IPv4, an IPv6 address has a network portion and a device portion. Unlike IPv4, an IPv6 address has a dedicated subnetting portion. Next we show how the ranges are divided in IPv6.

Network Address Range

In IPv6, the first 48 bits are for Internet routing.

1111111111111111.1111111111111111.1111111111111111.0000000000000000.0000000000000000.0000000000000000.0000000000000000.0000000000000000

Subnetting Range

The 16 bits from the 49th to the 64th are for defining subnets.

0000000000000000.0000000000000000.0000000000000000.1111111111111111.0000000000000000.0000000000000000.0000000000000000.0000000000000000

Device (Interface) Range

The last 64 bits are for device (interface) ID's:

0000000000000000.0000000000000000.0000000000000000.0000000000000000.1111111111111111.1111111111111111.1111111111111111.1111111111111111


The diagram below depicts a Global Unicast IPv6 address which has the following characteristics:

  • Address format that enables aggregation upward to the ISP.
  • 48-bit global routing prefix and a 16-bit subnet ID.
  • Allows for organizations to have up to 65535 individual subnets.

ipv6-address

Courtesy of ls-a.org

Subnetting Example

Let's assume there is a requirement to break your corporate network into 64 subnets. The binary mask just for the subnetting range would be 1111110000000000 which translates to a hex value of FC00. Some IPv6 masking tools will work with just this one hex word, otherwise a full 128-bit hex mask would be FFFF:FFFF:FFFF:FC00:0:0:0:0.

If you play around with converting values in the Windows Calculator (in scientific mode), remember to convert between binary and hexadecimal, not decimal and hex.

Before you ask, yes, it is possible to use bits in the device range for additional subnet masking, but you shouldn't need it. The 16 binary digits dedicated to subnetting and 64 binary digits available for devices give 65,535 subnets with over 18 quintillion devices per subnet. In addition, if you use some of the 64 bits in the device range for subnetting, then you can't use autoconfiguration tools because they expect all of the 64 bits on the right side to be dedicated to devices. So don't use any of the device bits for subnetting if you need IPv6 Autoconfiguration and if you don't know whether or not you need autoconfiguration, assume you do. And even if you know you don't need autoconfiguration, it's a good standard to use a 64-64 split for network/lan vs. device.

Those interested in IP4v Subnetting can read through our extensive IPv4 Subnetting tutorial.

Hope the tutorial quenches your thirst for IPv6 subnetting.

About the Writer

Arani Mukherjee holds a Master’s degree in Distributed Computing Systems from the University of Greenwich, UK and works as network designer and innovator for remote management systems, for a major telecoms company in UK. He is an avid reader of anything related to networking and computing. Arani is a highly valued and respected member of Firewall.cx, offering knowledge and expertise to the global community since 2005.

Your IP address:

18.223.125.157

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Zoho Netflow Analyzer Free Download

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast

Hornet-Security-The-Swarm-Podcast

Firewall Analyzer

zoho firewall analyzer