Understanding IPv6 Unique Local Addresses
IPv6 Unique Local Addresses (ULA) are the IPv6 equivalent of IPv4 private addresses (10.x.x.x, 172.16.x.x, 192.168.x.x). They are designed for use within private networks and organizations, without being routed on the global internet.
ULA Address Structure
ULA addresses fall in the fc00::/7 prefix range, specifically:
fd00::/8— Locally assigned (most common)fc00::/8— Reserved for future centrally assigned use
A complete ULA address has this structure:
fd | Global ID (40 bits) | Subnet ID (16 bits) | Interface ID (64 bits)
The Global ID is randomly generated per organization, providing statistical uniqueness without central coordination.
Why ULA Exists
IPv6 has 340 undecillion possible addresses, so why are private address ranges needed? ULA serves specific purposes:
Stability
ULA addresses remain stable regardless of ISP or network changes. Unlike link-local addresses, ULA persists across reboots and network reconfigurations.
Private Communication
Services that should never be publicly accessible (database servers, internal APIs, management interfaces) should bind to addresses that cannot be reached from the internet.
Multi-Network Scenarios
Organizations with multiple sites can use ULA for inter-site VPN connectivity. A unique Global ID per organization prevents address conflicts when networks are merged.
ULA vs. Other IPv6 Address Types
| Property | Link-Local | ULA | Global Unicast |
|---|---|---|---|
| Scope | Single link only | Organization-wide | Global internet |
| Persistent | Yes | Yes | Yes |
| ISP assigned | No | No | Yes |
| Routable between subnets | No | Yes (within org) | Yes |
| Internet routable | No | No | Yes |
Generating ULA Addresses
The RFC 4193 algorithm for generating ULA Global IDs:
- Obtain current time as 64-bit NTP timestamp
- Concatenate with the EUI-64 identifier of the generating system
- Compute SHA-1 hash
- Use the lowest 40 bits as the Global ID
This approach ensures statistical uniqueness without requiring central registry. The probability of two randomly generated 40-bit IDs colliding is extremely low — acceptable for any practical deployment.
Practical IPv6 Network Setup
Home/Small Office Network
A /48 ULA prefix provides 65,536 possible /64 subnets:
- Main network: first /64 subnet
- IoT devices: second /64 subnet
- Guest network: third /64 subnet
Enterprise Multi-Site
Different subnet blocks can be allocated to different sites within the same /48, enabling clear addressing hierarchy while maintaining organizational cohesion.
Configuring ULA on Common Platforms
ULA addresses can be statically configured on Linux via networkd or ifconfig, advertised via Router Advertisement daemon (radvd), used in Docker IPv6 networks, and set via PowerShell on Windows. Most modern operating systems and networking equipment fully support ULA addressing.
ULA and IPv6 Philosophy
Unlike IPv4 NAT (which hides private addresses behind a public IP), IPv6 philosophy favors end-to-end connectivity with proper firewall policies. Most IPv6-capable devices are dual-stack (having both ULA and Global Unicast addresses), using the appropriate address based on destination.
ULA addresses are filtered at internet borders — packets with ULA source or destination addresses are dropped by properly configured routers, providing a security boundary similar to RFC 1918 in IPv4.
Using the ULA Generator
Our ULA generator tool:
- Generates a cryptographically random Global ID following RFC 4193
- Creates a full /48 prefix ready for subnet allocation
- Shows individual /64 subnets for your chosen number of subnets
- Generates full interface addresses with random host portions
- Copies in standard notation for direct use in configurations
Use ULA for stable, private IPv6 addressing in your networks, homelabs, and containerized environments.