Re: using ULA for 'hidden' v6 devices?

[Jeroen Massar <jeroen () unfix org>]

On 2012-01-26 13:43 , Ray Soucy wrote:
> Local traffic shouldn't need to touch the CPE regardless of ULA or
> GUA.  Also note that we already have the link local scope for traffic
> between hosts on the same link (which is all hosts in a typical home
> network); ULA only becomes useful if routing is involved which is not
> the typical deployment for the home.

Lots of networks today already at home have separated wired and wireless
prefixes in the same home... it is getting more and more typical.

The thing is most home-kind-people tend to care that their devices can
talk to each other, they do care that those devices talk to the Internet.

> ULA is useful, on the other hand, if NPT is used.  NPT is not NAT, and
> doesn't have any of the nastiness of NAT.

The "nastiness of NAT" comes in at least two parts:
 - state in the NAT for tracking incoming/outgoing packets
 - NAT 'helpers': rewriting IP addresses inside packets

the latter is the worse of the two as when a protocol contains IP
addresses inside packets, eg like FTP has as the standard NAT example or
heck SIP for something more of today, then even with NPT where you just
swap out prefixes you will have a need for a helper as that internal
prefix is going to be embedded in those packets and will not be
available on the $internet for them to connect to.

As such, though the NPT trick sounds nice, it will not work and it is
still a NAT and will require helper modules for protocols that embed
addresses in their protocol. And those helper modules do squat when the
protocol is being crypted end to end, eg using SSL/TLS or even IPSEC.

[..]
> I'm also not sure what the correct answer is to using a randomly
> generated prefix vs. a predictable prefix for home networks.  ULA was
> an attempt to resolve address overlap for routed private networks in
> the event of mergers.  The majority of home users will never have this
> concern.

I guess you never tried to play a LAN version of a multi-player game
with friends that are still at home and then trying to route packets
between 192.168.0.0/24 at your own home and at the friends home, times 4
others in the same segment?

Indeed, that is why in ~1996 we where using 10.100.person.0/24 for the
100mbit segment and VPNd people together.

Indeed, that is not a majority (far from ;), but there are definitely
cases where this happens.

Also, it is mostly a non-issue, as ULA allows to be automatically
generated and various IPv6-enabled-router/IPv4-NAT boxes already do just
that: generate the ULA on bootup and store it in their config for
$lifetime. This works like a charm and is the way it was intended to work.

> Having a predictable prefix for home environments (ambiguous
> local addressing?) might be useful for documentation, troubleshooting,
> and support.

Don't let people bother with addresses, they have this wonderful thing
called Multicast DNS that gives them a nice router.local hostname etc.

(M-DNS is not something you want to have in a datacenter but for a home
network it is pretty nice)

Greets,
 Jeroen