Comment by Dagger2

3 days ago

You don't need NPTv6 to use ULA. Just use both ULA and the dynamic prefix from your ISP. The latter is handled automatically by DHCPv6-PD, and if you're only using it for outbound connections then it changing isn't going to break anything.

I'd say this is actually elegant, compared to NPTv6 which is a kludge and will break things (and isn't well-supported anyway).

1 comment

Dagger2

Reply
ninkendo  3 days ago

I definitely do both ULA and GUA at home, but this only really works well to the degree that the OS will prefer the ULA when connecting to things. Like if I want to put hostnames in netgroups, I need reverse DNS to work (which only works if the client is using the ULA address I expect.) In fact the whole idea of reverse lookups working and having expected hostnames show up where you want them to (logs, etc) really depends on not only using ULA for connections, but using the stable address and not the privacy address, which can also cause issues.

For the most part it works today, if I stick to using ULA’s only in my zone file, and configure hosts to prefer the DHCPv6-provided ULA for connections in the ULA subnet, it’s fine. But suddenly if you connect to somehost.local instead of somehost.fqdn, the machine picks a GUA source address and you’re back to being unpredictable.

So although I say I want to use NPTv6 and be ULA-only, I don’t actually do that today, so I’m not super familiar with the downsides to the approach. But it does sound a lot cleaner to me in theory.

> if you're only using it for outbound connections then it changing isn't going to break anything.

A prefix change absolutely does break things in a lot of setups though. It happens something like:

- Your router reboots unexpectedly (no time to rescind the RA)

- Router comes up and gets a new prefix, starts advertising it

- Clients are brain dead and continue using the old prefix when making outbound connections.

I’ve had this happen and both Apple devices and Linux devices (I had no Windows machines) kept using the old prefix until I went around and rebooted them. So connecting to any IPv6 WAN address would fail, and only IPv4 was saving me from my internet being down until I went and manually rebooted everything.

There have since been RFC’s that come up with recommendations for routers to keep a stateful log of old prefixes, so that they can rescind them (advertise a zero TTL) when a new prefix arrives… but afaict none of them actually do this.