SixXS ULA Registry clarifications / questions / comments (Was: IPv6 fc00::/7 — Unique local addresses)

Thu Oct 21 11:03:28 UTC 2010

[subject changes, such a useful way to indicate something different ;) ]

On 2010-10-21 02:29, Mark Smith wrote:
> On Wed, 20 Oct 2010 19:39:19 -0400
> Deepak Jain <deepak at ai.net> wrote:
[..]
>> Though an algorithm is suggested in 3.2.2. Perhaps SIXXS uses it.

As stated at the bottom of the page:

"This page uses the Unique Local Address (RFC4193) Generator by SUZUKI
Shinsuke and Holger Zuleger. It uses oui.txt from the IEEE OUI Database
file."

> Anyway, the SIXXS tool seems pretty slick.

Thanks, but it effectively is just a call to the generator script as
mentioned above + a insert into SQL... thus nothing fancy there ;)
Thus thanks should go mostly to the above authors for their script that
generates the numbers properly (linked from the page of course)

> One thing I'm not keen on that sixxs have done is to create a voluntary
> registry of the non-central ULAs. By creating a registry, I think some
> people who use it will then think that their ULA prefix is now
> guaranteed globally unique and is theirs forever.

As the page mentions under Notes: "If everybody uses this registry
though, the chance for collisions should be near nil."

Indeed when somebody opts to not use this "registry", quite a big chance
that they do, or use some other "registry", then the system fails. Still
this just increases the probability of collisions, nothing else. (no
math to prove that though, like in the RFC :)

> If there ever was a
> collision, those people are likely to point to that completely
> voluntary registry and say "I had it first" and are likely to refuse
> to accept that the voluntary registry has no status or authority over
> the random ULA address space.

And then it becomes a fight to who is right, nothing that can be done
about that.

> There also doesn't seem to be any limiting of the number of prefixes.

Should there be? How would we limit anything?

> In an isolated network, which is where ULAs are supposed to be used,
> it's far less of a problem, because the only time the chance of
> collision occurs is if you interconnect with somebody else's ULA
> domain. However, as this sixxs registry implies it is a global one, and
> therefore there is a single instance of the fd::/8 address space,
> limiting the number of prefixes that are assigned would seem to me to
> be good idea. When I see examples such as -

Is there a problem that one entity has 7 /48's out of (2**(128-8-48))
possible ones... no I am not going to write out that number or write it
out in a percentage ;)

[..]
> or 458 752 subnets, and http://deticon.net isn't reachable via IPv6

Maybe because ULA is *LOCAL* address space. For that matter, as a great
example: you won't find 9.0.0.0/8 easily on the internet either, I can
tell you though that it is quite heavily used and completely filled up,
so far even that there are a lot more prefixes that that organization
uses for other purposes.

[..]
> IPv4 (and hasn't been for quite a while - I checked a few months ago
> when I discovered the registry), it seems to me that people have
> already misunderstood what it's purpose is, and that the database is
> already polluted with invalid entries that can't be verified for
> existence, and which also can't be expired via some invalidation
> mechanism, such as lack of payment of annual fees.

You want us to charge for virtual numbers which don't really exist? :)

For all entries we have an email address, at the time of registration
that email address was tested at least as having a proper configuration.
We could always, if we wanted but I don't see why, start spamming people
and ask them if their registration data is still correct.

If you really think that the list is polluted by some entries then don't
hesitate to mail info at sixxs.net and next to all the other things we do
we might be able to look into it.

There really are enough /48's in that /8 for everybody. At this moment
there are 1024 of them in there, I don't even think there is a
percentage number for that yet. I don't even think you are able to
generate a single ULA that will clash with one of the entries in the
list unless you generate a really large amount of them, cause well, that
is the whole point of the ULA generation algorithm in the first place.

As long though as there are this few entries, I really cannot see the
point for this.

If you want guaranteed globally unique address space there is a simple
way for you to already get this today and actually for the last 10 years:

 You go to your favorite RIR and you get a prefix.

Please remember that a prefix you get from the RIRs does not have a
requirement of being announced on the Internet, you can also use it to
interconnect between your own local networks. This is also the reason
why fc00::/8 will never be used, as it will be exactly the same as what
the RIRs are doing today already with 2000::/3.

Greets,
 Jeroen