Adding IPv6 private address range to the Home Networks

Started by Diggy, March 12, 2026, 07:12:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 12, 2026, 07:12:07 PM
We are using private IPv6 addresses along with IPv4 addresses on our local network.  I noticed that the IPv6 range "fc00::0/7" is not included in the default Home Networks list.  Why?  Does "Home Networks" not apply to IPv6?  Are there any special considerations when adding "fc00::0/7" to the Home Networks list?

In advance, thanks for guidance on this matter.
March 12, 2026, 07:55:51 PM #1
Link local IPv6s fe80::/64 don't need blocking, since they won't be routed anyway.


However, I did add my static /48 prefix I got from my ISP to my "local Network" alias, so that traffic to other VLANs is blocked.
March 12, 2026, 08:14:41 PM #2
fc00::/7 is ULA, not link local.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 13, 2026, 01:18:22 PM #3
True. But I assume that the clients only get link lokal from RA?
March 13, 2026, 01:34:29 PM #4
The OP stated that they are using ULA and asked if they should add that address range to the "Home Networks" list. I don't understand why you mention link local at all?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 13, 2026, 04:04:35 PM #5
my bad, I just assumed OP is only using RA
March 13, 2026, 05:21:48 PM #6
Maybe they are using RA to distribute ULA ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 13, 2026, 09:05:03 PM #7
Quote from: Patrick M. Hausen on March 13, 2026, 05:21:48 PMMaybe they are using RA to distribute ULA ...
Static IPv6 ULA addresses for servers, DHCP ULA via RA for workstations.
March 14, 2026, 10:54:50 AM #8
Might be a naive question and I am not an IPv6 expert, but why use ULA at all and bother with NAT66?

Why not use either LL because it does not have to be routed, or use GUA and block the static prefix you got to block inter VLAN communication?
Today at 08:25:02 AM #9 Last Edit: Today at 03:39:12 PM by Mpegger
Quote from: Diggy on March 12, 2026, 07:12:07 PMWe are using private IPv6 addresses along with IPv4 addresses on our local network.  I noticed that the IPv6 range "fc00::0/7" is not included in the default Home Networks list.  Why?  Does "Home Networks" not apply to IPv6?  Are there any special considerations when adding "fc00::0/7" to the Home Networks list?

In advance, thanks for guidance on this matter.

Why? Because fc00: shouldn't be use for ULA. Use a proper ULA calculator like this proper ULA generator (see my following post for generators that work properly) which explains in detail how it generates the ULA.
Today at 10:50:55 AM #10
fc00::/7 is the entire ULA range. Nowhere did the OP state they were using fc00::/64 verbatim.

Could someone please answer the question if the ULA range should be added to the home networks for IDS instead of derailing the discussion with not even correct IPv6 advice.

I cannot, because I do not run IDS. Just trying my best to correct what is written here. Link local wasn't a topic. ULA is. And just like you place e.g. 192.168.0.0/16 into the home networks for IPv4 even when usin only a single /24 out of that, it's a perfectly legitimate question if you should add fc00::/7 because you are using a random /64 out of that range like you should.

So what is it: ULA into home networks or not?

My best guess is yes, of course.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 03:37:38 PM #11
It's my understanding that fc00:: is not officially part of the LAN only routable range as it is still possible it could be assigned in the future, however miniscule (improbable? not in any of our lifetimes?) that possibility may be. Hence fc00::0/7 should not be used. fd00::0/8 is the official range to be used for LAN routeable only ULAs and is why I responded with using a proper ULA calculator. The OP can then use the calculated fdxx:xxxx:xxxx::/48 address for thier own network, or fd00::0/8 if they have plans in the future of merging thier LAN with another LAN using ULAs.

Also, use this calculator or this calculator (automatically enters your MAC). The one I linked previously appears to give out borked addresses.
Today at 03:54:31 PM #12
You are correct that the use of fc00::/8 is currently not defined while fd00::/8 is reserved for locally defined unique local addresses. Yet still the entire block of fc00::/7 is reserved for ULA.

And again we are again discussing miniscule details of the IPv6 addressing schemes and nobody seems to want to answer the question if you should put the ULA you are using into the home networks ... 🙄
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 04:04:18 PM #13
Quote from: Patrick M. Hausen on Today at 03:54:31 PMAnd again we are again discussing miniscule details of the IPv6 addressing schemes and nobody seems to want to answer the question if you should put the ULA you are using into the home networks ... 🙄

Isn't that what I just said in my previous post? Or do I need to specifically point it out and not assume the OP can't infer to use that result in thier Intrusion Detection Home Networks?

I get my post before that one was vague, but again, one should be able to infer the answer from that.
Print
Go Up Pages1
User actions