IPv6 Privacy and Temporary Addresses

The episode tackles IPv6 privacy extensions and the distinction between permanent and temporary interface identifiers. Hosts can derive the lower 64‑bit identifier manually, via EUI‑64 (MAC‑based), or through privacy‑enhancing mechanisms that randomize the bits to hide hardware details.

The speakers explain that permanent privacy addresses are randomly generated but retained for the life of a network attachment, allowing reliable DNS registration and management tools to locate the device. In contrast, temporary privacy addresses are short‑lived, rotating after a configurable interval to obscure a client’s activity on the public Internet. Both mechanisms are client‑side features defined in RFC 4941 and later updates such as RFC 8064.

Real‑world examples illustrate the trade‑offs: Windows 11 creates a stable permanent privacy address for internal services while also spawning disposable temporary addresses for outbound traffic. Enterprises worry that the constant churn of temporary addresses inflates neighbor tables on access switches, potentially exhausting memory and causing packet loss during address resolution. The discussion also references the “prefix per device” proposal, which mitigates table bloat by assigning each host a unique /64.

For network operators, understanding these mechanisms is crucial. Enabling privacy extensions improves user anonymity but demands careful tuning of ARP/ND cache timers and hardware capacity. Conversely, disabling them may simplify management at the cost of exposing MAC‑derived identifiers. Balancing privacy, operational overhead, and device discoverability is a key design decision for IPv6 deployments.