IPv6 Unique Local Address (ULA) is a type of address intended for local communication within a private network. It is similar in purpose to the IPv4 private address ranges (like 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), which are used for internal networking without being routable on the global internet.
Table of Contents
IPv6 ULA Fundamental
IPv6 ULA versus LLA and GUA
In previous lessons, we covered Link-Local Addresses (LLAs), which are unique within a single network link and used for link local communication, and Global Unicast Addresses (GUAs), which are unique across the entire internet and facilitate global communication.
Additionally, there is another type of IPv6 unicast address known as Unique Local Addresses (ULAs). ULAs are unique within a private network or enterprise and are used for internal communication within that network. They function similarly to IPv4 private addresses, providing a means for devices to communicate internally without being accessible from the global internet.
| Address Type | Scope | Usage | Routability | Similarity to IPv4 |
|---|---|---|---|---|
| Link-Local Address (LLA) | Local network segment (link) | Used for communication within the same local link (e.g., Ethernet VLAN) | Not routable beyond the local link | None |
| Unique Local Address (ULA) | Private network or site | Used for communication within a private network or site, not reachable from the global internet | Not routable on the global internet, but unique within the private network | Similar to IPv4 private addresses (e.g., `10.0.0.0/8`, `192.168.0.0/16`) |
| Global Unicast Address (GUA) | Global internet | Used for communication with devices globally over the internet | Routable globally on the internet | Similar to IPv4 public addresses |
IPv6 ULA versus IPv4 Private address
While both IPv4 private addresses and IPv6 Unique Local Addresses (ULAs) are used for internal addressing within private networks, there is a key difference in how they interact with the internet. In IPv4, private addresses can still reach or be reachable over the internet by using Network Address Translation (NAT). However, in IPv6, NAT is not typically used, which means that nodes with ULAs cannot directly access the internet or be reached from it, as ULAs are not routable on the global internet.
As a result, unlike IPv4 where private addresses are widely used in conjunction with NAT for both internal and external communication, IPv6 ULAs are primarily used in scenarios where internet connectivity is not required, focusing solely on internal communication. In many IPv6 networks, ULAs are used alongside Global Unicast Addresses (GUAs): ULAs for internal communication and GUAs for external communication, ensuring that devices can function both within the private network and on the global internet.
| Address Type | Scope | Internet Interaction | Typical Usage | Example |
|---|---|---|---|---|
| IPv4 Private Address | Private network | Can reach or be reachable over the internet using Network Address Translation (NAT) | Used for both internal and external communication, with NAT enabling internet access | 192.168.1.1 (private address behind NAT) |
| IPv6 Unique Local Address (ULA) | Private network | Cannot access or be accessed from the internet; not routable globally | Primarily used for internal communication within a private network; not intended for internet access | fd12:3456:789a::1 (internal communication address) |
IPv6 ULA prefix
The IPv6 address prefix fc00::/7 is used for unique local addresses (ULAs). A subset of this prefix, fd00::/8, is commonly used for private addressing.
Since the remaining 120 bits of a unique local address are completely under our control, we can adopt the design principles used for unique global addressing for ULAs. This approach can simplify the identification and troubleshooting of addresses.
For example, if we have 2003:c1::/32 as the prefix allocated by a Regional Internet Registry (RIR) and use the bits up to /64 to indicate location and services, we can apply the same design rule to the fd00::/8 unique local address prefix. Thus, the equivalent of 2001:c1:baba:bebe::/64 in global addressing can be fd00:0:baba:bebe::/64 in private addressing.
| Aspect | Global Addressing Example | Unique Local Addressing Example |
|---|---|---|
| Prefix | 2003:c1::/32 | fd00::/8 |
| Subnet Range | 2003:c1:0000:0000::/64 - 2003:c1:ffff:ffff::/64 | fd00:0000:0000:0000::/64 - fd00:ffff:ffff:ffff::/64 |
| Example Subnet | 2003:c1:baba:bebe::/64 | fd00:0:baba:bebe::/64 |
| Purpose | Global use, routable on the internet | Private use, not routable on the internet |
IPv6 Unique Local Addressing Configuration Example
To provide a configuration example, let’s consider an enterprise with a central office and two branch offices. The prefix 2003:c1::/32 is the global prefix assigned by the RIR to the enterprise. The enterprise uses 2003:c1:1::/64 and 2003:c1:2::/64 for addressing Branch1 and Branch2, respectively. The prefixes 2003:c1:0:1::/64 and 2003:c1:0:2::/64 are designated for the links between the central office and the two branches.
Interface identifiers are manually configured as .100 for all interfaces connected to the central office, .1 for all interfaces connected to Branch1, and .2 for those connected to Branch2.
For Unique Local Addressing (ULA), which is the primary focus of this section, we will apply the same design principles. Specifically, fd00::/8 will serve as the ULA prefix. The remaining 120 bits of the ULA address will mirror the structure of the global address. For instance, the second 32 bits of the global unique address (the third and fourth sections) will be reused exactly in the ULA, allowing for consistent and easily identifiable addressing across both global and local scopes.
# Central interface Ethernet0/0 no shutdown ipv6 address 2003:C1:0:1::100/64 ipv6 address FD00:0:1::100/64 ! interface Ethernet0/1 no shutdown ipv6 address 2003:C1:0:2::100/64 ipv6 address FD00:0:2::100/64 # Branch1 interface Ethernet0/0 no shutdown ipv6 address 2003:C1:0:1::1/64 ipv6 address FD00:0:1::1/64 ! interface Loopback0 ipv6 address 2003:C1:1::1/64 ipv6 address FD00:1::1/64 # Branch2 interface Ethernet0/0 no shutdown ipv6 address 2003:C1:0:2::2/64 ipv6 address FD00:0:2::2/64 ! interface Loopback0 ipv6 address 2003:C1:2::2/64 ipv6 address FD00:2::2/64