Create IPv6 sub-prefixes

This page describes how to divide your public delegated prefix into sub-prefixes. There are two types or modes for sub-prefixes, with different functions:

  • For further delegation: Sub-prefixes that you assign to a specific project, and can further divide into smaller sub-prefixes (--mode=DELEGATION).

  • For forwarding rules: Sub-prefixes that you assign to a specific project, and use as a source of regional external IPv6 addresses for forwarding rules in that project (--mode=EXTERNAL_IPV6_FORWARDING_RULE_CREATION). You choose a prefix length for the IPv6 addresses at the time that you create the sub-prefix. The forwarding rules can be used for external passthrough Network Load Balancers only.

You can't change the mode of a sub-prefix. If needed, you can delete it and then recreate it. Before you can delete a sub-prefix, it must not be in use by any resources.

IPv6 sub-prefix specifications

The following table describes some of the specifications for creating IPv6 sub-prefixes.

Configuration Regional (v2)
Public advertised prefix Minimum size (maximum prefix length) is /48
Public delegated prefix (top level, not sub-prefix)

Can be the same size or smaller (have a longer prefix length) than the parent public advertised prefix

Valid lengths: /32, /40, /48, or /56

The difference between the prefix length of a top level public delegated prefix and its parent public advertised prefix can't be greater than 24
Sub-prefix

Can be the same size or smaller (have a longer prefix length) than the parent public delegated prefix

Valid lengths: /32, /40, /48, /56, /64, or /72

The difference between the prefix length of a sub-prefix and its parent public delegated prefix can't be greater than 24
Allocatable prefix for forwarding rules

Must be smaller than the parent public delegated prefix—the difference between the allocatable prefix length and the parent sub-prefix length must be at least 8, and can't be greater than 32

Default lengths:

  • If the parent sub-prefix's length is /64 or /72, the default allocatable prefix length is /96
  • Otherwise, the default allocatable prefix length is /64

Before you begin

  1. Create an IPv6 public advertised prefix.
  2. Create an IPv6 public delegated prefix.

Roles

To get the permissions that you need to complete the tasks in this guide, ask your administrator to grant you the Compute Public IP Admin (roles/compute.publicIpAdmin) IAM role on your project. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create IPv6 sub-prefixes for further delegation

You can divide a public delegated prefix into smaller IP address ranges by creating a sub-prefix. A sub-prefix is a public delegated prefix that has a public delegated prefix parent.

You can't edit a sub-prefix to change its name. As a best practice, choose generic names that won't need to change—for example, sub-2001-db8-0-0-0-0-0-0-40, where sub denotes the resource type and 2001-db8-0-0-0-0-0-0-40 denotes the specific prefix and prefix length.

A public delegated prefix can be sub-delegated up to three times from a public advertised prefix. For example, if you have a public advertised prefix with IP address range 2001:db8::/32, you can do the following:

  • Create a public delegated prefix with IP address range 2001:db8::/40 from the public advertised prefix.
  • Create a sub-prefix with IP address range 2001:db8::/48 that has the previous public delegated prefix as its parent.
  • Create a sub-prefix with IP address range 2001:db8::/56 that has the previous sub-prefix as its parent.

At this point, you cannot create further sub-prefixes that have the 2001:db8::/56 sub-prefix as a parent.

Console

  1. In the Google Cloud console, go to Bring your own IP.

Go to Bring your own IP

  1. Click the public delegated prefix that you want to subdivide.
  2. Click Create sub-prefix.
  3. Enter a Name and optional Description for the sub-prefix.
  4. Select a Prefix length for the sub-prefix.
  5. In IPv6 range, enter an IPv6 address range to assign to the sub-prefix.
  6. In How this PDP will be used, select Subdivide into smaller PDPs.
  7. Select a Project for the sub-prefix.
  8. Click Create.

gcloud

To create a sub-prefix for further delegation, use the public-delegated-prefixes create command

gcloud compute public-delegated-prefixes \
    delegated-sub-prefixes \
    create SUB_PREFIX_NAME \
    --range=SUB_PREFIX_RANGE \
    --mode=DELEGATION \
    --public-delegated-prefix=PDP_NAME \
    --public-delegated-prefix-region=PDP_REGION \
    --delegatee-project=PROJECT_ID

Replace the following:

  • SUB_PREFIX_NAME: a name for this sub-prefix

  • SUB_PREFIX_RANGE: the IP address range for this sub-prefix.

  • PDP_NAME: the parent public delegated prefix of this sub-prefix.

  • PDP_REGION: the region for this sub-prefix.

  • PROJECT_ID: the project to delegate the sub-prefix to. If the --delegatee-project flag is omitted, the sub-prefix is created in the same project as the parent public delegated prefix.

Create IPv6 sub-prefixes for forwarding rules

You can create IPv6 sub-prefixes that are used to allocate regional external IPv6 address ranges to forwarding rules.

When you create IPv6 sub-prefixes for forwarding rules, you can't further sub-divide that prefix.

All IP addresses in the sub-prefix are made available; there is no reserved network address or broadcast address.

Console

  1. In the Google Cloud console, go to Bring your own IP.

    Go to Bring your own IP

  2. Click the public delegated prefix that you want to subdivide.

  3. Click Create sub-prefix.

  4. Enter a Name and optional Description for the sub-prefix.

  5. Select a Prefix length for the sub-prefix.

  6. In IPv6 range, enter an IPv6 address range to assign to the sub-prefix.

  7. In How this PDP will be used, select Allocate IPv6 address ranges for use.

  8. In Allocatable prefix length, select the prefix size for the IPv6 address ranges.

  9. In Project, select the project that you want to use the sub-prefix in.

  10. Click Create.

  11. Click Create addresses.

gcloud

To create a sub-prefix to use to create forwarding rules, use the public-delegated-prefixes create command

gcloud compute public-delegated-prefixes \
    delegated-sub-prefixes \
    create SUB_PREFIX_NAME \
    --range=SUB_PREFIX_RANGE \
    --mode=EXTERNAL_IPV6_FORWARDING_RULE_CREATION \
    --allocatable-prefix-length=PREFIX_LENGTH \
    --public-delegated-prefix=PDP_NAME \
    --public-delegated-prefix-region=PDP_REGION \
    --delegatee-project=PROJECT_ID

Replace the following:

  • SUB_PREFIX_NAME: a name for this sub-prefix.

  • SUB_PREFIX_RANGE: the IP address range for this sub-prefix.

  • PREFIX_LENGTH: the prefix length for the IPv6 address ranges that are used by forwarding rules. The default values depend on the prefix length of SUB_PREFIX_RANGE. For more information, see Sub-prefix specifications.

  • PDP_NAME: the parent public delegated prefix of this sub-prefix.

  • PDP_REGION: the region for this sub-prefix.

  • PROJECT_ID: the project to delegate the sub-prefix to. If the --delegatee-project flag is omitted, the sub-prefix is created in the same project as the parent public delegated prefix.

List prefixes

You can list all public advertised prefixes and public delegated prefixes (including sub-prefixes) in a project.

Console

  1. In the Google Cloud console, go to Bring your own IP.

    Go to Bring your own IP

  2. All public advertised prefixes, public delegated prefixes, and sub-prefixes are displayed.

gcloud

To list public delegated prefixes, including sub-prefixes, use the public-delegated-prefixes list command.

gcloud compute public-delegated-prefixes list

What's next