How does VLAN subnetting work on IPv6?

Question

I have a network with about dozen VLANs, most with inter-VLAN routing, some without. They might talk to each other but not to the other's gateway. It's not divided because of security or congestion, it's more like there are VLANs are for the servers, some exit locally to my ISPs, some are VPNed into another region, some is throttled, some are DMZ landing places for VPS...and of course there's one that's public. So VLANs are crucial for routing the traffic to the right places without assigning fixed IP addresses.

Just now I'm realizing that the broadcast domain is actually the key piece here but I'm still confused so I'll continue.

I've been reading up on IPv6 for a couple of days now and I'd like to divide a single /64 block into more or less what I have no but from what I can gather reading article, forums and some papers it's not advisable to go into smaller blocks. I did read something about how there's a subnet identifier built into the IPv6 address.

How can I divide a /64 block while all the clients get the same /64 prefix and I can still separate them on VLANs assigned with RADIUS as I'm doing right now?

I'd like for each clients get more or less the same address space without necessarily being a fixed IP no matter which AP or ethernet port it connects to.

Should I just eff it and go with longer prefixes and have the router or L3 switch(es) do the heavy lifting communicating the select VLANs back together? I'm afraid of getting asymmetric routing and resetting the network would be a major PITA even with backups; some of it is very far away connected by long-distance wireless links.

I appreciate your help; I can't find a specific enough answer relative to actual separation of segments, most are concerning only to the address space.

Answer 1

VLANs are layer 2 constructs, not layer 3. You pass frames inside a VLAN regardless of layer 3 protocol by switching. For crossing VLAN boundaries, a router is required.

Just like with IPv4, if you subnet an IPv6 network you need to grow the network mask/prefix, e.g. you can subnet a /56 network into 256 /64 networks (or just two /57 networks for that matter).

The beauty of IPv6 is that it's completely normal to use multiple different prefixes within a single network at the same time. So, if you need to renumber at any time you just put a new prefix on top, let it propagate through and then you remove the old prefix.

Answer 2

As has been indicated by others VLANs are a layer 2 construct and thus are not relevant to the how to subnet IPv6 question, though I can see why people conflate VLANs and IP subnets because they often go hand in hand when implementing an addressing scheme.

Also, as you found in your research IPv6 should not really be subnetted into anything smaller than /64. The correct solution is to get a bigger network allotment from your upstream provider. For business purposes you should be starting with a /48 allotment from your provider. Even for home use ISPs offering IPv6, such as Comcast which I'm using for IPv6 at home, will give you a /60 allotment allowing for 16 subnets. So this is the "correct" way to do things.

That said, I don't know of any technical reason why it would be impossible to subnet into something smaller than an /64 EXCEPT that it will likely break almost all IPv6 automatic addressing methods which rely on having 64 bits for the host ID. This would include SLAAC and stateless DHCP for certain, and likely stateful DHCP. Finally, the OS IPv6 driver on the clients and/or network devices may refuse to accept a prefix length less than 64.

**Edit: I should clarify what I meant by no technical reason will prevent it from working. Really I meant no mathematical reason will prevent it from working. The binary math is all the same. However, the services which make IPv6 function (neighbor discovery, etc.) essentially require /64 host IDs. TL;DR, get something bigger than a /64 if you need to actually work with a subnetted network.