Re: Unique Local Address (ULA) - IPv6

You are thinking WAY too much about this. :)

Site local was private addressing, but the problem was that everyone had
the same set. There's no v6-v6 NAT right now, so "business partner"
hookups would have address overlap (not thought of in 1996 with original
specs).

ULA attempts to fix that. No RIR has stepped up for the global database
though, (big surprise, no $$) so we're dealing with the pseudo-random
idea. There's an algorithm and a web page as well.

The concept being that within 40-bits, the chances of you overlapping
with a partner are REALLY slim. Most companies didn't have a problem
dealing with a "site" definition because with 65,535 subnets available
you could do a lot on your own! :)

Keep it simple though. Know the differences from FC/8 and FD/8 and when
in doubt ask the proctor. Otherwise, get more sleep! hehehehe

*Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,

JNCIE-M #153, JNCIS-ER, CISSP, et al.

JNCI-M, JNCI-ER

evil_at_ine.com

Internetwork Expert, Inc.

http://www.InternetworkExpert.com

Toll Free: 877-224-8987

Outside US: 775-826-4344

Knowledge is power.

Power corrupts.

Study hard and be Eeeeviiiil......

Joe Astorino wrote:
> I have one more thing I'd like to add. ULA are defined in RFC 4193
> which states the following:
>
> Locally assigned Global IDs MUST be generated with a pseudo-random
> algorithm consistent with [RANDOM]. Section 3.2.2 describes a
> suggested algorithm. It is important that all sites generating
> Global IDs use a functionally similar algorithm to ensure there is a
> high probability of uniqueness.
>
> The use of a pseudo-random algorithm to generate Global IDs in the
> locally assigned prefix gives an assurance that any network numbered
> using such a prefix is highly unlikely to have that address space
> clash with any other network that has another locally assigned prefix
> allocated to it. This is a particularly useful property when
> considering a number of scenarios including networks that merge,
> overlapping VPN address space, or hosts mobile between such networks.
>
>
> HOWEVER....clearly we can see here that I manually assigned this
> interface the address fd00::1/64. So, I can't say that having the
> global-id 40-bit portion being "pseudo-random" is actually being
> enforced by anything...it seems that according the RFC it SHOULD
> happen that way though. Note that Cisco also says "Because RFC 3879
> deprecates the use of site-local addresses, configuration of private
> IPv6 addresses should be done following the recommendations of unique
> local addressing (ULA) in RFC 4193. " in the following document. This
> seems to indicate to me that the way you SHOULD do things is via what
> is outlined above in the RFC
>
> http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-addrg_bsc_con.html#wp1334130
>
> R1(config)#interface fa0/0
> R1(config-if)#ipv6 address fd00::1/64
>
> R1(config-if)#do sh ipv6 int fa0/0
> FastEthernet0/0 is up, line protocol is up
> IPv6 is enabled, link-local address is FE80::212:80FF:FE31:CCD8
> No Virtual link-local address(es):
> Global unicast address(es):
> FD00::1, subnet is FD00::/64
> Joined group address(es):
> FF02::1
> FF02::2
> FF02::1:FF00:1
> FF02::1:FF31:CCD8
> MTU is 1500 bytes
> ICMP error messages limited to one every 100 milliseconds
> ICMP redirects are enabled
> ICMP unreachables are sent
> ND DAD is enabled, number of DAD attempts: 1
> ND reachable time is 30000 milliseconds (using 40407)
> ND advertised reachable time is 0 (unspecified)
> ND advertised retransmit interval is 0 (unspecified)
> ND router advertisements are sent every 200 seconds
> ND router advertisements live for 1800 seconds
> ND advertised default router preference is Medium
> Hosts use stateless autoconfig for addresses.
> R1(config-if)#
>
>
>
>
> On Wed, Dec 16, 2009 at 1:40 AM, Roy Waterman <roy.waterman_at_gmail.com> wrote:
>
>> Cool, thanks again Joe, its v clear now :)
>>
>> Typos are my forte :)
>>
>> 2009/12/16 Joe Astorino <jastorino_at_ipexpert.com>
>>
>>> Bah, my God I can't type tonight!!! Apologies for the typos...
>>>
>>> centrally assigned global-id is the FC00::/8
>>> randomly generated global-id is the FD00::/8
>>>
>>> As Scott said I'd watch the wording BUT ...still remember that the 40 bits following FD you still don't get to choose. It is randomly generated by the router. Now, the 16 bits after THAT is up to you no matter if you are using centrally assigned (FC00::/8) or randomly generated (FD00::/8)
>>>
>>> [FC][Global-ID][Subnet-ID][Interface ID]
>>>
>>> FC: 8 bits
>>> Global-ID: 40 bits assigned to you by a central place
>>> Subnet-ID: 16 bits you get to play with
>>> Interface-ID: 64 bits
>>>
>>> [FD][Global-ID][Subnet-ID][Interface ID]
>>>
>>> FD: 8 bits
>>> Global-ID: 40 bits "pseudo-randomly" generated by the router based on things like the time of day, your mac-address and such...
>>> Subnet-ID: 16 bits you get to play with
>>> Interface-ID: 64 bits
>>>
>>> So really the only difference is the 40-bit global ID ... which basically uniquely identifies your "SITE". You have randomly generated or centrally assigned.
>>>
>>> THAT should clear it up for good : )
>>>
>>>
>>>
>>> On Wed, Dec 16, 2009 at 1:29 AM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
>>>
>>>> You are welcome,
>>>>
>>>> Keep in mind IPv6 "site-local" and "unique-local" addressing is something that seems to have been revised and changed quite a bit. First we had site-local which like I said is now depricated officially, but still seen in a lot of Cisco documentation. Essentially people in the IETF could not agree on what defined a "site."
>>>>
>>>> With Unique-Local it seems that nobody is quite sure yet what to do or how to implement the whole centrally assigned thing (FD00::/8). I'd keep an eye on it if you are interested, but for the lab I'd do what they tell you. When in doubt, I'd ask the proctor, and if still you are in trouble, I'd go with the FD00::/8 range and just let the router randomly generate your global ID.
>>>>
>>>> On Wed, Dec 16, 2009 at 1:18 AM, Roy Waterman <roy.waterman_at_gmail.com> wrote:
>>>>
>>>>> Scott/Joe, thanks for your replies :)
>>>>>
>>>>>
>>>>> 2009/12/16 Joe Astorino <jastorino_at_ipexpert.com>
>>>>>
>>>>>> Whoops...means subnetted into two /8's of course : )
>>>>>>
>>>>>> On Wed, Dec 16, 2009 at 12:25 AM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
>>>>>>
>>>>>>> It is somewhat strange.
>>>>>>>
>>>>>>> Essentially they took the FC00::/7 range and subnetted into two /7s -- FC00::/8 and FD00::/8. Each /8 is for a different purpose. Basically we have two different things because different people have different views on how things should be done.
>>>>>>>
>>>>>>> With FC00::/8 range your site-local address is actually ASSIGNED to you by a registrar even though the range is NOT globally routable. This ensures that everything remains unique within your organization. There is actually accountability where there is an organization that assigns to you your locally used ranges
>>>>>>>
>>>>>>> With FD00::/8 it is more like RFC1918 space, where your site-ID is a "semi-randomly" generated number, and you have 16 bits for subnetting left which effectively gives you room for like 65,535 /64 subnets to play with : )
>>>>>>>
>>>>>>> So FC00::/8 looks something like this where the 40-bit global-id (your "site ID") is ASSIGNED to you
>>>>>>>
>>>>>>> [FC][Global-ID][Subnet-ID][Interface ID]
>>>>>>> [8 ] [40 bits ][16 bits ]]64 bits ]
>>>>>>>
>>>>>>> The FD00::/8 stuff would look essentially the same, except the 40-bit global-id is NOT assigned to you...it is randomly generated
>>>>>>>
>>>>>>> HTH
>>>>>>>
>>>>>>> P.S. This is not to be confused with "site-local" addressing (FEC0::/10) which is depricated. The reason behind this being depricated has to do with many many arguments over the ambiguity of what is considered a "site".
>>>>>>>
>>>>>>> On Tue, Dec 15, 2009 at 7:14 PM, Scott Morris <smorris_at_ine.com> wrote:
>>>>>>>
>>>>>>>> You'd configure it where the lab told you. :)
>>>>>>>>
>>>>>>>> If it said "you have been assigned an ID of ..." then I'd use FC. If it
>>>>>>>> said "you decided to use an ID of ...." then I'd use FD.
>>>>>>>>
>>>>>>>> HTH,
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> *Scott Morris*, CCIE/x4/ (R&S/ISP-Dial/Security/Service Provider) #4713,
>>>>>>>>
>>>>>>>> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>>>>>>>>
>>>>>>>> JNCI-M, JNCI-ER
>>>>>>>>
>>>>>>>> evil_at_ine.com
>>>>>>>>
>>>>>>>>
>>>>>>>> Internetwork Expert, Inc.
>>>>>>>>
>>>>>>>> http://www.InternetworkExpert.com
>>>>>>>>
>>>>>>>> Toll Free: 877-224-8987
>>>>>>>>
>>>>>>>> Outside US: 775-826-4344
>>>>>>>>
>>>>>>>>
>>>>>>>> Knowledge is power.
>>>>>>>>
>>>>>>>> Power corrupts.
>>>>>>>>
>>>>>>>> Study hard and be Eeeeviiiil......
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Roy Waterman wrote:
>>>>>>>>
>>>>>>>>> Hi all
>>>>>>>>>
>>>>>>>>> Would like some clarification on configuring ulas.
>>>>>>>>> We all know its: FC00::/7, however as per RFC4193 it mentions that the L bit
>>>>>>>>> (the 8th bit) is set to 1 if the prefix is locally assigned, and that L bit
>>>>>>>>> as 0 is undefined.
>>>>>>>>> As such in various places, Ive seen that you'd typically configure ulas
>>>>>>>>> starting as fd00::/8, but from a Cisco implementation perspective,
>>>>>>>>> does it matter whether fc00::/8 or fd00::/8 is used?
>>>>>>>>>
>>>>>>>>> >From a lab perspective, if asked to configure a ula, should ipv6 address
>>>>>>>>> fd00:... always be used (locally assigning the ipv6 address) ?
>>>>>>>>>
>>>>>>>>> Please advise.
>>>>>>>>>
>>>>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>>>>
>>>>>>>> _______________________________________________________________________
>>>>>>>> Subscription information may be found at:
>>>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>>
>>>>>>> Joe Astorino CCIE #24347 (R&S)
>>>>>>> Sr. Technical Instructor - IPexpert
>>>>>>> Mailto: jastorino_at_ipexpert.com
>>>>>>> Telephone: +1.810.326.1444
>>>>>>> Live Assistance, Please visit: www.ipexpert.com/chat
>>>>>>> eFax: +1.810.454.0130
>>>>>>>
>>>>>>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>>
>>>>>> Joe Astorino CCIE #24347 (R&S)
>>>>>> Sr. Technical Instructor - IPexpert
>>>>>> Mailto: jastorino_at_ipexpert.com
>>>>>> Telephone: +1.810.326.1444
>>>>>> Live Assistance, Please visit: www.ipexpert.com/chat
>>>>>> eFax: +1.810.454.0130
>>>>>>
>>>>>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Regards
>>>>> Roy
>>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>> Joe Astorino CCIE #24347 (R&S)
>>>> Sr. Technical Instructor - IPexpert
>>>> Mailto: jastorino_at_ipexpert.com
>>>> Telephone: +1.810.326.1444
>>>> Live Assistance, Please visit: www.ipexpert.com/chat
>>>> eFax: +1.810.454.0130
>>>>
>>>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com
>>>>
>>>>
>>>>
>>>
>>> --
>>> Regards,
>>>
>>> Joe Astorino CCIE #24347 (R&S)
>>> Sr. Technical Instructor - IPexpert
>>> Mailto: jastorino_at_ipexpert.com
>>> Telephone: +1.810.326.1444
>>> Live Assistance, Please visit: www.ipexpert.com/chat
>>> eFax: +1.810.454.0130
>>>
>>> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com
>>>
>>>
>>>
>>
>> --
>> Regards
>> Roy
>>
>
>
>
> --
> Regards,
>
> Joe Astorino CCIE #24347 (R&S)
> Sr. Technical Instructor - IPexpert
> Mailto: jastorino_at_ipexpert.com
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
> Security & Service Provider) Certification Training with locations
> throughout the United States, Europe and Australia. Be sure to check
> out our online communities at www.ipexpert.com/communities and our
> public website at www.ipexpert.com

Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 16 2009 - 09:09:09 ART