nanog mailing list archives
Re: Re: IPv6 fc00::/7 — Unique local addresses
From: Mark Andrews <marka () isc org>
Date: Thu, 21 Oct 2010 11:37:33 +1100
In message <AANLkTikxiibdH-3pggKAGxpU9KY0OyX-GczsQ8AjFomS () mail gmail com>, Jame s Hess writes:
On Wed, Oct 20, 2010 at 4:48 PM, Jeroen van Aart <jeroen () mompl net> wrote:<IPv6 newbie>these addresses, their address scope is global, i.e. they are expected to beglobally unique."The ULA /48s are hoped to only be globally unique, but this only has a good chance of happening if all users pick good random numbers as required, which will often be 'hard to read'. should any two networks pick non-random numbers, they could easily conflict, breaking expectations. My suspicion is that in the future it is going to happen routinely, esp. if ULA becomes to IPv6 what RFC1918 space is to IPv4, with most end user networks implementing NAT66 to translate "private" /48 ULAs to their site's "public" /48 assignment from their ISP.
Way to much "IPv4 think" here. Just use multiple prefixes. It just works. You talk to the external world using the prefix your ISP provides and you talk to your internal machines using the ULA prefix you choose. No need for NAT66. You move to a new ISP the machines just add a AAAA record to the DNS for themselves and remove the old AAAA record.
I can imagine generic $50 IPv6 broadband routers getting distributed en-masse that hardcode all bits 0 ULA NAT66 by default, and expect the user to change the LAN IP subnet / NAT config from the defaults, sometime while they're setting it up, probably at the same time they change the admin password.
Or just have the CPE generate a ULA prefix correctly and write it to NVRAM so you don't need to re-generate it. The internal prefix / addresses *WILL* leak. We know this from our experiences with RFC 1918 addresses. Any CPE vendor that fails to generate random ULA prefixes should be shot.
You know... the type of router a residential user plugs in, and they "just work", and if the user forgets to follow any setup or config directions, just pulls an IP via DHCP and sticks with some insecure defaults. But it would still be a big improvement from what is available with V4. -- -Jh
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: IPv6 fc00::/7 — Unique local addresses, (continued)
- Re: IPv6 fc00::/7 — Unique local addresses Mark Smith (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Owen DeLong (Oct 21)
- Re: IPv6 fc00::/7 — Unique local addresses Owen DeLong (Oct 21)
- Re: IPv6 fc00::/7 — Unique local addresses Brandon Ross (Oct 21)
- Re: IPv6 fc00::/7 — Unique local addresses Owen DeLong (Oct 21)
- Re: IPv6 fc00::/7 — Unique local addresses William Herrin (Oct 21)
- SixXS ULA Registry clarifications / questions / comments (Was: IPv6 fc00::/7 — Unique local addresses) Jeroen Massar (Oct 21)
- Re: SixXS ULA Registry clarifications / questions / comments (Was: IPv6 fc00::/7 — Unique local addresses) Owen DeLong (Oct 21)
- Re: Re: IPv6 fc00::/7 — Unique local addresses Mark Andrews (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Owen DeLong (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Mark Smith (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Matthew Kaufman (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Mark Smith (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses James Hess (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Mark Smith (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Matthew Kaufman (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Mark Smith (Oct 20)
- RE: IPv6 fc00::/7 — Unique local addresses George Bonser (Oct 20)
- Re: IPv6 fc00::/7 — Unique local addresses Mark Smith (Oct 20)