As an enthusiastic IPv6 person who has talked passionately to customers on the subject for more than 14 years, it’s been refreshing to see that we’re moving away from the narrative of ‘nobody uses IPv6‘, which I last wrote about on this blog four years ago, to companies now seriously looking at deploying IPv6 in their networks.
However, I’m still confronted by the same questions, doubts, and ideas from IT administrators who try to use their IPv4 addressing knowledge to develop an IPv6 address plan. Whenever I’m confronted by these people, I start singing in my Elsa voice…
My husband doesn’t recommend I sing but it is warranted in the discussion of Unique Local Addresses (ULAs) and IPv6.
Let it go! Let it go.
When developing an IPv6 address plan you can choose between using Global Unicast Addresses (GUAs) or ULAs.
Using ULAs in IPv6 address planning is similar to IPv4 private network addressing. They can be used freely (without centralized registration) inside a single site or organization or spanning a limited number of sites or organizations. They are routable only within the scope of such private networks, but not in the global IPv6 Internet.
This makes ULAs sound as though they’re the easiest (most familiar) means to deploy IPv6 in your enterprise. However, as Nick Buraglio recently shared in his IETF 114 presentation, Unintended Operational Issues With ULA, it’s the opposite.
If you aren’t of the reading type, Nick was on the IPv6-buzz podcast recently, explaining that in a dual-stack environment ULAs break IPv6 traffic and have left us with the legacy protocol as a transport mechanism.
RFC 6724 also notes that using ULAs is less preferred when deploying IPv6, given that your ultimate goal should be to sunset your IPv4 usage, so the sooner you dip your toes into the world of IPv6-only the better.
Some might say ‘just make a new RFC to solve this issue’. However, this would easily take another 10 years, just because you want to run ULA.
So, should I never use ULAs in my network?
IPv6-only networks provide a valid use case for ULAs but why would you make life difficult for yourself in the meantime given the widespread use of IPv6-only is decades away?
My advice is to just let go of the traditional ways that sought to conserve addresses. What’s not to like about starting fresh? We have enough addresses in IPv6, giving you the ability to reserve a massive block of GUAs that is only to be used internally, and has many associated benefits, including:
- Not needing to use NAT
- Easier to troubleshoot IPv6 issues
- Not needing to avoid ULA address collisions
- Your security perimeter will (still) be your firewall
What’s not to like about that?
Where do I start?
However, before you set on your journey to deploying IPv6, please say goodbye to your current address planning strategy.
Let it go! Let it go!
Nicole Wajer is a Technical Solutions Architect at Cisco.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.