The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

Speaking IPv6–Privately

I’ve been thinking deep thoughts about IPv6 recently. One thought occurred to me recently: what about the concept of private addresses? In IPv4, we have the concept of RFC1918, which defines several blocks of IP addresses for private, non-Internet use. Did they think about this in IPv6?

Turns out they did: RFC4193. The prefix FC00::/7 has been set aside as Unique Local IPv6 Unicast Addresses. This accounts for roughly 0.781% of the total available IPv6 address space, which is still a lot of addresses. In fact, it works out to roughly 2.2 trillion /48 networks, each of which could be used to allocate 65,356 /64 networks (the smallest recommended network size in IPv6), on which each network can have more than 18 quintillion individual addresses (or the square of the entire IPv4 address space)!

That’s a lot of addresses. Not that anyone will come anywhere near putting that many hosts on a single subnet, but it does leave a lot of room to solve a common problem when interconnecting private networks with a VPN–address collisions.

After the first 8 bits of a private IPv6 address, the next 40 bits are designed as a global ID. Even though each site will generate this independently, assuming they generate their global ID randomly, the odds that any two sites who might interconnect will have the same global ID is roughly 1 in 1.81 trillion. Even if 100 sites connect together, the odds of any two sites colliding is roughly 1 in 4.5 billion.

The next 16 bits of the IP are the subnet ID, so within a particular global ID, you have 65,536 subnets. That’s a lot of networks!

Of course, you still have the same challenge in IPv6 that you have with IPv4 when it comes to private addresses: if privately addressed machines need to talk to the Internet, you will still need to employ NAT. I don’t know that NAT is inherently more difficult in IPv6 than IPv4, but it does require more resources–the IP addresses are a lot bigger. However, despite having more than enough addresses for everyone to have a public, Internet routable IP, NAT will never completely go away.

#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.