The mess of IPv6 Unique Local Addressing

IPv6 unique local addressing has been a popular topic over the years. From its humble beginnings, replacing site-local, to the surge of interest within service providers, enterprise, and casual users due to the wealth of content now available on IPv6 and the prevalence of availability within major consumer ISPs, it has become quite a polarizing topic in the technical communities that are diving head first into the modern, current networking protocol – IPv6.

As defined by RFC4193: 

“This IETF standards document defines an IPv6 unicast address format that is globally unique and is intended for local communications.  These addresses are called Unique Local IPv6 Unicast Addresses and are abbreviated in this document as Local IPv6 addresses.  They are not expected to be routable on the global Internet.  They are routable inside of a more limited area such as a site.  They may also be routed between a limited set of sites.”

One mistake that is repeated over, and over, and over, and over is the desire to replicate RFC1918 space – and one can understand why: Networks have been built with private IPv4 addressing for over two decades now, and in that span of time vendors, FOSS projects, and pundits have championed NAP-T (Or NAT masquerading) as a part of the requisite security suite. Right or wrong, that is the common belief, so, when folks start thinking about their dual-stack IPv6 deployments, often one of the first thoughts is “how can I make this like what I already have?”. This line of thinking inevitably leads to thoughts of Unique Local Addressing. Now, many folks have written and talked about this. There is no end of content detailing out ULA, its flaws, it’s uses, and a wealth of folks that have not really tested it but continue to discuss it. A few of us have even written a now WG accepted IETF draft to address some of the misconceptions, considerations, and consequences of using ULA. Rather than details them out here, I submit a talk I gave on the use of ULAs, and what should be considered before deciding on a strategy.

TL;DR:

  • Operating systems treat IPv4 space equally
  • Operating systems do not treat all IPv6 equally (by design)
  • Care must be taken when ULA is used because:
    • Operating systems will ignore its existence in the presence of IPv4 without intentional customization, requiring notable operational overhead
    • While unique based on a 40bit randomization, there is the chance it can overlap.
    • Without quirky hacks, it is limited to a /48 in size 

Sounds crazy, right? This video of the entire talk explains it better than I can likely type out. The real point is that there isn’t really an analog for private IPv4 space, so moving to IPv6 will take a little bit of care, a lot of learning, and a fair amount of perspective.

Slides for the talk.