[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

Douglas Otis dotis at mail-abuse.org
Tue Mar 20 23:28:44 CET 2012

On 3/20/12 2:37 PM, Owen DeLong wrote:
>  On Mar 20, 2012, at 2:34 PM, Tim Chown wrote:
>  On 17 Mar 2012, at 22:55, Owen DeLong wrote:
> >>
> >> ULA brings nothing meaningful to the table.
> >
> > There is an I-D on ULA usage, see
> > http://tools.ietf.org/html/draft-liu-v6ops-ula-usage-analysis-02.
> > I would assume the authors would like feedback.
> >
> > Having ULA-ULA communication in a homenet is a good thing if that
> > means internal connections are not dropped if the accompanying
> > global prefix changes.
> >
>  A better solution is to provide some internal persistence on global
>  prefixes in the absence of external communication.
>  Yes, you'll still drop internal connections on a renumber event, but,
>  that can be handled gracefully enough so as not to be of sufficient
>  concern to merit the drawbacks of using ULA.
> > In the homenet scenario, it seems some LLN vendors say they only
> > want to use ULAs.
>  Herein lies the real hazard of ULA. Forcing NPT into the world is a
>  really really really bad thing.

Dear Owen,

I agree with Tim.  While NPTv6 should be avoided, there are situations 
that arise when dealing with IPv4 NATs.  
http://tools.ietf.org/html/rfc6281#page-11 also makes this point by 
using ULAs leverage IPv6 as a method for ensuring unique local 
identifiers able to retain security associations.  In this case, the 
identifier lifetime needs to exceed that of any TCP connection or 
Security Association running on the host.  The HIP alternative may not 
be supported.

Douglas Otis

More information about the Ipv6hackers mailing list