Standardized IPv6 ULA from PublicKey
toke at toke.dk
Mon Jun 29 13:03:40 CEST 2020
Roman Mamedov <rm at romanrm.net> writes:
> On Mon, 29 Jun 2020 12:22:49 +0200
> Toke Høiland-Jørgensen <toke at toke.dk> wrote:
>> Reid Rankin <reidrankin at gmail.com> writes:
>> > Each IPv6 network device is *required* to have a link-local
>> > address by the RFC
>> Given this
> What you quoted is the shakiest statement of the entire proposal. Might be a
> cool idea and all, but I don't think RFCs say anything about "requiring" that
> for point-to-point L3 interfaces, where there's no functioning multicast or
> broadcast to begin with. And it doesn't seem nice that submitter is trying to
> skew facts in their favor like that.
Eh? This is specified pretty clearly in RFC4291, section 2.1:
2.1. Addressing Model
IPv6 addresses of all types are assigned to interfaces, not nodes.
An IPv6 unicast address refers to a single interface. Since each
interface belongs to a single node, any of that node's interfaces'
unicast addresses may be used as an identifier for the node.
All interfaces are required to have at least one Link-Local unicast
address (see Section 2.8 for additional required addresses). A
single interface may also have multiple IPv6 addresses of any type
(unicast, anycast, and multicast) or scope. Unicast addresses with a
scope greater than link-scope are not needed for interfaces that are
not used as the origin or destination of any IPv6 packets to or from
non-neighbors. This is sometimes convenient for point-to-point
interfaces. There is one exception to this addressing model:
A unicast address or a set of unicast addresses may be assigned to
multiple physical interfaces if the implementation treats the
multiple physical interfaces as one interface when presenting it
to the internet layer. This is useful for load-sharing over
multiple physical interfaces.
Currently, IPv6 continues the IPv4 model in that a subnet prefix is
associated with one link. Multiple subnet prefixes may be assigned
to the same link.
The fact that Wireguard doesn't assign one is often a source of
annoyance, and since there already is a unique identifier for each peer
on a link (the public key), I really don't see why wg shouldn't just
assign a LL identifier and be done with it. Sure, have a config knob to
turn it off if you're not using IPv6, but let's make this the default
and have wg devices 'just work' over IPv6 by default.
More information about the WireGuard