Re: IPv6 fc00::/7 — Unique local addresses

Thu Oct 21 22:52:02 UTC 2010

In message <859028C2-9ED9-43FF-AAF9-6E2574048016 at delong.com>, Owen DeLong write
s:
> 
> On Oct 20, 2010, at 10:28 PM, Mark Andrews wrote:
> 
> >=20
> > In message <4CBFC1D0.60808 at apolix.co.za>, Graham Beneke writes:
> >> On 21/10/2010 02:41, Owen DeLong wrote:
> >>> On Oct 20, 2010, at 5:21 PM, Jeroen van Aart wrote:
> >>>> Someone advised me to use GUA instead of ULA. But since for my =
> purposes th
> >> is is used for an IPv6 LAN would ULA not be the better choice?
> >>>>=20
> >>> IMHO, no. There's no disadvantage to using GUA and I personally =
> don't think
> >> ULA really serves a purpose. If you want to later connect this
> >>> LAN to the internet or something that connects to something that =
> connects t
> >> o something that connects to the internet or whatever, GUA provides
> >>> the following advantages:
> >>> 	+	Guaranteed uniqueness (not just statistically probable =
> uniquene
> >> ss)
> >>> 	+	You can route it if you later desire to
> >>>=20
> >>> Since ULA offers no real advantages, I don't really see the point.
> >>=20
> >> Someone insisted to me yesterday the RFC1918-like address space was =
> the=20
> >> only way to provide a 'friendly' place for people to start their =
> journey=20
> >> in playing with IPv6. I think that the idea of real routable IPs on a=20=
> 
> >> lab network daunts many people.
> >>=20
> >> I've been down the road with ULA a few years back and I have to agree=20=
> 
> >> with Owen - rather just do it on GUA.
> >=20
> > Your throwing the baby out with the bath water here.
> >=20
> > ULA, by itself, is a painful especially when you have global IPv4
> > reachability as you end up with lots of timeouts.  This is similar
> > to have a bad 6to4 upsteam link.  Just don't go there.
> >=20
> > ULA + PA works and provides stable internal addresses when your
> > upstream link in down the same way as RFC 1918 provides stable
> > internal addressing for IPv4 when your upstream link is down.
> >=20
> I keep hearing this and it never makes sense to me.
> 
> If your provider will assign you a static /48, then, you have stable
> addresses when your provider link is down in GUA. Who needs ULA?

You used the word "if".  Reverse the sense of the "if" and see if
it still doesn't makes sense to use ULA addresses.  I get a mostly
stable IPv4 address from my cable provider (DHCP).  That address
changes without notice about once a year.  I can configure a 6to4
prefix based on that address (effectively a PA prefix).  I use ULA
addresses internally and 6to4 (PA) externally.  Same for 6rd.  Same
for PD.

DHCP derived 6to4, DHCP derived 6rd, DHCP derived Terado and PD all
give you leased prefixes.  They are not guarenteed to be STABLE.
For internal communication you really do want stable prefixes.  ULA
gives you those stable prefixes.

> > You talk to the world using PA addresses, directly for IPv6 and
> > indirectly via PNAT for IPv4.  These can change over time.
> >=20
> Or, if you don't want your IPv6 addresses to change over time, you can
> get a prefix from your friendly RIR.

You really think I'm going to go to my RIR and get a addresses block
for my home network then my cable provider will route it for me?

> > Similarly, ULA + 6to4 works well provided the 6to4 works when you
> > are connected.  When your IPv4 connection is renumbered you have a
> > new external addresses but the internal addresses stay the same.
> >=20
> That's a big "provided that"...

Not really.  It works for lots of people.

> One over which you have little or no control unless you are running
> a 6to4 gateway of your own and can guarantee that nobody pretends
> to be one that is topologically closer to any of your users.
>
> >> I was adding IPv6 to a fairly large experimental network and started=20=
>
> >> using ULA. The local NREN then invited me to peer with them but I=20
> >> couldn't announce my ULA to them. They are running a 'public =
> Internet'=20
> >> network and have a backbone that will just filter them. 
> >>=20
> >> I think that the biggest thing that trips people up is that they =
> think=20
> >> that they'll just fix-it-with-NAT to get onto the GUA Internet. =
> Getting=20
> >> your own GUA from an RIR isn't tough - rather just do it. 
> >=20
> > If your big enough to get your own GUA and have the dollars to get
> > it routed then do that.  If you are forced to use PA (think home
> > networks) then having a ULA prefix as well is a good thing. 
> >=20
> home network: 2620:0:930::/48
>
> Try again. 

And you expect the routing system to cope when 2 billion homes do the
same thing?

> > Owen
--
Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742				INTERNET: marka at isc.org