Help:Range blocks/IPv6

See Help:Range blocks for the main page on rangeblocking, and for IPv4. Like IPv4, IPv6 rangeblocks are limited by $wgBlockCIDRLimit, which by default allows rangeblocks of up to /19 in size. Versions before MediaWiki 1.20wmf5 were supplied with a stricter limitation to /64.

Technical explanation
IPv6 addresses are each 128 bits long. Because each digit in an IPv6 address can have 16 different values (from 0 to 15), each digit represents the overall value of 4 bits (one nibble), with 32 digits total. As with IPv4, CIDR notation describes ranges in terms of a common prefix of bits. For example 2001:db8::/32 means that the range described has the first 32 bits set to the binary digits 00100000000000010000110110111000. Also like IPv4, MediaWiki implements IPv6 rangeblocks using CIDR notation.

Collateral damage
The best guideline for assessing collateral damage for an IPv6 rangeblock is to check the WHOIS, and the actual amount of activity from the range. MediaWiki's recent versions support looking up a range's contributions with Special:Contributions, e.g. Special:Contributions/2001:db8::/32 (note that the latter range will not return any edits).

A minimum /64 subnet for a connection is a practical requirement of IPv6. IPv6 requires minimum /64 subnetting as any deviation from this breaks a great number of IPv6 protocols; and it will also be needed for future developments. The only exception to longer than /64 subnetting is for certain connections where many IPv6 features are not needed, for example a 126-bit subnet for point-to-point inter-router linking. But this is not relevant for IPv6 rangeblocking since no enduser will have addresses of this sort.

Like in IPv4, where a single static IPv4 address may supply a household or institution of some kind, a static IPv6 /64 range may also supply a household or institution, so multiple users can be affected by /64 rangeblocks.

Note that IPv6 /64 ranges are unlikely to be a dynamic, rather they are static, and do not change for an end-user. This is due to the large number of available IPv6 addresses, meaning dynamic allocation is unnecessary. An exception to this is the rising use of IPv6 for mobile broadband access; these IPs are allocated dynamically within certain ranges, and blocking these (whether IPv4 or IPv6) are unlikely to be successful, as they are easily circumvented and risk collateral damage.

How to calculate an IPv6 CIDR range
Although similar principles also apply to IPv4, the fact that hexadecimal digits correspond to exactly one nibble (4 bits) each simplifies the calculation somewhat.
 * 1) Find the common prefix - that is, the string of digits shared by all of your addresses.
 * 2) Expand the common prefix completely (including redundant zeros), and multiply the total number of digits by 4 - that's the size of your common prefix.
 * 3) Use the table below, and add the specified number to your prefix size (this is your CIDR suffix, the number of bits common to all addresses in the range). Append the specified digit to the common prefix you found above. Complete the group of four digits with zeros if necessary.
 * 4) The CIDR is then [common prefix (with additional digit as specified by table below, followed by zeros as necessary to keep the group of four digits complete)]/[common prefix length (plus 1,2, or 3 as specified by the table below)].

Prefix modification table
Example: If your prefix is 2001:db8:abcd:: (completely expanded to 2001:0db8:abcd::), and you have addresses like 2001:db8:abcd:9000:abe:: and 2001:db8:abcd:a000::, you'd use the entry saying that the digits after your prefix match 8-b, append 8 to the prefix, and add 2 to your common prefix's size. This would generate 2001:db8:abcd:8000::/50.

Range table
The color-coding is approximate, and there will be overlaps. Keys

Tools

 * ip-range-calc
 * NativeForeigner's IP range calculator
 * IP Subnetting and CIDR Calculator
 * Template:IP range calculator
 * IPv6 Subnet Calculator