Global Unicast Addresses (GUAs) are the IPv6 equivalent of public IPv4 addresses—they are globally unique, routable across the entire Internet, and serve as the primary identifiers for hosts participating in worldwide communication. When you access a website, stream video, or send email over IPv6, you're using global unicast addresses.

The 2000::/3 address space—where all current global unicast addresses reside—contains more addresses than IPv4's entire public space by a factor of over 2^96. This astronomical abundance enables a fundamentally different approach to addressing: every device can have unique, permanent, aggregatable addresses without the contortions that IPv4's scarcity imposed.

This page explores global unicast addresses comprehensively—from the hierarchical allocation model through practical address planning to configuration and management considerations.

Global Unicast Addresses occupy the 2000::/3 address range—any address beginning with binary 001 (hex 2 or 3 in the first nibble). This represents 1/8th of the total IPv6 address space, yet contains approximately 42 undecillion addresses.

Fundamental Characteristics:

1. Global Uniqueness: Each GUA is unique across the entire Internet. No two interfaces anywhere should have the same global unicast address.

2. Full Routability: GUAs can be routed across any IPv6 network. Unlike link-local or ULA addresses, there are no topological restrictions.

3. Hierarchical Structure: GUAs follow a hierarchical allocation model enabling route aggregation—essential for manageable routing tables.

4. Provider-Assigned Nature: Most organizations receive GUAs from their ISP, creating a natural aggregation hierarchy.

5. SLAAC Compatibility: Global prefixes advertised by routers allow hosts to automatically configure globally-routable addresses.

IPv6 global addressing follows a hierarchical allocation model designed for aggregation and scalability. Understanding this hierarchy is essential for network design and address planning.

Allocation Hierarchy:

                    IANA (Internet Assigned Numbers Authority)
                              |
                    Allocates large blocks (/12)
                              |
            ┌─────────────────┼─────────────────┐
            ▼                 ▼                 ▼
         ARIN              RIPE NCC          APNIC ...
    (N. America)          (Europe)           (Asia-Pacific)
            │                 │                 │
    Allocates /32 - /29 to ISPs/LIRs          │
            │                 │                 │
            ▼                 ▼                 ▼
    ISP / Enterprise     ISP / LIR      Organizations
            │                 │                 │
    Assigns /48 - /56 to customers           │
            │                                   │
            ▼                                   ▼
    End Sites                           Individual Sites
       │
    /64 to each subnet
       │
       ▼
    Hosts (/128)

Regional Internet Registries (RIRs):

Standard Allocation Sizes:

ISP/LIR Allocations:

• Minimum allocation: /32 (65,536 × /48 blocks)
• Large ISP: /29 or larger (520,000+ × /48 blocks)
• Purpose: Allocate to customers, infrastructure addressing

End-Site Assignments:

• Standard site: /48 (65,536 × /64 subnets)
• Small site (home): /56 (256 × /64 subnets)
• Single subnet exception: /64 (only if truly single-network site)

Subnet Level:

• Always /64: Every subnet should be /64, regardless of size
• Enables SLAAC: /64 boundary is mandatory for autoconfiguration
• 18.4 quintillion hosts: Each /64 supports more hosts than IPv4's total space

Why /48 for Sites?

The /48 standard emerged from analysis:

• Organizations need flexibility for future growth
• Renumbering is painful; over-allocating is cheap
• 65,536 subnets handles virtually any organizational structure
• Maintaining consistent assignment sizes simplifies automation

Let's dissect a global unicast address to understand each component's role.

Example Address: 2001:0db8:85a3:0042:0000:8a2e:0370:7334

┌─────────────────────────────────────────────────────────────────────────┐
│                          128 bits                                       │
├────────────┬─────────────┬─────────────┬────────────────────────────────┤
│  n bits    │   m bits    │  p bits     │          64 bits               │
│  Provider  │   Site      │  Subnet     │       Interface ID             │
│  Prefix    │   Prefix    │   ID        │                                │
├────────────┴─────────────┴─────────────┼────────────────────────────────┤
│         64 bits                        │          64 bits               │
│     Network Prefix (Routing)           │    Host Identifier             │
└────────────────────────────────────────┴────────────────────────────────┘

2001:0db8:85a3:0042 : 0000:8a2e:0370:7334
└────────┬─────────┘   └───────┬────────┘
   Routing Prefix         Interface ID
   (from RIR/ISP/Router)   (host-generated)

Breaking Down the Components:

The 64-Bit Interface Identifier:

The fixed 64-bit interface ID enables:

1. SLAAC Operation: Hosts combine router-advertised /64 prefix with self-generated IID
2. Privacy Extensions: Random temporary IIDs prevent tracking
3. Stable Addressing: RFC 7217 IIDs stay constant per-network
4. EUI-64 Fallback: MAC-derived IIDs for legacy compatibility

The Subnet ID Field:

With a /48 global routing prefix, you have 16 bits for subnet IDs—65,536 possible subnets. Common schemes:

2001:db8:85a3:0001::/64  → Building 1
2001:db8:85a3:0002::/64  → Building 2
2001:db8:85a3:0100::/64  → Servers (256 = 0x100)
2001:db8:85a3:0200::/64  → User VLANs start
2001:db8:85a3:8000::/64  → Guest network (high bit set)
2001:db8:85a3:ffff::/64  → Management network (last subnet)

Numeric organization within the subnet ID field aids troubleshooting and documentation.

Proper IPv6 address planning requires thinking differently from IPv4. With abundant space, the goal shifts from conservation to organization, aggregation, and future-proofing.

Planning Principles:

1. Plan for Growth: Allocate more space than currently needed. A subset that's too small requires renumbering.

2. Maintain Aggregation: Keep subnets contiguous where possible to enable summarization in routing.

3. Reflect Organizational Structure: Use address structure to mirror physical or logical topology.

4. Reserve Space: Leave gaps between allocations for future insertion.

5. Document Everything: IPv6 addressing requires clear documentation for troubleshooting.

Example: Mid-Size Enterprise Planning

Scenario: Company receives 2001:db8:abcd::/48 from ISP

Master Allocation: 2001:db8:abcd::/48 (65,536 /64s available)

Hierarchical Plan:

2001:db8:abcd:0000::/52   (4,096 /64s)  → Headquarters
├── 2001:db8:abcd:0000::/56   (256 /64s)  → HQ Floor 1
│   ├── 2001:db8:abcd:0000::/64   → HQ F1 User VLAN 1
│   ├── 2001:db8:abcd:0001::/64   → HQ F1 User VLAN 2
│   ├── 2001:db8:abcd:0010::/64   → HQ F1 VoIP
│   └── 2001:db8:abcd:00ff::/64   → HQ F1 Management
├── 2001:db8:abcd:0100::/56   (256 /64s)  → HQ Floor 2
└── 2001:db8:abcd:0200::/56   (256 /64s)  → HQ Floor 3

2001:db8:abcd:1000::/52   (4,096 /64s)  → Branch Office 1
2001:db8:abcd:2000::/52   (4,096 /64s)  → Branch Office 2
2001:db8:abcd:3000::/52   (4,096 /64s)  → Branch Office 3

2001:db8:abcd:8000::/52   (4,096 /64s)  → Data Center 1
├── 2001:db8:abcd:8000::/56   → DC1 Production
├── 2001:db8:abcd:8100::/56   → DC1 Staging
├── 2001:db8:abcd:8200::/56   → DC1 Development
└── 2001:db8:abcd:8f00::/56   → DC1 Infrastructure

2001:db8:abcd:c000::/50   (16,384 /64s) → Reserved for Future

This plan uses only ~25% of available space while providing clear structure and room for growth.

Hosts can obtain global unicast addresses through several mechanisms, each with different tradeoffs.

1. SLAAC (Stateless Address Autoconfiguration)

Router sends:              Host receives:
                           
RA with:                   Prefix: 2001:db8:1::/64
Prefix: 2001:db8:1::/64    + 
Flags: A=1 (autonomous)    IID: ::21c:42ff:feab:cdef (generated)
                           =
                           2001:db8:1::21c:42ff:feab:cdef

Advantages: Zero infrastructure required beyond router; works immediately Disadvantages: No control over host addresses; harder to log/track

2. DHCPv6 Stateful

Client ←→ DHCPv6 Server

Solicit   → ff02::1:2
Advertise ← Server
Request   → Server
Reply     ← Server (contains assigned address)

Result: Host receives specific address from DHCP pool

Advantages: Centralized address management; logging; control Disadvantages: Requires DHCP infrastructure; potential single point of failure

3. Manual Configuration

# Linux
ip -6 addr add 2001:db8:1::100/64 dev eth0

# Windows
netsh interface ipv6 add address "Ethernet" 2001:db8:1::100

# Cisco Router
interface GigabitEthernet0/0
  ipv6 address 2001:db8:1::1/64

Advantages: Precise control; essential for infrastructure Disadvantages: Doesn't scale; error-prone; requires change management

Organizations must choose between Provider-Assigned (PA) and Provider-Independent (PI) address space. This choice has significant implications for portability, routing, and cost.

Provider-Assigned (PA) Space:

Addresses allocated from your ISP's block:

ISP owns:        2001:db8::/32
You receive:     2001:db8:abcd::/48 (from ISP's space)

Characteristics:

• Aggregatable: Your prefix is part of ISP's larger announcement
• Non-portable: Changing ISPs requires renumbering
• No BGP required: ISP announces your space as part of their aggregate
• Lower cost: No RIR membership fees

Provider-Independent (PI) Space:

Addresses allocated directly from your RIR:

You receive:     2001:db9::/32 (direct from ARIN/RIPE/etc.)
Not part of any ISP's aggregation

Characteristics:

• Portable: Keep your addresses when changing providers
• Requires BGP: You must announce via BGP (or have provider announce)
• Impacts routing table: Adds entry to global routing table
• Higher cost: RIR membership and annual fees

During the IPv4-to-IPv6 transition, most networks operate in dual-stack mode—running both protocols simultaneously. Global unicast addresses play a crucial role in this environment.

Dual-Stack Address Architecture:

Interface eth0:
├── IPv4: 192.168.1.100/24 (likely NAT'd)
├── IPv6 Link-Local: fe80::21c:42ff:feab:cdef/64 (always present)
├── IPv6 Global: 2001:db8:1::21c:42ff:feab:cdef/64 (routable)
└── IPv6 Temporary: 2001:db8:1::a5c2:3f7b:c892:4521/64 (privacy)

Happy Eyeballs Algorithm:

Modern clients use "Happy Eyeballs" (RFC 6555/8305) when connecting:

1. DNS returns both A (IPv4) and AAAA (IPv6) records
2. Client starts IPv6 connection attempt
3. After ~50ms, client also starts IPv4 attempt in parallel
4. Whichever completes first wins
5. Preferred protocol is learned for future connections

This ensures users get the fastest connection while preferring IPv6 when it works well.

Address Selection in Dual-Stack:

RFC 6724 governs source address selection. Default behavior:

Operational Considerations:

1. DNS Must Serve Both: Publish both A and AAAA records for dual-stack services

2. Firewall Parity: Security policies must cover both protocols

3. Monitoring Both Stacks: Failure in either protocol affects users

4. Performance Comparison: Measure both to ensure IPv6 path is competitive

5. Fallback Works: Test that Happy Eyeballs successfully falls back when IPv6 fails

We've comprehensively explored IPv6 global unicast addresses—the primary addresses for Internet communication. From hierarchical allocation to enterprise planning, you now understand the addressing that powers the modern Internet. Let's consolidate this knowledge: