Correction #8865

Feedback on Networking Concepts — IPv6 — IPv6 Subnetting

Added by Rick Coats about 1 year ago. Updated 8 months ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Documentation:
pfSense Documentation site (Wiki)



IPv6 Subnet Table
IPv6 Subnet Table shows examples of Prefix with numbers greater than 64 (ie 68 – 128). In reality ipv6 subnets cannot be greater than /64.
Per RFC 4291 Section 2.5.4. Global Unicast Addresses
“All Global Unicast addresses other than those that start with binary 000 have a 64-bit interface ID field (i.e., n + m = 64), formatted as described in Section 2.5.1.”
IPv6 global unicast addresses consist of 64 bits of global routing prefix and subnet ID and 64 bits of interface ID. The only special exceptions are those which are granted to large ISPs for point to point links, but these must be kept separate from the rest of IPv6 since they break IPv6.
So that new users are not confused it would be better to delete the table lines after 64 prefix.

The paragraph:
“Assignments larger than /64 usually adopt the first /64 for LAN and subdivide the rest for requirements such as VPN tunnel, DMZ, or a guest network.”
Should be just deleted since it isn’t allowed in the RFC IPv6 spec to subdivide a /64 in the general user case, especially not in the specific examples given.


#1 Updated by Jim Pingle 8 months ago

  • Status changed from New to Rejected

You have misread what the page is stating. The table is primarily to indicate the enormity of the IPv6 space.

Networks with a prefix longer than /64 are in use by ISPs for routing, we aren't going to ignore them in the docs just because they go against RFC recommendations.

The last sentence you quoted about VPN tunnels, DMZ, and so on is saying that if you get allocated a larger block like a /48 or /56, the first /64 is typically for the LAN, then other /64 networks are used for the other purposes. It is not saying to divide up a /64.

Also available in: Atom PDF