IPv6 fc00::/7 — Unique local addresses

Wed Oct 20 23:58:14 UTC 2010

In message <20101021093109.06a50ea2 at opy.nosense.org>, Mark Smith writes:
> On Wed, 20 Oct 2010 14:48:47 -0700
> Jeroen van Aart <jeroen at mompl.net> wrote:
> 
> > <IPv6 newbie>
> >=20
> > According to http://en.wikipedia.org/wiki/IPv6_address#Special_addresses=
> =20
> > an fc00::/7 address includes a 40-bit pseudo random number:
> >=20
> > "fc00::/7 =E2=80=94 Unique local addresses (ULA's) are intended for local=
> =20
> > communication. They are routable only within a set of cooperating sites=20
> > (analogous to the private address ranges 10/8, 172.16/12, and 192.168/16=
> =20
> > of IPv4).[12] The addresses include a 40-bit pseudorandom number in the=20
> > routing prefix intended to minimize the risk of conflicts if sites merge=
> =20
> > or packets are misrouted into the Internet. Despite the restricted,=20
> > local usage of these addresses, their address scope is global, i.e. they=
> =20
> > are expected to be globally unique."
> >=20
> > I am trying to set up a local IPv6 network and am curious why all the=20
> > examples I come accross do not seem to use the 40-bit pseudorandom=20
> > number? What should I do?
> 
> Use a pseudo random number, not follow bad examples. Where are these
> examples? I'd be curious as to what they say regarding why they haven't
> followed the pseudo random number requirement.

Here is a real life example of the use of ULA's.  I used the following
command to get the 40 random bits in the prefix (92:7065:b8e).

dd if=/dev/random bs=5 count=1 | od -t x1

The border router is configured to block ULA traffic, gif0 is the
external interface on the border router.

// ULA border filter
add unreach admin all from any to fc00::/7 via gif0
add unreach admin all from fc00::/7 to any via gif0

If your OS supports it.  You configure the address selection rules
to prefer your ULA prefix when talking to your ULA prefix and then
to prefer non ULA to non ULA over general ULA to general ULA.  That
way you use ULA addresses for internal communication and non ULA
addresses for external communication.

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether e8:06:88:f3:4f:9c 
	inet6 fe80::ea06:88ff:fef3:4f9c%en0 prefixlen 64 scopeid 0x4 
	inet6 fd92:7065:b8e::ea06:88ff:fef3:4f9c prefixlen 64 autoconf 
	inet6 2001:470:1f00:820:ea06:88ff:fef3:4f9c prefixlen 64 autoconf 
	inet 192.168.191.240 netmask 0xffffff00 broadcast 192.168.191.255
	media: autoselect (10baseT/UTP <half-duplex>)
	status: active

> > Use something like fd00::1234, or incorporate=20
> > something like the interface's MAC address into the address? It'd make=20
> > the address quite unreadable though.
> >=20
> 
> DNS (including dynamic DNS, multicast DNS, and DNS service discovery) is
> intended to be used far more often in IPv6 than it was in IPv4. It was
> never going to be that possible to expand the size of the address space
> significantly without trading off 'rememberability'.
> 
> 
> The best way to understand ULAs is to read the RFC. It'd probably take
> about 15 to 20 minutes, and is quite readable (as are most if not all
> RFCs)
> 
> Unique Local IPv6 Unicast Addresses
> http://tools.ietf.org/rfc/rfc4193.txt
> 
> You may also wish to subscribe to the ipv6-ops mailing list for IPv6
> focused operations discussions.
> 
> http://lists.cluenet.de/mailman/listinfo/ipv6-ops
> 
> Regards,
> Mark.
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org