"Registered ULA" (Was: using ULA for 'hidden' v6 devices?)

William Herrin bill at herrin.us
Wed Jan 25 19:21:42 CST 2012


On Wed, Jan 25, 2012 at 1:55 PM, Jeroen Massar <jeroen at unfix.org> wrote:
> On 2012-01-25 19:51 , William Herrin wrote:
>> On Wed, Jan 25, 2012 at 8:08 AM, Jeroen Massar <jeroen at unfix.org> wrote:
>>> What everybody calls "Registered ULA" or ULA-C(entral) is what the RIRs
>>> already provide. Also entities that have such a strict requirement are
>>> perfectly served with address space the RIRs provide.
>>
>> Not so. The registries provide GUA, not ULA. Not everybody considers
>> the difference significant, but many if not most of the folks who want
>> to use ULA for anything at all do.
>
> I think you misunderstood my terminology, which is afaik the one used by
> the relevant documents,

Jeroen,

I knew I should have used the longer explanation.

>From what I've been able to determine, the folks who want Unique Local
Addresses usually want a block of addresses which only function on
private networks. Should their packets ever leak on to the public
Internet, the ULA users want them to fail. By contrast, the registries
hand out Global Unicast Addresses. If packets with these addresses
make it to the public Internet, they'll probably work. This is not a
good thing if you're implementing a SCADA network whose hosts may need
to talk to another company network, or even a remote monitoring
company's network, but should never talk to hosts on the public
Internet.

I don't want to get into an argument over the security implications
(or non-implications) of addresses which are or are not publicly
routable. Suffice it to say there are networking professionals to whom
a GUA address is not a satisfactory substitute for a ULA address.
Hence, a registered ULA address IS NOT equivalent to what the RIRs
provide.


>>> https://www.sixxs.net/tools/grh/ula/
>>
>> My "registration" was erased from that page. Don't know when. Don't
>> know why. But it speaks poorly for its function as a registry.
>
> This was likely caused by the little note at the bottom:
>
> "Prefixes which are not generated using the ULA generator will be
> silently removed; ULAs are not supposed to look pretty."
>
> Various folks are registering fd00::/48 or 'fun' stuff like
> fd00:b00b::/48

Hey, do you realize how many tries it took me to randomly generate
fd00:b00b::/48?

In all seriousness, though, while protecting against someone blindly
registering lots of naughts is probably reasonable, a registry isn't
worth much if it won't record the address ranges folks actually choose
to use. Regardless of how closely the RFC was followed in those
ranges' selection. In a sense, such a registry makes a net negative
contribution because its existence discourages the creation of another
organized effort.

Regards,
Bill

-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the NANOG mailing list