IPv6 Unique Local Addresses

Another type of IPv6 unicast address is the unique local address (ULA), which is the counterpart of IPv4 private addresses. Unique local addresses are also known as private IPv6 addresses or local IPv6 addresses (not to be confused with linklocal addresses).

ULA addresses can be used similarly to global unicast addresses but are for private use and should not be routed in the global Internet. ULA addresses are only to be used in a more limited area, such as within a site or routed between a limited number of administrative domains. ULA addresses are for devices that never need access to the Internet and never need to be accessible from the Internet.

ULA addresses are defined in RFC 4193, Unique Local IPv6 Unicast Addresses. Figure 4-9 illustrates the format of a unique local unicast address.

Unique local addresses have the prefix fc00::/7, which results in the range of addresses from fc00::/7 to fdff::/7, as shown in Table 4-8.

Unique local addresses have the following characteristics:

• They can be used just like global unicast addresses.

• They can be used for devices that never need access to or from the global Internet.

• They allow sites to be combined or privately interconnected without address conflicts and without requiring addressing renumbering. (Address conflicts are highly unlikely due to the large address space.)

• They are independent of any ISP and can be used within a site even without having Internet connectivity.

ULA and NAT

ULA and NAT is a bit of a tricky topic. The concept of translating a unique local address to a global unicast address is the subject of ongoing debate within the IPv6 community, and it fosters emotional opinions on both sides of the argument. The IAB published an informational RFC highlighting its thoughts on NAT and IPv6 in RFC 5902, IAB Thoughts on IPv6 Network Address Translation. In this RFC, the IAB summarizes the use of NAT as follows:

Network address translation is viewed as a solution to achieve a number of desired properties for individual networks: avoiding renumbering, facilitating multihoming, making configurations homogenous, hiding internal network details, and providing simple security.

So, does this means NAT provides security, and ULA addresses can be translated to GUA addresses for this purpose? The simple answer is no. RFC 5902 goes on to state, "However, one should not confuse NAT boxes with firewalls. As discussed in [RFC 4864] Section 2.2, the act of translation does not provide security in itself."

Remember that the driving force for using NAT with IPv4 is not security but IPv4 address depletion. Although the IAB and the IETF did not intend for NAT to be used with IPv6 as it is with IPv4, NAT does provide mechanisms for translation where translation is necessary. These translation techniques include Network Prefix Translation version 6 (NPTv6), described in RFC 6296, IPv6-to-IPv6 Network Prefix Translation, and NAT66, described in an Internet draft RFC, IPv6-to-IPv6 Network Address Translation (long expired). Both of these RFCs focus on translation for address independence - and only where necessary. In RFC 6296, the IETF goes as far as stating, "For reasons discussed in [RFC 2993] and Section 5, the IETF does not recommend the use of Network Address Translation technology for IPv6."

Both NPTv6 and NAT66 are designed for address independence and not security. Address independence means that a site does not have to renumber its internal addresses if the ISP changes the site's external prefix or if the site changes ISPs and receives a different prefix.

NPTv6 and NAT66 are both stateless technologies, whereas NAT for IPv4 is stateful. It is the statefulness, not NAT itself, that provides the security. This means that internal devices are open to certain types of attacks that would not be possible in a NAT for IPv4 network. NAT for IPv4 is not security and introduces many problems and challenges.

If all this seems vague, complicated, and perhaps even contradictory, welcome to the discussion on NAT and IPv6.

Note For more information on ULA addresses with NAT66 or NPTv6, see Ed Horley's excellent articles on the topic, at www.howfunky.com. Horley has also written an excellent book, Practical IPv6 for Windows Administrators

L Flag and Global ID

ULA addresses have the prefix fc00::/7, or the first 7 bits as 1111 110x. As shown in Figure 4-10, the eighth bit (x) is known as the L flag, or the local flag, and it can be either 0 or 1. This means that the ULA address range is divided into two parts:

• fc00::/8 (1111 1100): When the L flag is set to 0, may be defined in the future.

• fd00::/8 (1111 1101): When the L flag is set to 1, the address is locally assigned.

Because the only legitimate value for the L flag is 1, the only valid ULA addresses today are in the fd00::/8 prefix.

Another difference between ULA addresses and private IPv4 addresses is that ULA addresses can also be globally unique. This is helpful for ensuring that there won't be any conflicts when combining two sites using ULA addresses or just in case they get leaked out into the Internet.

The trick is that the global IDs must somehow be unique without being administered by a central authority. RFC 4193, Sample Code for Pseudo-Random Global ID Algorithm, defines a process whereby locally assigned Global IDs can be generated using a pseudorandom algorithm that gives them a very high probability of being unique. It is important that all sites generating Global IDs use the same algorithm to ensure that there is this high probability of uniqueness.

About the Author

Rick Graziani has been an instructor of computer networking and computer science courses at Cabrillo College in Aptos, California since 1994. Rick also teaches networking courses in the Computer Engineering department at the University of California, Santa Cruz and is on the Curriculum Engineering team for Cisco Networking Academy.

Organizations are increasingly transitioning to IPv6, the next generation protocol for defining how devices of all kinds communicate over networks. Now fully updated, IPv6 Fundamentals offers a thorough, friendly, and easy-to-understand introduction to the knowledge and skills you need to deploy and operate IPv6 networks.

Leading networking instructor Rick Graziani explains all the basics simply and clearly, step-by-step, providing all the details you'll need to succeed. You'll learn why IPv6 is necessary, how it was created, how it works, and how it has become the protocol of choice in environments ranging from cloud to mobile and IoT.

Graziani thoroughly introduces IPv6 addressing, configuration options, and routing protocols, including EIGRP for IPv6, and OSPFv3 (traditional configuration and with address families). Building on this coverage, he then includes more in-depth information involving these protocols and processes.

This edition contains a completely revamped discussion of deploying IPv6 in your network, including IPv6/IPv4 integration, dynamic address allocation, and understanding IPv6 from the perspective of the network and host. You'll also find improved coverage of key topics such as Stateless Address Autoconfiguration (SLAAC), DHCPv6, and the advantages of the solicited node multicast address.

Throughout, Graziani presents command syntax for Cisco IOS, Windows, Linux, and Mac OS, as well as many examples, diagrams, configuration tips, and updated links to white papers and official RFCs for even deeper understanding.

• Learn how IPv6 supports modern networks encompassing the cloud, mobile, IoT, and gaming devices
• Compare IPv6 with IPv4 to see what has changed and what hasn't
• Understand and represent IPv6 addresses for unicast, multicast, and anycast environments
• Master all facets of dynamic IPv6 address allocation with SLAAC, stateless DHCPv6, and stateful DHCPv6
• Understand all the features of deploying IPv6 addresses in the network including temporary addresses and the privacy extension
• Improve operations by leveraging major enhancements built into ICMPv6 and ICMPv6 Neighbor Discovery Protocol
• Configure IPv6 addressing and Access Control Lists using a common topology
• Implement routing of IPv6 packets via static routing, EIGRP for IPv6, and OSPFv3
• Walk step-by-step through deploying IPv6 in existing networks, and coexisting with or transitioning from IPv4

Reader Lucas Schultz says, "If you are looking to take the CCNA and IPv6 is not clear to you after Cisco material, this is the book you. This is the best in depth discuss about IPv6 how it works and the mechanisms to make it work. Author made it very easy to read and understand. Highly recommend this book to IT personnel or CCNA certification.

More Networking Protocols and Standards:
• Link Aggregation
• IPv6 Unicast Addresses
• A Simple Description of the IPv6 Header and Datagram
• Classless IP Addressing
• The OSI Network Layer
• Networking Protocols, Ports, Standards, and Organizations What Does it All Mean?
• Wireless Network Standards - 80211a, 80211b, 80211g, 80211n, 80216
• The OSI Reference Model
• Video - The Upper Layers 5 Through 7 of the OSI Networking Model
• IPv4 Datagram Fields