Re: IPv6 fc00::/7 — Unique local addresses
Ray Soucy
rps at maine.edu
Thu Oct 21 11:59:37 UTC 2010
Sorry for the double post. From re-reading the thread it doesn't
sound like you might want ULA at all.
The mindset of using RFC1918 space, throwing everything behind a NAT
box, and not having to re-configure systems when you change ISP
doesn't exist in IPv6. There is no IPv6 NAT (yet).
If you wanted to setup an "island" of IPv6 that would never talk to
the Internet, then you could use ULA, but that would only be needed if
you plan on routing between LANs. Remember that by default every IPv6
host has a link-local address allowing it to talk to any directly
connected hosts without configuration. So if you're simply looking
for some sort of ad-hoc network, it's likely already there.
As much as I hate NAT and want to see it go away. I think the biggest
transition mechanism for people to get online with IPv6 will be some
sort of appliance that does NAT of global IPv6 addresses to private
IPv4 addresses to keep all the people living in the NAT world from
having to redesign their networks. It's ugly, but its the path of
least resistance and that's likely what will happen when we see IPv6
become required to do business... at least as a stepping stone.
The idea to use multiple PA IPv6 allocations and have multiple GUAs
for each host wasn't a bad one. It would certainly make the Internet
routing table a lot more stable to not have everyone touching BGP...
But they failed to fix DNS in a way that would make it possible. We
already have priority for MX records. If we had priority for all
records, and resolvers would remember when one was unreachable for a
short time, then yes, you could have www.yourdomain.com point to
multiple PA GUAs and if one was down users would nicely fail-over to
the other. Unfortunately, if you have a host record with multiple
AAAAs and one of them is unreachable, it will just mean that for some
users the request will time out (as its just doing a round-robin and
not trying others when things don't respond).
In theory, you could try to get around the limitation by having a TTL
of 30 seconds or something on your records, and have a system that
would update DNS records when a connection dropped, but that's
assuming people aren't deciding to set minimum cache times of their
own.
I think the best model possible with existing technology that's
available is to separate L2 and L3 and use provider redundancy at L2
(multiple ME transport providers to your single, redundant, L3 transit
provider). If you need more redundancy that that, you're likely using
BGP for IPv4 already, anyway.
The real problem never goes away, though. People like the operational
control and simplicity that they get with NAT. If the provider goes
down, they still work internally, if they have multiple providers, the
internal network doesn't care which is active, and if they need to
host services, they usually go with a hosting company off-site. I
really don't think it will be long before we see some magic IPv6 NAT
boxes start to pop up, whether or not standards exist for them, and it
will be and ugly nightmare.
IPv6 is simple enough for larger networks (like universities and
governments) but very little attention has been giving to the SMB
community and their needs with IPv6.
On Thu, Oct 21, 2010 at 7:33 AM, Ray Soucy <rps at maine.edu> wrote:
> For for all intents and purposes if you're looking for RFC1918 style
> space in IPv6 you should consider the block FD00::/8 not FC00::/7 as
> the FC00::/8 space is reserved in ULA for assignment by a central
> authority (who knows why, but with that much address space nobody
> really cares).
>
> People may throw a fit at this, but as far as I'm concerned FD00::/8
> will never leave the edge of our network (we null route ULA space
> before it can leak out, just like you would with RFC1918 space). So
> you can pretty much use it has you see fit. If you want to keep your
> ULA space short there is nothing stopping you from using something
> like FD00::1 as a valid address.
>
> You could embed your ASN into it or some other identifier if you want
> to avoid conflicts with other non-routed address space which should
> never enter or leave your network from the outside, but I'm just not
> seeing the practical application for this.
>
> On Wed, Oct 20, 2010 at 5:48 PM, Jeroen van Aart <jeroen at mompl.net> wrote:
>> <IPv6 newbie>
>>
>> According to http://en.wikipedia.org/wiki/IPv6_address#Special_addresses an
>> fc00::/7 address includes a 40-bit pseudo random number:
>>
>> "fc00::/7 — Unique local addresses (ULA's) are intended for local
>> communication. They are routable only within a set of cooperating sites
>> (analogous to the private address ranges 10/8, 172.16/12, and 192.168/16 of
>> IPv4).[12] The addresses include a 40-bit pseudorandom number in the routing
>> prefix intended to minimize the risk of conflicts if sites merge or packets
>> are misrouted into the Internet. Despite the restricted, local usage of
>> these addresses, their address scope is global, i.e. they are expected to be
>> globally unique."
>>
>> I am trying to set up a local IPv6 network and am curious why all the
>> examples I come accross do not seem to use the 40-bit pseudorandom number?
>> What should I do? Use something like fd00::1234, or incorporate something
>> like the interface's MAC address into the address? It'd make the address
>> quite unreadable though.
>>
>> Thanks,
>> Jeroen
>>
>> --
>> http://goldmark.org/jeff/stupid-disclaimers/
>> http://linuxmafia.com/~rick/faq/plural-of-virus.html
>>
>>
>
>
>
> --
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone: +1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/
>
--
Ray Soucy
Epic Communications Specialist
Phone: +1 (207) 561-3526
Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/
More information about the NANOG
mailing list