On Wed, 20 Oct 2010 19:07:57 -0500 James Hess <mysidia@gmail.com> wrote:
On Wed, Oct 20, 2010 at 4:48 PM, Jeroen van Aart <jeroen@mompl.net> wrote:
<IPv6 newbie>
these addresses, their address scope is global, i.e. they are expected to be globally unique."
The ULA /48s are hoped to only be globally unique, but this only has a good chance of happening if all users pick good random numbers as required, which will often be 'hard to read'. should any two networks pick non-random numbers, they could easily conflict, breaking expectations.
Do you realise that one of the reasons why the ID is random is to discourage global routing of them, so they don't aggregate well? They're for internal addressing. The only time some of your local ULA address space would be seen externally to your network is via a backdoor connection to e.g. a business partner via a VPN. ULAs should never and are prohibited from appearing in the global route table. The probably shouldn't also appear in a multilateral peering fabric. To make it clear, as it seems to be quite misunderstood, you'd have both ULA and global addressing in your network. For internal destinations ULA addresses are used. For global destinations, global addresses are used. ULAs serve the purpose of providing an internally stable address space independent of your upstream transit provider's global address space, assuming you have one. In IPv4, RFC1918 served this purpose, although not as well, as it couldn't be used concurrently with a global address space (one of the differences between IPv4 and IPv6 is proper, by-design, support for nodes having multiple valid addresses), and also required NAT when interconnecting two overlapping RFC1918 address domains.
My suspicion is that in the future it is going to happen routinely, esp. if ULA becomes to IPv6 what RFC1918 space is to IPv4, with most end user networks implementing NAT66 to translate "private" /48 ULAs to their site's "public" /48 assignment from their ISP.
I can imagine generic $50 IPv6 broadband routers getting distributed en-masse that hardcode all bits 0 ULA NAT66 by default, and expect the user to change the LAN IP subnet / NAT config from the defaults, sometime while they're setting it up, probably at the same time they change the admin password.
You know... the type of router a residential user plugs in, and they "just work", and if the user forgets to follow any setup or config directions, just pulls an IP via DHCP and sticks with some insecure defaults.
But it would still be a big improvement from what is available with V4. -- -Jh