-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathfaq.html
171 lines (158 loc) · 10.9 KB
/
faq.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Unique Local IPv6 Generator</title>
<meta charset="utf-8">
<meta name="description" content="Questions and answers for IPv6 beginners about local IPv6 address blocks, also known as Unique Local Addresses or ULAs.">
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="libraries/bootstrap/3.0.3/bootstrap.min.css">
<link rel="stylesheet" href="css/styles.css">
</head>
<body>
<div class="container">
<div class="header">
<ul class="nav nav-pills pull-right">
<li><a href="/">Generator</a></li>
<li class="active"><a href="faq.html">FAQ</a></li>
<li><a href="about.html">About</a></li>
</ul>
<h3 class="text-muted">Unique Local IPv6 Generator</h3>
</div>
<div>
<h2>Frequently Asked Questions</h2>
<ul>
<li><a href="#what-is-ula">What's a unique local address (ULA)?</a></li>
<li><a href="#why-private">Why are private addresses useful?</a></li>
<li><a href="#why-unique">Why should private addresses be unique?</a></li>
<li><a href="#composition">What is the composition of an IPv6 ULA?</a></li>
<li><a href="#fc7-vs-fd8">What's the difference between fc00::/7 and fd00::/8?</a></li>
<li><a href="#picking-a-subnet">What Subnet ID should I use?</a></li>
<li><a href="#easy">Isn't there an easier way to do this?</a></li>
<li><a href="#globally-unique">Are IPv6 ULAs really globally unique?</a></li>
<li><a href="#global-ids-by-us">How does this site generate Global IDs?</a></li>
<li><a href="#global-ids-by-rfc">Is this the Global ID generation method recommended by RFC 4193?</a></li>
<li><a href="#more-info">Where can I get more information?</a></li>
</ul>
<h3 id="what-is-ula">What's a unique local address (ULA)?</h3>
<p>
IPv6 <a href="https://en.wikipedia.org/wiki/Unique_local_address">ULAs</a> are private IP addresses, similar to IPv4 private addresses which you might recognize, such as 192.168.1.1. The biggest <i>conceptual</i> difference is that IPv6 addresses are designed to be unique.
</p>
<h4>IPv4 Private Addresses</h4>
<ul>
<li>Private addresses defined in <a href="https://datatracker.ietf.org/doc/html/rfc1918">RFC 1918</a>.</li>
<li>Contains several address blocks which can be used for private addressing:</li>
<ul>
<li>Class A: 10.0.0.0/8 (contains 16,777,216 IPs).</li>
<li>Class B: 172.16.0.0/12 (contains 1,048,576 IPs).</li>
<li>Class C: 192.168.0.0/16 (contains 65,536 IPs).</li>
</ul>
<li>Not designed to be unique.</li>
</ul>
<h4>IPv6 Unique Local Addresses</h4>
<ul>
<li>Private addresses defined in <a href="https://datatracker.ietf.org/doc/html/rfc4193">RFC 4193</a>.</li>
<li>Contains one address block with a defined mechanism for generating local, per-site subnets:</li>
<ul>
<li>The address block is fd00::/8.</li>
<li>Network administrators are directed to select a /48 block - such as fd00:0000:0000::/48 - randomly.</li>
<li>Network administrators can then use that /48 block as needed, though a /64 is the minimum allocation and contains 18,446,744,073,709,551,616 IPs.</li>
</ul>
<li>The /48 address block, and therefore any networks within, are intended to be <a href="#globally-unique">reasonably unique.</a></li>
</ul>
<h3 id="why-private">Why are private addresses useful?</h3>
<p>
Local network addresses are used to make specific services readily available for people and computers within your private network, but not (readily) available to people off-network such as attackers. The actual security level this provides is contested.
</p>
<p>
There may also be more niche usecases, such as multi-WAN configurations at home, since in the current ISP climate (at least in the United States) you are almost certainly unable to announce your own IPv6 addresses.
</p>
<h3 id="why-unique">Why should private addresses be unique?</h3>
<p>
Sometimes you want to join two or more private networks. A common example is when you connect your PC from your home network to your office network using a VPN, or when an enterprise is joining multiple office networks together. When both networks use the same private address range (ex. 192.168.1.0/24), this creates IP address conflicts, and can disrupt or entirely prevent communication.
</p>
<h3 id="composition">What is the composition of a IPv6 ULA?</h3>
<pre>
+--------+-+------------+-----------+----------------------------+
| 7 bits |1| 40 bits | 16 bits | 64 bits |
+--------+-+------------+-----------+----------------------------+
| Prefix |L| Global ID | Subnet ID | Interface ID |
+--------+-+------------+-----------+----------------------------+
</pre>
<ul>
<li><b>Prefix</b>: fc00::/7</li>
<li><b>Local (L) bit</b>: Must be set to 1</li>
<li><b>Global ID</b>: Uniquely identifies your network, should be random</li>
<li><b>Subnet ID</b>: 0 - ffff, can be used however you need</li>
<li><b>Interface ID</b>: Host addresses within your subnet</li>
</ul>
<h3 id="fc7-vs-fd8">What's the difference between fc00::/7 and fd00::/8?</h3>
<p>
The prefix allocated by RFC 4193 for private addressing is fc00::/7, but the 8th bit ("Local" or L) <i>must</i> be set to 1, which makes the prefix that we can actually <i>use</i> start with "fd00."
</p>
<pre>
bit position: 12345678
hex: fc | binary: 11111100
hex: fd | binary: 11111101
</pre>
<p>
Don't quite get it? Try the <a href="https://simple.wikipedia.org/wiki/Hexadecimal">Simple English Wikipedia entry on hexadecimal</a> - should help!
</p>
<p>
This also halves the address block's size, as one additional bit has been reserved, hence why it's fd00::/8 and <i>not</i> fd00::/7.
</p>
<h3 id="picking-a-subnet">What Subnet ID should I use?</h3>
<p>
After the Global ID you have 16 bits for your subnetting, which you can use however you like. If you don't have any subnetting plans right now, it's probably best to just start with what's shown on the "first subnet" on the <a href="/">generator</a>, which is a /64 subnet using 0000 as the Subnet ID. You could use a bigger subnet if needed, such as to match the size of the public IPv6 address block delegated to your network by your ISP.
</p>
<h3 id="easy">Isn't there an easier way to do this?</h3>
<p>
If you want to use a unique local network for your personal use or for testing only, no one bars you from using fd00::/48, fd00:abba::/48 or fd00:1234::/48. That said, frequent and frustrating <a href="#why-unique">conflicts</a> in IPv4 networks are why IPv6 private networking has an element of uniqueness in the first place - this wasn't an arbitrary decision in IPv6's design. There's no good reason <i>not</i> to use a randomly generated address - how about the ones you've <a href="/">already generated</a>?
</p>
<h3 id="globally-unique">Are IPv6 ULAs really globally unique?</h3>
<p>
The Global ID part of unique local addresses is a pseudo-randomly generated 40-bit integer. There is the possibility that multiple IPv6 sites will use the same Global ID and result in a conflict, however this should be <i>unlikely.</i> Just how likely?:
</p>
<ul>
<li>Connecting 2 networks, the probability of a collision is 0.000000000181%</li>
<li>Connecting 100 networks, the probability is 0.0000454%</li>
<li>Connecting 10,000 networks, the probability is 0.00454%</li>
</ul>
<p>
Connecting more than that, it'd be a wonder you're not already on the internet. These calculations are from RFC 4193 <a href="https://datatracker.ietf.org/doc/html/rfc4193#section-3.2.3">section 3.2.3</a>, for reference.
</p>
<h3 id="global-ids-by-us">How does this site generate Global IDs?</h3>
<p>
The original, circa-2013 site generated ULAs server-side, so we can't know for sure. When the site was rewritten in 2014, it began to use <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random">Math.random()</a> to generate the Global ID. As IPv6 ULAs are not a <i>security</i> sensitive context, this is sufficient and I have not rewritten this to use the <a href="https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API">Web Crypto API</a>.
</p>
<h3 id="global-ids-by-rfc">Is this the Global ID generation method recommended by RFC 4193?</h3>
<p>
No. RFC 4193 <a href="https://datatracker.ietf.org/doc/html/rfc4193#section-3.2.2">section 3.2.2</a> defines a process to obtain a global ID by:
</p>
<ol>
<li>Obtaining the current time.</li>
<li>Obtaining a unique system identifier such as an EUI-64, MAC address, or reasonably random number.</li>
<li>Creating a reasonably unique key by concatenating the time and random number.</li>
<li>Computing a SHA1 digest of the key.</li>
<li>Using the least significant 40 bits of the SHA1 digest as the Global ID.</li>
</ol>
<p>
If you <i>really</i> want to follow the spec, use <a href="https://cd34.com/rfc4193/">cd34's</a> ULA generator. I find the simple promise of "approximately uniform PRNG" provided by Math.random() more convenient, but while unlikely, it's possible that poor seeding practices for Math.random() by your browser could produce identical ULAs.
</p>
<p>
This is why RFC definitions are not really as simple as "use a correctly seeded PRNG."
</p>
<h3 id="more-info">Where can I get more information?</h3>
<p>
The Internet Society has curated a <a href="https://www.internetsociety.org/deploy360/ipv6/">list of learning resources</a> for IPv6. To dive deeper on IPv6 private addressing, always be sure to reference <a href="https://datatracker.ietf.org/doc/html/rfc4193">the RFC</a>.
</p>
</div>
<div class="footer">
<p class="pull-right">
Original © 2013 unique-local-ipv6.com, updates by <a href="https://chris.partridge.tech/">tweedge</a> and <a href="about.html#improvements-and-contributors">contributors</a>
</p>
</div>
</div>
<script src="libraries/jquery/1.10.2/jquery.min.js"></script>
<script src="libraries/bootstrap/3.0.3/bootstrap.min.js"></script>
</body>
</html>