[PATCH] base-files: Don't enable ULA IPv6 addresses by default in new config

Baptiste Jonglez baptiste at bitsofnetworks.org
Fri Sep 9 00:29:42 PDT 2022


On 08-09-22, Michael Richardson wrote:
> >>>>> Baptiste Jonglez <git at bitsofnetworks.org> writes:
>     > ULA IPv6 prefixes (Unique Local Addresses, RFC 4193) are not routable
>     > on the Internet.  As such, they have very limited use, and enabling
>     > them by default causes more problems than it solves:
>     > - if an OpenWrt device already has external IPv6 connectivity with
>     > globally routable addresses, then ULA addresses are not useful.
> That's just not the case.
> ULAs are intended to be the IPv6 version of RFC1918, useable for local
> communications.
> Please go read RFC7084.
> ULAs are required, and OpenWRT has been a leader here.

Thanks for the pointer, I had forgotten about this one.

I just read it again.  ULAs should be supported, but there is no hard
requirement to use them by default.  Even ULA-1 is a SHOULD, not a MUST,
and it's only about generating a ULA prefix.

I see two main arguments for ULAs in this RFC:

1) Section 3.2.1: allowing local IPv6 communication when the home router
   manages several links and there is no global IPv6 connectivity.  If
   there is a single link, then the RFC agrees that "link-local addressing
   can be used instead".  This is a good use-case for ULAs, but I'm not
   sure whether the multi-link situation is really common, and if there
   are any applications that can take advantage of ULAs in this specific
   case.  In other words: how can clients coordinate when they are in
   different links and they have no global connectivity?  That does not
   sound easy.

2) Section 3.1: stability of local addresses, even when the global prefix
   delegated by the ISP might change.  This may work for IPv4 (
   is stable and well-known), but that argument doesn't fly for IPv6: who
   would use "well-known" raw ULA IPv6 addresses?  Stable identifiers
   belong in the DNS, not in the IP layer.

Actually, my main concern about ULA is that they don't get enough exposure
among developers and power users, resulting in the kind of bugs I
mentioned going unnoticed and unfixed, which is not good for a default-on
feature.  As a matter of fact, I always disable ULA on my OpenWrt builds
(personal taste), and I suspect several other OpenWrt developers do the

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20220909/9a4eba65/attachment.sig>

More information about the openwrt-devel mailing list