{"id":7564,"date":"2022-03-14T13:36:18","date_gmt":"2022-03-14T20:36:18","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7564"},"modified":"2022-03-14T17:20:06","modified_gmt":"2022-03-15T00:20:06","slug":"ula-is-broken-in-dual-stack-networks","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/","title":{"rendered":"ULA is Broken (in Dual-stack Networks)"},"content":{"rendered":"<p>I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014.<\/p>\n<p>As a refresher, ULA is the special reserved prefix of fc00::\/7, which is further divided into fc00::\/8 (which is not supposed to be used) and fd00::\/8 (which is supposed to have randomly assigned \/48 prefixes assigned out of it) and is not routable on the public IPv6 Internet.<\/p>\n<p>Then Tom Coffeen started putting a clearer picture on some real structural and architectural problems with ULA in his two part blog post titled \u201c<a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/3-ways-to-ruin-your-future-network-with-ipv6-unique-local\/\">3 Ways to Ruin Your Future Network with IPv6 Unique Local Addresses (Part 1 of 2)<\/a>\u201d and \u201c<a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/3-ways-to-ruin-your-future-network-with-ipv6-unique-local-addresses-part-2-of-2\/\">3 Ways to Ruin Your Future Network with IPv6 Unique Local Addresses (Part 2 of 2)<\/a>\u201d, which covered:<\/p>\n<ul>\n<li>First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66<\/li>\n<li>Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)<\/li>\n<li>Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8<\/li>\n<\/ul>\n<p>Scott Hogg provided some more clarification around NAT and IPv6 (and when it might be useful) in his recent blog post \u201c<a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists\/\">You Thought There Was No NAT for IPv6, But NAT Still Exists<\/a>\u201d. He also clarifies that ULA isn\u2019t a great architectural design decision when considering leveraging NAT, even if that is the first instinct for those coming from IPv4-only design backgrounds.<\/p>\n<p>All of these are reasonable reasons and explanations of why to not use ULA. But it seems those arguments aren\u2019t being accepted by some who are coming from an IPv4-only network design background. Many want a network design that matches \u201cone for one\u201d in design and architecture what they have deployed in IPv4 with NAT. There are a variety of reasons for this (that aren\u2019t worth going into\u2014read <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc4864\">RFC 4864<\/a>) but let us just assume that NAT is what you want because you are comfortable with it. Because of that, you might overlook all the above arguments and simply declare that your design \u201crequires\u201d ULA.<\/p>\n<p>I want to go further (all the way, in fact) and assert unequivocally why ULA is fundamentally broken and why you should NOT use it at all in your enterprise network\u2014especially not in the manner of matching what you are doing with IPv4-only\u2014with the following statement:<\/p>\n<p><strong>ULA is functionally useless in any IPv6 deployment that has dual-stack operating anywhere.<\/strong><\/p>\n<p>Let that sink in. If you run dual-stack anywhere in your network as part of your IPv6 adoption, ULA will basically not work <em>at all<\/em> for you. So, unless you are one of the very few who are doing greenfield IPv6 deployments that will NEVER have IPv4 running on their networks, this means the above statement applies to YOU. In other words, you CAN\u2019T use ULA unless you want broken IPv6 reachability. Let\u2019s go through why this is the case:<\/p>\n<ol>\n<li>ULA per <a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc6724#section-2.1\">RFC 6724<\/a> is less preferred (the Precedence value is lower) than all IPv4 (represented by ::ffff:0:0\/96 in the table).<\/li>\n<li>Because of the lower Precedence value, if you have IPv4 enabled on a host, it will use IPv4 before using ULA.<\/li>\n<li>Happy Eyeballs (<a href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc8305#section-4\">RFC 8305<\/a>) <em>will not<\/em> change the source address selection process on a host. It will only modify the destination sorting process.<\/li>\n<li>The client will source the traffic from the IPv4 address, meaning it will require a corresponding IPv4 destination address.<\/li>\n<li>Number 4 means that, even with A and AAAA DNS records, a client will choose the A record to get an IPv4 address for the destination<\/li>\n<\/ol>\n<p>Congratulations, you have deployed IPv6 but by using ULA you have a network that only runs IPv4. In other words, ULA is set up and \u201cworking\u201d in your dual-stack network, and you think you have a working IPv6 network, but the result is that NO IPv6 traffic is going across the network. So why bother deploying ULA at all?!<\/p>\n<p>Yes, it is theoretically possible to change the Precedence value of ULA in the Prefix Policy Table on hosts. But you would have to do this on EVERY host in your network. Further, it might not be possible to even modify it on some devices in the network\u2014think IoT, printers, video cameras, embedded devices, etc. The effort to make that change versus just using GUA is not worth it from a technical debt standpoint.<\/p>\n<p>Let\u2019s now move on to the use case of IPv6-only networks. With no IPv4 to preempt ULA addresses, it should be possible to use them successfully. If a ULA address is the only address available on a host, it should source the traffic from that address every time, which means IPv6 should work as expected.<\/p>\n<p>Here we arrive at all the same arguments we started with at the beginning of this post that Tom and Scott articulated in their blogs on ULA\u2013namely, that the NAT66 + ULA design option is not gaining you any advantage. The pseudo-randomization of ULA Global IDs to form unique \/48s (<a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc4193.html#section-3.2\">RFC 4193<\/a>) will cause long-term scaling issues or, if ignored, potentially overlapping ULA address space (something with private IPv4 we have been trying to fix from the very beginning by using IPv6).<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7565 size-full\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/SRH-1.png\" alt=\"\" width=\"624\" height=\"379\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/SRH-1.png 624w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/SRH-1-300x182.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/p>\n<p style=\"text-align: center;\">Figure 1 \u2013 Random ULA \/48 Breaking Summarization<\/p>\n<p>All of these are serious pitfalls that arise when attempting to use ULA. The simple and more elegant answer is to simply leverage Global Unicast Addresses. This was their intended purpose, by design! IPv6 was architected and designed from the very beginning so that ALL hosts would have a GUA for the purpose of connecting to a given network. Trying to work around this fundamental design assumption will only hurt your design and make your operational issues worse. Don\u2019t take on the technical debt of using ULA in your network, as the cost will be several times higher than simply using GUA.<\/p>\n<p>Don\u2019t be one of those network architects who ruins your IPv6 deployment; stay away from ULA. It will cripple your IPv6 adoption as you move through dual-stack to IPv6-only and make the transition much harder. In addition, you won\u2019t be able to run or test any IPv6 traffic where IPv4 is also running (i.e., most environments) which means you are gaining no operational experience using IPv6.<\/p>\n<p>Also, for those running IPv6-only networks, you have additional considerations. There is one issue with IPv6-only (or IPv4-only networks) and Windows. Windows has a dual IP layer design for its network stack.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-7566 aligncenter\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/SRH-2.png\" alt=\"\" width=\"624\" height=\"238\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/SRH-2.png 624w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/SRH-2-300x114.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/p>\n<p>For Windows, this means it is not possible to turn off IPv6 or IPv4 in the networking stack. For Windows, even in IPv6-only network deployments, the host will still have an IPv4 address. It will have one because it will leverage the Automatic Private IP Addressing (APIPA) address range of 169.254.0.0\/16 and auto-provision an IPv4 address on the host interface. For Linux and MacOS, it is possible to turn off the IPv4 stack and run in a true IPv6-only setup. The result is that you could have some very inconsistent behavior in some situations with Windows hosts during boot and initial setup. This could be very disruptive when trying to bring systems online.<\/p>\n<p>The reverse is true also. In IPv4-only networks, the Windows host will automatically provision an IPv6 link-local address and start doing basic name discovery on the local link. This means Windows hosts will use Link Local Multicast Name Resolution (LLMNR) to discovery other Windows hosts and will exchange information via IPv6. Remember, IPv6 is on by default and is preferred by all operating systems, not just Windows. So even in IPv4-only networks today, there is still a lot of link-local IPv6-related traffic happening\u2014often unbeknownst to the technical team operating both the network and hosts! Therefore, it is critical to understand the default setting for the OS and how the network is set up. Fire up a packet sniffer and see what IPv6 traffic you already have going on in your network. You might be surprised!<\/p>\n<p>You can find me on twitter as <a href=\"https:\/\/twitter.com\/ehorley\">@ehorley<\/a> and remember\u2026<\/p>\n<p>IPv6 is the future, and the future is now!<\/p>\n<p>&#8211; Ed<\/p>\n<p>Ed Horley\u00a0<a href=\"https:\/\/twitter.com\/scotthogg\">(<\/a><a href=\"https:\/\/twitter.com\/ehorley\">@ehorley<\/a>) is CEO of\u00a0<a href=\"https:\/\/hexabuild.io\/\">HexaBuild.io<\/a>, an IPv6 consulting and training company.\u00a0 Ed is Co-chair of the California IPv6 Task Force (<a href=\"https:\/\/www.cav6tf.org\/\">CAv6TF<\/a>) and authored the Apress Press book on\u00a0<a href=\"https:\/\/www.apress.com\/gp\/book\/9781430263708\">Practical IPv6 for Windows Administrators<\/a>.\u00a0 He co-hosts the <a href=\"https:\/\/packetpushers.net\/series\/ipv6-buzz\/\">IPv6 Buzz Podcast<\/a> on the Packet Pushers. Follow HexaBuild on\u00a0<a href=\"https:\/\/twitter.com\/hexabuild\">Twitter<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/hexabuild\">LinkedIn<\/a>.<\/p>\n<p>Previous Infoblox IPv6 COE blog posts about ULA:<\/p>\n<p>Oct, 2013 &#8211; <a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/ipv6-within-the-context-of-the-big-things-happening-in\/\">https:\/\/blogs.infoblox.com\/ipv6-coe\/ipv6-within-the-context-of-the-big-things-happening-in\/<\/a><\/p>\n<p>Jan, 2014 &#8211; <a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/ipv6-ula-and-nat-is-it-better-than-global-unicast\/\">https:\/\/blogs.infoblox.com\/ipv6-coe\/ipv6-ula-and-nat-is-it-better-than-global-unicast\/<\/a><\/p>\n<p>Feb, 2016 &#8211; <a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/3-ways-to-ruin-your-future-network-with-ipv6-unique-local\/\">https:\/\/blogs.infoblox.com\/ipv6-coe\/3-ways-to-ruin-your-future-network-with-ipv6-unique-local\/<\/a><\/p>\n<p>Apr, 2016 &#8211; <a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/the-headache-of-ipv6-readdressing-and-the-potential-for-ula\/\">https:\/\/blogs.infoblox.com\/ipv6-coe\/the-headache-of-ipv6-readdressing-and-the-potential-for-ula\/<\/a><\/p>\n<p>Apr, 2016 &#8211; <a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/3-ways-to-ruin-your-future-network-with-ipv6-unique-local-addresses-part-2-of-2\/\">https:\/\/blogs.infoblox.com\/ipv6-coe\/3-ways-to-ruin-your-future-network-with-ipv6-unique-local-addresses-part-2-of-2\/<\/a><\/p>\n<p>Dec, 2021 &#8211; <a href=\"https:\/\/blogs.infoblox.com\/ipv6-coe\/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists\/\">https:\/\/blogs.infoblox.com\/ipv6-coe\/you-thought-there-was-no-nat-for-ipv6-but-nat-still-exists\/<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. As a refresher, ULA is the special reserved prefix of fc00::\/7, which is further divided into fc00::\/8 (which is not supposed [&hellip;]<\/p>\n","protected":false},"author":323,"featured_media":2596,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[17],"tags":[659,411,38,660],"class_list":{"0":"post-7564","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ipv6-coe","8":"tag-ula","9":"tag-dual-stack","10":"tag-ipv6","11":"tag-unique-local-addresses","12":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.4 (Yoast SEO v26.4) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ULA is Broken (in Dual-stack Networks)<\/title>\n<meta name=\"description\" content=\"ULA is Broken (in Dual-stack Networks). I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ULA is Broken (in Dual-stack Networks)\" \/>\n<meta property=\"og:description\" content=\"ULA is Broken (in Dual-stack Networks). I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-14T20:36:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-15T00:20:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ed Horley\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ed Horley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\"},\"author\":{\"name\":\"Ed Horley\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b09ec2fd0a273ea1cb94ae2fd98232f9\"},\"headline\":\"ULA is Broken (in Dual-stack Networks)\",\"datePublished\":\"2022-03-14T20:36:18+00:00\",\"dateModified\":\"2022-03-15T00:20:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\"},\"wordCount\":1482,\"publisher\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg\",\"keywords\":[\"ULA\",\"Dual Stack\",\"IPv6\",\"unique local addresses\"],\"articleSection\":[\"IPv6 CoE\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\",\"url\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\",\"name\":\"ULA is Broken (in Dual-stack Networks)\",\"isPartOf\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg\",\"datePublished\":\"2022-03-14T20:36:18+00:00\",\"dateModified\":\"2022-03-15T00:20:06+00:00\",\"description\":\"ULA is Broken (in Dual-stack Networks). I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8\",\"breadcrumb\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage\",\"url\":\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg\",\"contentUrl\":\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg\",\"width\":660,\"height\":454,\"caption\":\"IPv6 websites to help you with your adoption initiative - Part 1: IPv6 Statistics\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.infoblox.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"IPv6 CoE\",\"item\":\"https:\/\/www.infoblox.com\/blog\/category\/ipv6-coe\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"ULA is Broken (in Dual-stack Networks)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/#website\",\"url\":\"https:\/\/www.infoblox.com\/blog\/\",\"name\":\"blog.infoblox.com\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\/\/www.infoblox.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b09ec2fd0a273ea1cb94ae2fd98232f9\",\"name\":\"Ed Horley\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/blog-ed-horley-96x96.jpg\",\"contentUrl\":\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/blog-ed-horley-96x96.jpg\",\"caption\":\"Ed Horley\"},\"description\":\"Ed Horley (@ehorley) is a Co-founder and CEO of HexaBuild.io, an IPv6 consulting and training company. Ed is Co-chair of the California IPv6 Task Force (CAv6TF) and authored the Apress Press book Practical IPv6 for Windows Administrators and two IPv6 courses on Pluralsight. He is also the co-host of the IPv6 Buzz Podcast on the PacketPushers. Follow HexaBuild on Twitter and LinkedIn and let us help you advance cloud, IoT and security with IPv6!\",\"sameAs\":[\"https:\/\/hexabuild.io\"],\"url\":\"https:\/\/www.infoblox.com\/blog\/author\/ed-horley\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ULA is Broken (in Dual-stack Networks)","description":"ULA is Broken (in Dual-stack Networks). I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/","og_locale":"en_US","og_type":"article","og_title":"ULA is Broken (in Dual-stack Networks)","og_description":"ULA is Broken (in Dual-stack Networks). I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8","og_url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/","og_site_name":"Infoblox Blog","article_published_time":"2022-03-14T20:36:18+00:00","article_modified_time":"2022-03-15T00:20:06+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg","type":"image\/jpeg"}],"author":"Ed Horley","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ed Horley","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/"},"author":{"name":"Ed Horley","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b09ec2fd0a273ea1cb94ae2fd98232f9"},"headline":"ULA is Broken (in Dual-stack Networks)","datePublished":"2022-03-14T20:36:18+00:00","dateModified":"2022-03-15T00:20:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/"},"wordCount":1482,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg","keywords":["ULA","Dual Stack","IPv6","unique local addresses"],"articleSection":["IPv6 CoE"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/","url":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/","name":"ULA is Broken (in Dual-stack Networks)","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg","datePublished":"2022-03-14T20:36:18+00:00","dateModified":"2022-03-15T00:20:06+00:00","description":"ULA is Broken (in Dual-stack Networks). I first started outlining some of the difficulties with Unique Local Addresses (ULA, RFC 4193) in the blog post \u201cIPv6 ULA and NAT. Is It Better Than Global Unicast?\u201d back in January of 2014. First: Why you shouldn\u2019t reflexively deploy ULAs and NAT66Second: How failing to randomize ULA prefixes could cause problems (and cause you to end up DEAD:BEEF!)Third: Understanding the differences between fc00::\/7 vs. fc00::\/8 vs. fd00::\/8","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/479422010-660x454-2.jpg","width":660,"height":454,"caption":"IPv6 websites to help you with your adoption initiative - Part 1: IPv6 Statistics"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/ipv6-coe\/ula-is-broken-in-dual-stack-networks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"IPv6 CoE","item":"https:\/\/www.infoblox.com\/blog\/category\/ipv6-coe\/"},{"@type":"ListItem","position":3,"name":"ULA is Broken (in Dual-stack Networks)"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"blog.infoblox.com","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b09ec2fd0a273ea1cb94ae2fd98232f9","name":"Ed Horley","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/blog-ed-horley-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/blog-ed-horley-96x96.jpg","caption":"Ed Horley"},"description":"Ed Horley (@ehorley) is a Co-founder and CEO of HexaBuild.io, an IPv6 consulting and training company. Ed is Co-chair of the California IPv6 Task Force (CAv6TF) and authored the Apress Press book Practical IPv6 for Windows Administrators and two IPv6 courses on Pluralsight. He is also the co-host of the IPv6 Buzz Podcast on the PacketPushers. Follow HexaBuild on Twitter and LinkedIn and let us help you advance cloud, IoT and security with IPv6!","sameAs":["https:\/\/hexabuild.io"],"url":"https:\/\/www.infoblox.com\/blog\/author\/ed-horley\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/323"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7564"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7564\/revisions"}],"predecessor-version":[{"id":7568,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7564\/revisions\/7568"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2596"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}