I'm putting together my first IPv6 allocation plan. The general layout: /48 for customers universally and uniformly /38 for larger regions on an even (/37) boundary /39 for smaller regions on an even (/38) boundary A few /48's for "internal use" to allow us to monitor and maintain systems.
For security sake, do I need (am I better off) to "reserve" a "management block" (/39, /40, /41 or something of that nature) that does NOT get advertised into BGP to my upstreams, and use that for my device management and monitoring address space? In other words, make a small "private" address space for management? What are folks doing around that? If I have to do 6-to-4 conversion, is there any way to do that with multiple diverse ISP connections, or am I "restricted" to using one entry/exit point? (If that's true, do I need to allocate a separate block of addresses that would be designated "6 to 4" so they'd always be routed out that one entry/exit point?)