Slashdot Mirror
Most Enterprises Plan To Be On IPv6 By 2013
Julie188 writes "More than 70% of IT departments plan to upgrade their websites to support IPv6 within the next 24 months, according to a recent survey of more than 200 IT professionals conducted by Network World. Plus, 65% say they will have IPv6 running on their internal networks by then, too. One survey respondent, John Mann, a network architect at Monash University in Melbourne, Australia, said his organization has been making steady IPv6 progress since 2008. 'Mostly IPv6 has just worked,' he said. 'The biggest problem is maintaining forward progress with IPv6 while it is still possible to take the easy option and fall back to IPv4.'"
If it were up to the IT professionals, more businesses would already be on it.
They should have surveyed CFOs to see what percentage of businesses will budget anything for an IPv6 transition in the next 24 months.
I'm an IT professional, but I'm not currently authorized to work on a transition of our network because I have a long list of things that was deemed more important by management.
2013? Seriously?
Who would be going to these sites?
I'm guessing about .1% of ISP's will be able to support native V6 by then...
Or maybe when they were asked respondents thought they were answering something about a new version
of Intellectual Property.
"...Plus, 65% say they will have IPv6 running on their internal networks by then, too."
OK, you almost had me at upgrading corporate web servers (comprising of usually only a handful of machines serving that purpose), but do you honestly expect me to believe that 65% of corporate IT budgets are suddenly and magically going to prioritize an IPv6 transition, as they sit comfortably behind their NAT-enabled firewalled environment, the same environment that will continue to work with zero change?
Talk about going from zero to bullshit in 4.2 seconds. If corporations haven't been listening about the impending "doom" around IPv4 for the last decade, they sure as hell aren't going to start that suddenly now.
how many management tools / VPN don't do IPV6?
They have lot's networking stuff but no place to set IPV6 addresses.
if this is about external websites, then again it's a good effort, but ...
where's the upgrade plan/strategy for the people who will want to access these ipv6 websites?
my isp has no plan/strategy how to upgrade to ipv6 afaik. and I am afraid to ask.
There are a lot of devices out there that cannot handle IPv6. Not only is it not feasible to just tell everyone "Oh go replace it," not all of them are cheap things that get replaced often. Some are things that are around many a year.
What we need is a good 4 to 6 NAT standard, and to try to get ISPs on board with that. You have the modem/bridge/router work all IPv6, but run an IPv4 DHCP server. Have it hand out addresses that aren't used, maybe in the experimental range since it won't even step on old IPv4 NAT with that, and reserve another section internally for its use. It then internally handles all the translation. An IPv4 device requests a site that request goes to the DNS server in the router, which goes out and gets the AAAA record. It then maps the IPv6 IP to one of its internal IPv4 IPs for the IPv4 devices. The IPv4 device has no idea what is going on, traffic works just as it always has.
Until we get something like that going, there is going to be a large scale adoption problem. Nobody wants to go IPv6 only because doing so cuts off IPv4 sites. Nobody with IPv4 needs to go IPV6 since everything supports v4.
A 4 to 6 NAT system would be a real boon for ISPs since it would alleviate address space concerns. Hell customers could have static IPv6 addresses no problem. Would be worth their while to do, as address space becomes more scarce, and nobody would mind because everything would just keep working.
do webhosting companies like bluehost, inmotionhosting, godaddy, etc. have an ipv6 strategy? do customers have to pay extra to have their website appear on the ipv6 internet? or ... ???
what's the plan/strategy?
Who's your Firewall vendor and what are you doing for advanced IDP / Application layer protection / Web filtering / intrusion detection? Many vendors are claiming IPv6 as a feature in firewall products but as soon as you scratch the surface you find that that support is often VERY limited, sometimes it is just routing and basic state-full fire-walling, other times feature are unstable / unsupported in on IPv6 traffic.
EA David Gardner -"... but the consumers have proven that actually what they want is fun."
Old hardware aside, nothing is stopping you from using private IPv6 addresses inside your network as a pseudo-nat.
We're still missing two major components: Commercial IPv6 Web and Spam filters. Without that, I don't think you want to let your users lose on the IPv6 web or open up your MX to the new spammers.
I doubt it. You plan may ON being a billionaire in the next 12 months, but I highly doubt you've actually planned TO be one.
There are about 30 companies in the world with 300,000 employees, 10 in the US (GE, IBM, USPS, UPS, McDonalds, Walmart, Sears, Target, GM, Citigroup). Most of those have readily accessible IPv6 plans (pretty much have to), they don't just hire some yahoo and say 'Get 'er done', hell some of them *sell* IPv6 solutions (dysfunctional ones but they'll sell it to you).
Corporations that big have a VP of Strategic Planning or some such in charge of IPv6 migration and their schedule is not based on some random hardware delivered to a readiness lab. Maybe Bob's Big Barn webhosting outlet does but GM sure as heck doesn't.
A lot of those problems are going to be worked out with the help of gentlemen like the GP, in their big corporate IT labs. It's surprisingly common for expensive, complex equipment like this to be debugged partially on the customer's dime, and I hope the rest of us can benefit from the result.
Turns out for external facing web services, you don't need any of that. You just rack up an IPv6 load-balanced proxy and point it at your existing IPv4 servers. The trick is making sure you don't shoot yourself by implementing a stupid per-source address limit and kill your site over IPv6 because all the IPv4 source addresses are the for the proxy array.
jhw
I work for a pretty good sized company and we'll be lucky to be off XP by then...
No need to worry about that. XP has IPv6 support.
When our name is on the back of your car, we're behind you all the way!
Yeah, great idea. Let's complain that nobody is implementing IPv6 while at the same time berating and insulting those that actually try to do something about it!
Idiot...
Many propose doing both. If you don't obtain PI IPv6 space from your RIR, I would highly suggest this. All internal-to-internal traffic should use your private IPv6 addresses, and the public IPv6 addresses are used just for accessing outside your networks. The advantage to this is that only your public facing services and routers have to be renumbered when you change ISPs. All your internal networking stays the same.
does one have to pay extra to make a website get an ipv6 address. or will they upgrade/migrate customers automatically to an ipv6 address.
I still don't have an answer to these questions. but would like one.
what's their plan/strategy?
Yeah, great idea.
and btw - I am not offering ideas - I am asking questions.
Why do you assume that you wouldn't have a firewall for your internal network, even if it's publicly-routable? People have a bad habit of conflating NAT and security...
Every host on the Internet is "supposed" to be able to directly address every other host, but for firewalls of course. A flat address space simplifies things tremendously.
Imagine if your network printer worked from Starbucks, because it was just one fixed address on the Internet. Or you could bookmark your TiVo's web interface without any port forwarding, or some nasty polling interface involved to schedule shows on their servers. IPv6, by reinstating end-to-end connectivity, will do this.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Most Enterprises Plan To Be On IPv6 By 2013
Maybe I've just been unrealistic; but I assumed most of the NCC-1701 series, at least, were already running something more advanced than that.
#DeleteChrome
If you're a business, it allows you to MERGE NETWORKS or talk between two discrete LANs in a far more convenient manner. If you've ever had to support the situation where say, you want to talk between a corp network running on 10.0.0.0/8 and another corp also using 10.0.0.0/8, you'll understand the brain damage that IPV4 NAT brings to the table.
Ditto for home users trying to VPN into your network when they're using 10/8 or another one of the private networks on their LAN that you happen to have employed inside your LAN as well.
IPV4 is broken and needs to die.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
NATv6 exists. As does NAT-PT (which actually does translation so IPv4-only can access IPv6-only and vice-versa).
I don't see why we can't have NATv6 routers now - I like the fact that my internal network numbering doesn't change whenever my ISP decides to give me a new prefix. So I don't get end-to-end connectivity. I don't care - even if I did, I'd stick a firewall in front and it'll break end-to-end connectivity anyways.
There are appliances based on spamassassin and squid - both of which have handled ipv6 for at least a couple of years. Also a few seconds googling brings up a software solution from roaring penguin software that explicitly filters ipv6.
Corporations that big have a VP of Strategic Planning or some such in charge of IPv6 migration and their schedule is not based on some random hardware delivered to a readiness lab.
Well, my bet is that at some point Mr. VP of Strategic Planning is going to involve at least one network engineer (as the GP claimed to be). And said engineer will probably have to, you know, test things to make sure they work in a lab somewhere prior to actually executing the IPv6 Strategic Plan. So I don't really get where you're going with this.
You could have ipv6 in minutes on your OpenSuse box, with your existing network gear. You could do the quick and dirty way with merido, or spend some more time and have the full monty, with no money at all and not changing your ipv4 gear. I have at&t ipv4 only adsl to my home, yet every box in my home has full ipv6 automatic address assignment and access, and moreover my servers at home have *static* ipv6 addresses, even though my ipv4 connection is dynamic. How 'bout them apples? I happen to use SixXs free service, but there are many others. Educate yourself, quit cursing the darkness and light a candle.
Your proposed "solution" would be a routing nightmare, the routing tables would be too huge, wouldn't work. ipv6 solves that problem and keeps all routing tables small, because it was designed by very smart people who did work in the real world. ipv6 works great, works well on dual stack machine with ipv4, and can be set up by anyone anywhere even if they only have ipv4, including static address even if their connection is dynamic dhcp.
in two years.
It's been the case since 10 years ago.
that's miredo (spelling), but yeah, anyone on slashdot who doesn't have ipv6 (even if their isp is ipv4 only), is a lazy git who should turn in her or his geek card. Too easy and way too many ways to get connectivity through tunnel. Many free services out there, will give you your very own *static* /64 subnet and a tunnel, you can have a static ipv6 address for every cell in your body!
NAT only exists for v6 in the context of communicating b/w v6 and v4 networks: there is NAT64, NAT646, NAT464 but no NAT66. The biggest advantage of IPv6 - which is an offshoot of their huge #addresses - is that it eliminates the need for NAT when only v6 to v6 communications is involved.
Private addresses are just that - non-routable addresses. They're not needed for the purposes of mapping to a public address: they co-exist alongside a public IPv6 address. That's different from IPv4, where a node had no routable IPv6 address, and just depends on the NAT gateway to route things to it.
Stop saying NATv6 - you're making it look like one could insert NAT b/w IPv6 nodes if one wanted to. Currently, the standard doesn't support it - IPsec works beautifully w/ IPv6 b'cos there is no NAT trying to monkey about w/ the IPv6 header. All the NATs there are in IPv6 are only there for the purposes of translation to IPv4, and that's what NAT-PT is as well.
Your issue about network numbering is solved if you take Provider-Independent addresses from your RIR (ARIN, APNIC or whatever). As I wrote above, unlike IPv4, IPv6 allows multiple addresses per interface, so you can have both a PI and PA space - the latter being needed to connect to your ISP. So use the former to configure your network (static/dynamic and stateless/stateful) and the latter - just autoconfigure w/ random interface stateless IDs, so that you'll be live online. If the ISP changes, your PI addresses stay w/ you, just take the PA addresses that you get and again do an auto-reconfigure, and you should be done.
Sticking a firewall wouldn't break end-to-end connectivity - it would just block any traffic that you set it up to block. IPsec ensures that your end to end connectivity is secure.
Also, as smash mentioned above, If you're a business, it allows you to MERGE NETWORKS or talk between two discrete LANs in a far more convenient manner. If you've ever had to support the situation where say, you want to talk between a corp network running on 10.0.0.0/8 and another corp also using 10.0.0.0/8, you'll understand the brain damage that IPV4 NAT brings to the table. Ditto for home users trying to VPN into your network when they're using 10/8 or another one of the private networks on their LAN that you happen to have employed inside your LAN as well.
That is a major hassle right there since everyone (enterpise) uses it heavily still. I can only imagine IPv6 might break ActiveX stuff written in VB 5 or 6 as well and maybe old Java intranet sites where IPv4 conventions are hard coded in and god knows what else.
http://saveie6.com/
funny, I"ve been updating Debian, Ubuntu, Postgresql, and FreeBSD from ipv6 mirrors for months. There's actually a lot of good stuff out there on ipv6 already.
Since it was Network World, of the IT/Mac/PC World fame(infamy), I consider these results to be about as accurate as a 2yr old calculating the speed of light.
Many are already delivering IPv6 to their servers. Some set it up with AAAA-records in DNS. Some have been doing that for 4 or 5 years.
New things are always on the horizon
Or the other way around, so you can remove the proxies in X-years and your webservers logs don't say: proxy-ip-address, proxy-ip-address, proxy-ip-address.
New things are always on the horizon
Why doesn't it? Do you not use the internet at all?
If they can't issue new ipv4, then potential customers may only have ipv6 and be unable to access your website.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
The only reason you do not get fixed IPs is the lack of IP space. It is a lot simpler for the ISPs to assign fixed IPs out of a huge address space than to mess with private IP spaces as they do now.
You want more addresses, then mod IPV4 from a byte per address element to a word per address element and you have 65535 class A's
That can be a simple software update and it can be done incrementally without having to re-engineer the hardware.
That will give enough breathing room to build IPV7 which can be built into something that does not break the entire system.
Doing that would break just as much equipment as the IPv6 transition since you propose changing the header layout. The source IP is defined as bits 96 - 127 and the destination IP is defined as bits 128 - 159. Anything that changes those would no longer be IPv4 or even remotely compatible with IPv4.
Yes, you can subnet your network however you want and I've had some fun playing with exactly this.
The reason they didn't define a 32:32:32:32 split is because:
1 They intended to allow for MAC based autoconfig and a MAC address is 48 bits
2 They actually don't care how you layout your local network.
If you use MAC based autoconfig that still leaves you with 16 bits to play with for subnets and if you use DHCPv6 you can play with the whole range if you like.
I just took the first one and googled. I didn't find any official announcements, but according to forum messages they plan to have IPv6 ready this year. So next year, maybe? ;)
I also suspect that since I have never heard of those companies, except GoDaddy, this is U.S-companies? The U.S. is possibly the country furthest behind in the IPv6-race, excepting Denmark (where I live).
Linode is slowly rolling out IPv6 finally :D
Anyway, today IPv6 is useful already to provide ssh-connectivity (and stuff that uses ssh like git) between developer machines. It's worth the setup cost just for that, in my estimation, even with tunnels.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
Possibly, but I doubt it. Usually, you are using host names, and all the details are handled by (C or possibly Java) libraries, which means your old applications still works beautifully.
Of course, if you have intranet sites for registering your IP address or setting up a VPN or something like that, that might need an update. But the place where you write your business proposals, maintain your CRM database etc. should just work.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
Windows 7 desktops are different?
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
How many enterprise networks need more than the 10/8 172/12 or 192/16 blocks? - sounds like 70% of IT departments are cowboys
The world doesn't need all that address space either. All we need to do is to build a giant NAT, then put everyone behind it. As a result, only one public IP address is required.
And because NAT == security, it also solves network security. No more viruses!
Anything that involves growing/extending the IPv4 addresses would have broken compatibility w/ IPv4, since the protocol would now have to be redefined to recognize a 5th octet, as well as be trained to distinguish b/w getting 4 octets and getting 5. So in terms of expense and effort, the same amount of it would have been needed - getting all routers and equipment on the internet upgraded or updated to recognize the new protocol, getting enterprises to migrate to this, and so on. It would by no means have been trivial.
Routing in IPv6 is now a lot easier, due to the hierarchical addressing system. Could have been better, and the addresses could have been more finely assigned, but still, as a protocol, it's way better. And later, if they have problems w/ the way it's been assigned so far, they can change it when they go to, say 3000::/4.
Do you actually own it? I've seen a site that will generate an IPv6 address for you, but it's just picking one at random - there's no guarantee someone else won't decide they want it. IPv6 is supposed to solve the address exhaustion problem, but as an end user I can easily get an IPv4 address (I just pay my ISP xx/month), whereas I can find no way to get an actually-mine IPv6 address.
I am trolling
There is SNAT and at least one firewall app that lets you load balance multiple ipv6 links by keeping the lan on it's private address space and translating for outgoing traffic.
Your webhosting does not actually need to be IPv6 for you to enable your website. You just need to a AAAA for you DNS name using a public available NAT64.
Here is a public available NAT64: http://ipv6.lt/nat64_en.php
Using that you can access slashdot.org on IPv6:
baldur@pkunk:~$ host slashdot.org
slashdot.org has address 216.34.181.45
baldur@pkunk:~$ ping6 -c1 2001:778:0:ffff:64::216.34.181.45
PING 2001:778:0:ffff:64::216.34.181.45(2001:778:0:ffff:64:0:d822:b52d) 56 data bytes
64 bytes from 2001:778:0:ffff:64:0:d822:b52d: icmp_seq=1 ttl=233 time=278 ms
Try this URL: http ://[2001:778:0:ffff:64:0:d822:b52d]/
remove the space after http and copy this to your URL bar. Slashdot destroys the URL if I link directly. It is a fully valid URL just slashdot being stupid.
The actual split is 32 bit is ISP ID, next 16 bit is customer ID, next 16 subnet ID and 64 bit is interface ID. So it is a 32:16:16:64 split using your notation. Some ISPs might choose a different scheme such as 32:24:8:64.
You can call it waste but it was designed so there would still be plenty of address space to go around.
If they can't issue new ipv4, then potential customers may only have ipv6
Do you honestly belive that?
If an ISP runs out of public v4 IPs and has any sense they will do the following:
* Redeploy the v4 IPs to the most lucrative uses.
* For those customers who do not pay enough to justify a dedicated public v4 IP provide some system for them to access at least the v4 web and most likely other services on the v4 internet. Most likely either NAT444 (v4 nat both in the CPE and at the ISP) or DS-lite but NAT64 and proxies are also possibilies.
I'd be very surprised if we see any major websites on v6 only or any clients without some way to access the v4 web any time soon.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Slashdot are never going to do IPv6. Luckily we can have slashdot.org as IPv6 anyway using a public NAT64 server. I would link directly but slashcode does not have support for IPv6 literals in URLs (bug!). So here is a tinyurl to the IPv6 slashdot: http://tinyurl.com/3pwuq98
By the way that URL should work for the majority of windows users. Your computer will automatically use a Teredo IPv6 tunnel to connect to it.
The tinyurl is short for this: http ://[2001:778:0:ffff:64:0:d822:b52d]/ (but without the extra space which is there to prevent slashcode from removing all the colons).
This works because the address is from the public NAT64 available at http://ipv6.lt/nat64_en.php.
You will actually get a 400 Bad Request from the slashdot webserver, but this too is a bug in slashcode. These guys do really not grok IPv6...
If slashdot put that IPv6 address in as a AAAA for slashdot.org they would have IPv6 support just like that.
NAT-PT was officially deprecated the last I looked (see: http://www.ietf.org/rfc/rfc4966.txt ), but I would be interested in a list of products that support it as I have a few IPv4 clients that will NEVER see a native IPv6 stack written for them.
Unlike IPv4, IPv6 allows multiple addresses per interface,
True, the problem is how are clients supposed to 1: find those addresses and 2: choose which one to use.
Initially a special system of DNS records (A6) was created to try and solve this by allowing DNS servers to combine seperate prefix and suffix information but it was horriblly complex and still didn't solve the problem of how a client should figure out which address is better so it got demoted to experimental status.
ARIN at least gave up on A6 and started just allocating provider independent space to any organisation that wanted to multihome. Dunno if the other RIRs did the same.
so you can have both a PI and PA space - the latter being needed to connect to your ISP.
The whole point of getting PI addresses is so that you can advertise them on the internet. If you aren't going to advertise them on the internet you may as well just use "unique local" addresses (see below).
I'd like to understand the differences b/w the 2
There are actually 3 types of local addresses in v6
"Link local" (fe80::/10) addresses are assigned automatically and are local to the link.
"Site local" (fec0::/10) addresses were supposed to be local to a site. but they are deprecated they seemed like a good idea intitiallly but they ran into the problem that a site is a poorly defined idea and many systems have connections to multiple sites.
"Unique local" (fc00::/7) addresses are the final type. They are supposed (though this can't really be enforced) to be assigned using a large random number meaning the chance of two sites that the same computer needs to connect to or that need to be interconnected having the same addressing is minimal.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Yes, the Enterprise (NX-01) will stick with IPV4, but USS Enterprise (NCC-1701) and USS Enterprise (NCC-1701-D) will move on to IPv6.
People don't have a bad habit of conflating NAT and security. NAT provides a basic, stateful firewall, and that most certainly /is/ security, incidental or not. IPv6 likely won't bring us all back to the happy days of full end-to-end connectivity, but rather popularise the stateful firewall sans the NAT in CPEs.
v6 addresses aren't supposed to be portable between networks. The address is intended for successive delegation, to keep the routing table manageable. In short, you won't ever be able to get your own IPv6 address that you can get an ISP to route, you will have to get a subnet from your ISP, which gets it from their transit provider or RIR.
I am TheRaven on Soylent News
Agreed. I work for a large company (Fortune 100), and am fortunate enough to actually have a budget to built an IPv6 lab. Unfortunately, not a single ISP can actually deliver a dual-stack circuit at this time. We've had orders in for six months and nothing has been delivered yet. Same story all around, infrastructure isn't there.
IPv6 has a huge potential as a technology, well intended, but currently there is no strong business case for most netizens. That's why we find technocrats have their adrenaline level go up when working with IPv6 related projects. Then what! reality hits the road. Just because I can get IPv6 address space, is no reason to change my internal network, firewall, VPN and convert NAT setup to publicly routable IPv6 address space. Such a project will incur a huge change management cost with no less additional benefits, if any. To begin with it will cause more disruption to end users because of immature products deployed with in networks, still trying to support reasonable level of IPv6 support. Networking staff need to be retrained so they can troubleshoot issues. Even with all the hassle, what is a value add for end users?
Although IPv6 is imminent,no doubt about that but the switch is not going to be overnight. IPv6 design is fundamentally not backward compatible with IPv4 and that is one of the fundamental design flaw preventing its quick adoption. Remember Itanium vs x86_64 battle, we should take a clue from history.
Our product is going to require huge amounts of code churn to get IPV6 working. That's going to be ugly work on nasty legacy code...
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
If your Firewall is not able to effectively identify scans and brute force attacks on the IPv6 address of the IPv6 load-balanced proxy, your IPv6 load-balanced proxy will then become the point of failure for attack. If you do IDP and application proxy protection behind the load-balanced proxy you will never know the source of the attack and thus can't block the source because the source will be the load-balanced proxy.
EA David Gardner -"... but the consumers have proven that actually what they want is fun."
the ISP or someone above them generally "owns" even a ipv4 net block for us little guys....not sure I'd worry about it for the present. if someday sixxs pulls the rug out from under my /64 subnet, I'd just go to another provider.
(old fart story time) My employer had comcast change their static ipv4 ip out from under them, had to find out what it was. then a couple weeks later they changed it back by accident (we're talking a routed subnet for a few dozen servers here).
We're talking about an attack that only currently originates from a user population representing less than 0.3% of the Internet user population. If you're under attack over IPv6, then just pull the plug. Seriously, I get that you need to keep your family jewels in a bank vault. You can probably keep the rhinestones under the bed and save on the safe deposit fees.
jhw
I had the same thing happen with Verizon. One day working fine, 3:00AM nothing works, nothing routes just dead.
Hey KID! Yeah you, get the fuck off my lawn!
I'm not getting why it's so difficult - would seem to me to read the prefix information of the router, and then see if it matches the prefix information of any of the assigned addresses. If it does, use that one.
Which would work fine if the internet was a tree but the internet is not a tree and never has been. A client on ISP A has no way of knowing whether ISB B or ISP C has a better path from their ISP.
Do you then have the option of using your own PI addresses, instead of the ISP's? How does the ISP get to use yours (which they'd have to in order to bring their service to you)? And what happens if you change ISPs - does your ISP automatically let go of it/lose it so that you can hand it to the next ISP in order to ensure that your network is online?
The same way as with V4, you advertise them to your ISPs who then advertise them to their ISPs and peers and so on. If you drop an ISP then you stop advertising it to them which causes them to stop advertising it on the internet.
They were trying to avoid giving anyone but ISPs provider independent space with the idea being that multihomed sites should just have multiple IPs on their end systems instead but as I said in practice that didn't really work out very well.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
I know that Site local had been deprecated and replaced by Unique local. I wonder why they even bothered trying to guarantee the uniqueness of all such addresses worldwide since these addresseses are not supposed to be routable
Site local addresses are supposed to be routable within a site. Unique local addresses are supposed to be routable within a site and between a group of cooperating sites.
The problem with site local addresses is how do you define site. If you define it as a physical site then site local addresses are of limited utility since resources and their users often move between sites. If you define it as a whole company then you avoid that problem but create a new one, namely that companies merge. Many people here talk about the pain and horrible hacks involved when two companies that have both used 10.x.x.x have to be merged and interconnections are needed between their networks.
By including a large random number in the addresses the chance that a group of sites that need to be interconnected will have conflicting addresses is reduced to negligable levels.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register