Public Communications Rejecting Public IP Addresses

Overview/Rationale

One remaining problem is common: the Internet may not accept certain traffic. Quite commonly, IPv4 traffic will be broken because the Internet will not accept the usage of the common “private” IPv4 ranges described by IETF BCP 5 (commonly referred to as the RFC 1918 address ranges). These address ranges are:

10/8 172.16/12 192.168/16. For IPv6, the fd00::/8 range may have equivilent issues with communicating with public addresses, as could the fec0::/10 address range. range).

For the address ranges that were just specified, the solution is to use NAT. (Typically, people concede that NAT is simply expected for most IPv4 communication. For IPv6 communication, opponents of private addressing may argue that avoiding those address ranges may be better than trying to use NAT to make those address ranges work. This guide does not take that stance, but does say that people are welcome to use public IPv6 addresses if they can pull that off.

People wanting to communicate with the public IPv6 Internet with a link-local address, which starts with “fe80:” (and is in the fe80::/64 address range) are not following the intended design. The widely recognized intended design for some of these addresses involves using the fe80::/64 address range only for “link-local” communications. Communication with the rest of the Internet is not “link-local”. The intended solution is to have a device use more than one IPv6 address, including at least one which is not “link-local”. The idea of having multiple IPv6 is well-established by RFC 4291 (“IP Version 6 Addressing Architecture”) section 2.8: “A Node's Required Addresses”. Similarly, the the 169.254/16 address range link-local addresses is not intended to work well for these types of communications, and using NAT with those addresses would be considered a violation of standards.

Getting most of these addresses to work (not counting the “link-local” addresses, which are not supposed to work) involves setting up NAT on the physical box. (Or, provide the firewall with a public IP address, and run NAT from there.)

(Details are not currently provided...)