[ipv6hackers] Pros and Cons of Address Randomization

Mark Smith markzzzsmith at yahoo.com.au
Sun Dec 2 20:39:14 CET 2012

----- Original Message -----
> From: Jim Small <jim.small at cdw.com>
> To: IPv6 Hackers Mailing List <ipv6hackers at lists.si6networks.com>
> Cc: 
> Sent: Monday, 3 December 2012 5:33 AM
> Subject: Re: [ipv6hackers] Pros and Cons of Address Randomization
> Hi Owen,
> Curious on this one:
>>  > Maybe this is an enterprise bias but my experience has been that
>>  loopbacks (at least with IPv4) are numbered sequentially with predictable
>>  patterns for ease of use.  These can be protected with ACLs/firewalls.  I
>>  would like to do something similar for IPv6.  Maybe this is legacy thinking 
> but
>>  I would dread giving this up and completely depending on DNS.  What about
>>  outages where you're using an Out Of Band network and DNS is
>>  down/unavailable?  This one would be hard for me...
>>  >
>>  You certainly can do something similar for IPv6 and I would actually 
> generally
>>  advocate doing so. I just wouldn't start from ::1 in most cases.
> So where would you start at?  ::1001?  It's not that you memorize addresses 
> - I agree that's silly.  However when you use tools, simple patterned 
> numbers make life easier.  Granted you can have lists of addresses to march 
> through but it's the little things...  Especially when you're doing 
> something to 100s of routers/switches - spot checking patterned numbers is a 
> little easier than randomized addresses.  Maybe I'm just a little lazy.  :-)

For network management, I think it'd be better just to use ULAs, as they're not accessible from the Internet. Once you do that, you can then use ::1, ::2, ::3 etc. on loopbacks without anywhere near as much risk.

More generally, I think one of the issues that makes these sorts of discussions more complex is the default assumption of global reachability of the nodes with the randomised or non-randomised addresses, and perhaps an assumption that the nodes will only have one address. As IPv6 fully supports multiple concurrent addresses, one option is to use randomised addresses for addresses where they're more valuable (i.e. globals), and non-random where they're less valuable or would create additional complexity (i.e. ULAs).

Perhaps there needs to be an "R" bit added to the RA PIO option that indicates that IIDs that are used within the specified prefix are to be randomised. This would be independent of the A bit, and would be used by what ever address configuration mechanism used to configure addresses within the prefix (e.g. currently SLAAC, possibly others in the future). That would make it possible to have randomised GUAs and non-randomised ULA addresses within a subnet.

> --Jim
> _______________________________________________
> Ipv6hackers mailing list
> Ipv6hackers at lists.si6networks.com
> http://lists.si6networks.com/listinfo/ipv6hackers

More information about the Ipv6hackers mailing list