IPv6 ULA – what and how?

ULA (Unique Local Addresses, or Unique Local IPv6 Unicast Addresses to give them their full name) are IPv6’s equivalent of IPv4’s “private” addresses.

The idea is to append a random 40 bits to the reserved ULA prefix fd00::/8, thus building a /48 that you can call your own. You can use this /48 wherever and however you like, with the sole proviso that it must not be routed on the public Internet. The ULA space is defined in RFC4192 (http://tools.ietf.org/html/rfc4193).

To understand where ULA is coming from, we must first take a quick detour through IPv4’s “private addresses”, also known as “RFC1918” addresses, after the RFC that defines them (http://tools.ietf.org/html/rfc1918).

Absolutely everyone uses them. From the smallest home network to the largest corporation on the planet, one or more networks like 192.168.1.0/24 are certain to be in use.

The RFC1918 address space is small. RFC1918 specifies only about 16.7 million addresses, or less than 70,000 /24 subnets. For a lot of organisations, that’s just not enough, and this has led to the same addresses being deployed at multiple locations even within a single organisation.

Within the RFC1918 address space, certain ranges (like 192.168.1.0/24, 172.16.1.0/24 and 10.0.1.0/24) – are hugely more popular than others. The chance that these are deployed in any particular organisation is pretty high.

What all this means is that RFC1918 space is not only in use all over the place, the exact same addresses are in use all over the place.

So when two networks need to be combined, for example when Company A goes to merge with Company B, a conflict of internal IPv4 addressing is practically certain, with all the attendant messiness and cost of untangling things.

ULA, by contrast, offers 40 bits of prefix uniqueness. That’s about a trillion (10^12) unique /48 prefixes.

What this means is that a company choosing a random ULA prefix is very unlikely to choose the same prefix as anyone else. And even if they do, it only matters if the two companies that happened to choose the very same prefix out of the billions available also happen to want to combine, which is even more unlikely.

Lots of people will certainly say to themselves “well, it’s for internal use only, so I won’t bother to generate a nasty, hard-to-type random prefix; instead I will choose a nice handy one like, say, fd00::/48”. All will be well – right up to the moment where they need to combine with another enterprise that made the same suddenly-not-looking-so-clever choice.

Given the number of networks in the world, lots and lots of people will be making the choice to use memorable, rather than random, ULA prefixes. You can’t stop other people doing that. You can, however, protect yourself by choosing a ULA prefix that that is genuinely random. Randomness protects you from those other people’s poor choices, by maximising the chance that, come the day when you have to merge your network with another, you will be able to do so relatively painlessly.

Because of the likelihood that many people will opt for immediate convenience at the cost of one-day-maybe-never pain, I would suggest that you avoid ULA prefixes that look non-random to the naked eye. So if your random number generator happens to throw up 00:0000:0001, run it again 🙂

Of course, there is another question – do you actually need to use ULA space at all? I would argue not; but that’s a discussion for another blog entry.

Leave a Reply

Your email address will not be published. Required fields are marked *