The title pretty much explains everyrthing.
Since there is a huge amount of IPv6 addresess, couldn't every device just use a global unicast address? What is the practical use of unique local IPv6 addresses?
Thank you all in advance.
2 Answers
Is there any reason to use unique local IPv6 addreses in a production network?
You can use ULA for traffic that you never want to be able to be sent on the public Internet.
Since there is a huge amount of IPv6 addresess, couldn't every device just use a global unicast address? What is the practical use of unique local IPv6 addresses?
Yes, that is the point of IPv6 to restore the original IP end-to-end paradigm. Remember that IPv6 allows you to use multiple addresses on each interface, and you can mix the address types. You will have a Link-Local address, and you can add multiple Global and ULA addresses in different networks on the interface.
RFC 6724, Default Address Selection for Internet Protocol Version 6 (IPv6) defines an algorithm for source address selection. For example, if you have sensitive traffic that you send to a ULA address in your network, the source address should also be a ULA address you have defined on your interface. That will prevent the traffic from being able to be routed on the public Internet, protecting your sensitive information from accidental sending on the public Internet. You can also trust the source as it will obviously not be from the public Internet.
answered Mar 30, 2023 at 17:54
-
2It should also be noted, global prefixes can (and do) change. ULA is entirely under your control, so it will only ever change when you decide to change. Changing provider, moving, mergers, etc. will usually have little effect on ULA prefixes.– RickyCommented Mar 30, 2023 at 20:17
-
"You can also trust the source as it will obviously not be from the public Internet." - depending on reverse routing policies Commented Mar 31, 2023 at 20:01
-
@user253751, ULA addresses, including source addresses, are not to be routed on the public Internet by the ISPs, and any business, should also have firewall rules to drop that type of traffic (among other traffic types), both inbound and outbound of the public Internet.– Ron Maupin ♦Commented Mar 31, 2023 at 20:29
Since there is a huge amount of IPv6 addresess, couldn't every device just use a global unicast address? What is the practical use of unique local IPv6 addresses?
They could, but:
not all networks are in a position to obtain a global unicast prefix (as it's typically issued by your ISP), e.g. if you want to use IPv6 internally but your ISP doesn't support providing IPv6 access globally yet;
the global prefix is not always stable (sometimes the ISP refuses to provide a static prefix for "you didn't pay us enough" reasons) and you want stable addressing for your servers and stuff;
some networks have multiple prefixes from different ISPs, possibly coming and going (e.g. some basic load-balance or failover setups where BGP is not yet involved), and need one fixed prefix for internal communications.
(Both situations boil down to "renumbering is a pain".)
-
-
2Until it doesn't. I've heard enough stories of people receiving a different prefix via PD every week, etc., despite all the parameters like the DUID remaining the same. Commented Mar 31, 2023 at 6:17
-
That would only be for (off-topic) residential users. The ISPs assign prefixes to the (on-topic) business users, and businesses only need to worry about changing the prefix when changing ISPs.– Ron Maupin ♦Commented Mar 31, 2023 at 6:22
-
4that's making some assumptions about how all ISPs operate Commented Mar 31, 2023 at 20:02