Experimental and/or Private IPv6 Addresses

1 Experimental and/or Private IPv6 Addresses

1.1 Statement of the problem

Often people need to make up some IPv6 addresses on the spur of the moment. So the question arises, does IPv6 provide for private addresses in analogy to the private IPv4 addresses described in reference 1, namely 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.

An all-too-common (but not very good) answer calls for using the IPv6 link-local addresses, namely the ones starting with the fe80 prefix. Alas, that has several problems.

There are major problems in principle if your organization has more than one subnet. What you would really like are some site-local addresses, or (better yet) organization-private addresses, not merely link-local addresses. That is, you would like your addresses to remain valid when routed from ether to ether and even from site to site within your organization.
This is a minor issue if any of your hosts has more than one network interface, even if you plan to run IPv6 over only one of them, because the ``unused'' interfaces will be born with their own fe80 link-local addresses, so you will have to fiddle with the routing table to tell it which interface connects to the link you actually want to use.
On top of that, Linux kernel version 2.4.26 and earlier versions mishandle fe80 addresses in bizarre ways. The system uses the fe80 addresses for some things (notably as the return-address for router solicitiations) ... but oddly enough, the fe80 addresses are effectively useless to ordinary applications. For one thing, you can't even ping your own fe80 address and get a reply. For another, if some neighbor tries to ftp to such an address, it will fail ("invalid argument"). I cannot imagine any excuse for this misbehavior.

So, we need to overcome these problems. We need addresses that can be routed from subnet to subnet within your organization, and the addresses ought to work with ordinary applications including ping and ftp.

1.2 Quick Manual Solution

You can create your own extemporaneous organization-wide addresses as follows: Suppose you have three hosts and you want to create an ``island'' of IPv6 connectivity, perhaps for temporary testing, or perhaps for long-term private use. You can configure them by hand if you want. There are many equally-good ways of doing it. One way is to use addresses such as these:

2002:a00::1/96,
2002:a00::2/96, and
2002:a00::3/96, et cetera.

which are all on the same subnet. There are 4 billion different addresses on each such subnet.

If you want to have more than one subnet within your organizaiton, so you can control routing from one subnet to another, you can use addresses such as

2002:a00::1:0:1/96 for the second subnet,
2002:a00::2:0:1/96 for the third subnet, et cetera.

and you can have billions of such subnets.

The logic here is simple: We are parlaying a private IPv4 address (in this case 10.0.0.0) into a group of IPv6 addresses. The prefix 2002 is reserved for IPv6 subnets behind a ``6to4'' gateway, and in this case we are using 10.0.0.0 as the IPv4 address of the gateway ... an imaginary gateway.

Of course if you want to experiment with actual 6to4 (also known as stf) gatewaying, you are welcome to instantiate non-imaginary gateways with 10-net addresses. But the point remains that all such traffic will remain private (i.e. local to your organization), since 10-net addresses will not be routed onto the open internet. We have done what we set out to do: these truly are private IPv6 addresses.

1.3 Fancier Scalable Solution -- Zero Configuration

Suppose you are making hundreds or millions of boxes. You want to be able to ship them with identical software, without any per-box customization or configuration. But they each need a distinct hostname and distinct IP address. You can arrange for these to be formed automatically based on the MAC address of a network card.

For example, suppose the MAC address is 00:60:1D:22:5A:85. Then the hostname can be set to mybox-0060-1d22-5a85 and the IP address can be set to 2002:a00::260:1dff:fe22:5a85/64. That address conforms to the EUI-64 standard (reference 3) which calls for inserting the two bytes 'ff:fe' in the middle, and complementing the 2's bit in the leftmost byte to indicate that the address is local as opposed to global. Reference 2 is a convenient program for printing the EUI-64 string.

You can, if you wish, create distinct subnets as follows:

2002:a00:0:1::xxx/64,
2002:a00:0:2::xxx/64, et cetera

where xxx represents the EUI-64 or whatever other host identifier you are using. Sixteen bits are available, so you can create 65,536 subnets using this method.

2 References

1. Address Allocation for Private Internets http://www.apps.ietf.org/rfc/rfc1918.html 2. Program to format standard identifiers based on MAC address ./macaddr.pl

3. GUIDELINES FOR 64-BIT GLOBAL IDENTIFIER (EUI-64™) REGISTRATION ... http://standards.ieee.org/regauth/oui/tutorials/EUI64.html

[Contents] _