In message <20101021093109.06a50ea2@opy.nosense.org>, Mark Smith writes:
On Wed, 20 Oct 2010 14:48:47 -0700 Jeroen van Aart <jeroen@mompl.net> wrote:
<IPv6 newbie> =20 According to http://en.wikipedia.org/wiki/IPv6_address#Special_addresses= =20 an fc00::/7 address includes a 40-bit pseudo random number: =20 "fc00::/7 =E2=80=94 Unique local addresses (ULA's) are intended for local= =20 communication. They are routable only within a set of cooperating sites=20 (analogous to the private address ranges 10/8, 172.16/12, and 192.168/16= =20 of IPv4).[12] The addresses include a 40-bit pseudorandom number in the=20 routing prefix intended to minimize the risk of conflicts if sites merge= =20 or packets are misrouted into the Internet. Despite the restricted,=20 local usage of these addresses, their address scope is global, i.e. they= =20 are expected to be globally unique." =20 I am trying to set up a local IPv6 network and am curious why all the=20 examples I come accross do not seem to use the 40-bit pseudorandom=20 number? What should I do?
Use a pseudo random number, not follow bad examples. Where are these examples? I'd be curious as to what they say regarding why they haven't followed the pseudo random number requirement.
Here is a real life example of the use of ULA's. I used the following command to get the 40 random bits in the prefix (92:7065:b8e). dd if=/dev/random bs=5 count=1 | od -t x1 The border router is configured to block ULA traffic, gif0 is the external interface on the border router. // ULA border filter add unreach admin all from any to fc00::/7 via gif0 add unreach admin all from fc00::/7 to any via gif0 If your OS supports it. You configure the address selection rules to prefer your ULA prefix when talking to your ULA prefix and then to prefer non ULA to non ULA over general ULA to general ULA. That way you use ULA addresses for internal communication and non ULA addresses for external communication. en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether e8:06:88:f3:4f:9c inet6 fe80::ea06:88ff:fef3:4f9c%en0 prefixlen 64 scopeid 0x4 inet6 fd92:7065:b8e::ea06:88ff:fef3:4f9c prefixlen 64 autoconf inet6 2001:470:1f00:820:ea06:88ff:fef3:4f9c prefixlen 64 autoconf inet 192.168.191.240 netmask 0xffffff00 broadcast 192.168.191.255 media: autoselect (10baseT/UTP <half-duplex>) status: active
Use something like fd00::1234, or incorporate=20 something like the interface's MAC address into the address? It'd make=20 the address quite unreadable though. =20
DNS (including dynamic DNS, multicast DNS, and DNS service discovery) is intended to be used far more often in IPv6 than it was in IPv4. It was never going to be that possible to expand the size of the address space significantly without trading off 'rememberability'.
The best way to understand ULAs is to read the RFC. It'd probably take about 15 to 20 minutes, and is quite readable (as are most if not all RFCs)
Unique Local IPv6 Unicast Addresses http://tools.ietf.org/rfc/rfc4193.txt
You may also wish to subscribe to the ipv6-ops mailing list for IPv6 focused operations discussions.
http://lists.cluenet.de/mailman/listinfo/ipv6-ops
Regards, Mark.
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org