I'm curious about what people's perception of valid link-local
addresses is; that is, what specifically makes a valid link-local
The top portion of RFC 4291 lists the link-local prefix as:
Link-Local unicast 1111111010 FE80::/10 2.5.6
Global Unicast (everything else)
/10 is the link-local prefix.
Every address in this /10 is part of the link-local prefix, and no IP address
in this /10 is a valid global unicast address.
Thus, it would *seem* that an address such as
when configured on an interface for its link-local address would
be a valid link-local address, as it falls within fe80::/10
This is in the the link-local prefix, but not a valid address, it doesn't
follow the format of a link local address as noted by 2.5.6.
Routers must not forward any packets with Link-Local source or
destination addresses to other links.
(from http://tools.ietf.org/html/rfc4291#section-2.5.6 )
did the authors really intend that most of fe80::/10
remain unused, and *only* a single /64 at the very
start of fe80::/10 would be valid?
The usage of the remainder of the /10 reserved for link local
is unspecified.; It is conceivable but unlikely that uses might be
defined in the future.
I ask this because I'm running into situations where
indeed it seems that some router vendors do literally
only treat fe80::/64 as link-local, and *all other addresses
out of fe80::/10 are treated as global unicast*.
This is definitely erroneous, since fe80::/10 is excluded from the
global unicast address range.
Addresses outside the first /64 _might_ be valid link-local or not,
whatever they are, they are definitely not valid global unicast
addresses, and they fall within the link-local range: routers are
required to not forward packets with a source or destination within
This has potential implications on the types of filtering
people may be assuming their router vendors are doing;
When we are talking about security matters... it's definitely not
safe to assume your vendor has implemented all the source/destination
address filtering they should.
Implement suitable testing to verify.