IPv6 is the next-generation internet protocol, designed to replace IPv4. While numerous technical and economic stop-gap measures have been developed and utilized to extend the usable life of IPv4, such as network address translation (NAT) or the secondary IPv4 procurement market, full transition to IPv6 is the only viable option to ensure future growth and innovation. The question is no longer if but when and how providers plan to support IPv6 to allow customers to best apply the new capabilities an IPv6-enabled architecture affords.
The primary benefit of IPv6 is that the address space is so massive that it can be economically procured with plenty of addresses to go around: 3.4 x 1038, 340 trillion trillion trillion, or 340 undecillion IP addresses. Statistics indicate that’s enough to allocate 47 octillion unique addresses for every person and 45 quintillion unique addresses for each grain of sand on the planet.
Although these numbers are hard to verify, IPv6 provides a massive IP space. With an abundance of available IP addresses, IPv6 was also designed for different IP types to transmit packets within different scopes. While IPv4 also supported IPs with different scopes, it required NAT, which introduced complexity, scaling challenges, performance degradation, and a false sense of security. This IETF document explains in more detail.
As an enhancement to our existing IPv6 and Bring Your Own IP (BYOIP) BYOIPv6 capabilities, we’re excited to announce the availability of IPv6 unique local addressed (ULA) and multiple prefixes in Oracle Cloud Infrastructure (OCI).
Introducing ULA and multiple prefixed in OCI
You can now enable IPv6 in your OCI virtual cloud networks (VCNs) and utilize global unicast addresses (GUA) provided by Oracle, BYOIP GUA addresses that you own and import, and unique local addresses (ULA). Oracle allows you to assign multiple prefixes to a VCN and subnet and assign IPv6 addresses from multiple prefixes to a resource.
GUAs mean that these addresses are globally unique and can be routed across the global internet scope. In OCI, you can use GUA prefixes provided by Oracle or import and use your owned GUA prefixes with BYOIP.
ULAs are also designed to be globally unique but are intended for use within an administratively defined local scope. This local scope can span multiple sites if the network administrator has centrally managed assignment of addresses from this range to hosts and the disparate networks are privately connected. These addresses aren’t intended to be routed across the public internet.
Internet restriction, IP consistency, and network autonomy
Enterprises have concerns that sensitive data might fall into the wrong hands. To limit exposure, many enterprises restrict which hosts can connect to the internet. The use of ULA is an ideal solution for these customers because ULA prefixes aren’t advertised on the internet.
Use of ULA can also help customers migrate their workloads from on-premises data centers to the cloud. Like BYOIP, the use of ULA allows customers to keep their IPs consistent before and after migration and avoid the pain of readdressing and connectivity disruption.
The benefit of multiple prefix support is network autonomy. Configuration of multiple addresses from distinct prefixes covering different scopes on a host interface allows for granular administration of routing and security policy per scope. With IPv6, each scope represents an autonomous network.
| IP protocol | Internet connectivity | Address collisions |
|---|---|---|
| Public IPv4 | Yes | No |
| Private IPv4 | No | Yes |
| IPv6 ULA | No | No* |
| IPv6 GUA | No | No |
While ULA was designed to be globally unique through use of pseudo-random algorithms to generate IPs, no central registry exists to validate and assure uniqueness today. For ULA addresses, you’re encouraged to apply the prescribed methodology to generate pseudo-random IPs for local assignment. If using this methodology, you have an extremely high probability of address uniqueness without a central registry.
Oracle IPv6 is a best practice
Unlike private IPv4 addresses, ULA addresses weren’t defined with the idea that they translate into GUA at the edge. Instead, ULA addresses can be configured on a host interface in addition to GUA addresses with each address routed and secured according to its scope: ULA addresses within an administrative private network (not routed on the internet) and GUA addresses for internet traffic.
While GUA addresses are inherently internet routable, packets addressed with GUA don’t necessarily traverse the public internet. Many customers utilize GUA addresses for both private connectivity and external connectivity. Oracle makes this goal easy to achieve through a subnet-level attribute that designates the subnet as private or public. IPv6 addressed resources in private subnets are protected from internet connectivity, regardless of whether they’re addressed with GUA or ULA.
In public subnets, IPv6 addressed resources can be accessed from the internet if they’re assigned a GUA and aren’t internet accessible if addressed with ULA. Through a combination of subnet attributes, security rules, routing rules, and gateways, you have the flexibility to specify and control access and security policy for your IPv6 compatible applications hosted in OCI.
What’s your IPv6 strategy?
With this latest release of multiple prefix support in OCI, you can take advantage of the benefits of IPv6 and manage your networks in the way that best suits your business. We have customers using Oracle-provided GUAs only and others using both BYOIP and Oracle-allocated IPs on their hosts. Some customers prefer to use ULAs as independent addresses to connect most of their network infrastructure with GUAs only on hosts that need external connectivity. Customers can assign up to five IPv6 prefixes to a VCN, up to three prefixes to a subnet, and IPs from multiple prefixes to a resource.
Check it out and let us know how you’re using or planning your IPv6 strategy. For more information, see IPv6 Addresses in the documentation.