300 IPv6 addresses

TL;DR: If you intend to assign static IPv6 addresses on a network where SLAAC and privacy extensions are also present, use a "300 address".

A "300 address" is any IPv6 address of the form pppp:pppp:pppp:pppp:xyxx:xxxx:xxxx:xxxx where pppp is a /64 prefix, x is an arbitrary hex digit, and y is 3, 7, b, or f. For example, given the prefix 2001:db8:1234:5678::/64, the following addresses are "300 addresses":

  • 2001:db8:1234:5678:300::1
  • 2001:db8:1234:5678:700::1
  • 2001:db8:1234:5678:9b60:252e:b646:adc7
  • 2001:db8:1234:5678:7f00:1:0:42

"300 addresses" are special because SLAAC and privacy extensions, despite their randomness, will never generate a 300 address.


Whenever a host self-assigns an IPv6 address through SLAAC, it will do it in one of two ways:

  1. Randomly or deterministically randomly generated (per RFC 4941)
  2. Using the EUI-48 or EUI-64 MAC address (per RFC 4862)

Method 1, according to RFC 4941 section 3.2.1, is constrained in a way such that "bit 6" in the interface identifier is always 0 i.e. such that y & 2 == 0 (y is the same as in the address above). This means that addresses generated by method 1 will always have y ∈ {0, 1, 4, 5, 8, 9, c, d}.

Method 2 converts a 48-bit MAC address into a 64-bit interface identifier using the following formula:

pp:qq:rr:ss:tt:uu -> [prefix]:vvqq:rrff:fess:ttuu, where vv = pp XOR 02.

The exclusion here involves the "pp" term. If "pp" is even, then it is a normal MAC address. If "pp" is odd, then it is a multicast MAC address; such addresses cannot be assigned to devices. Thus, method 2 will only generate addresses such that y & 1 == 0.

Thus, SLAAC and privacy extensions will never generate an address where both bit 0 and 1 are set, and thus "300 addresses" can be used for static addresses that will never collide with SLAAC and privacy extensions.

The set of "300 addresses" in a given /64 prefix is actually a set of 64 discontiguous /72 prefixes, for example:

  • 2001:db8:1234:5678:300::/72
  • 2001:db8:1234:5678:700::/72
  • 2001:db8:1234:5678:b00::/72
  • 2001:db8:1234:5678:f00::/72
  • 2001:db8:1234:5678:1300::/72
  • 2001:db8:1234:5678:1700::/72
  • 2001:db8:1234:5678:1b00::/72
  • 2001:db8:1234:5678:1f00::/72

(and so on).

So if you intend to use e.g. an NDP proxy daemon to "carve out" a /72 from a /64 (e.g. to run Docker or socketbox on IPv6 without NAT or a routed prefix), or when creating a DHCP range in a hybrid stateless/stateful router advertisement configuration, then you can use one of the above /72 subnets (obviously after replacing 2001:db8:1234:5678: with your /64 prefix).

Technically "300 addresses" are reserved addresses, so not all operating systems and programs will accept them. Windows and Linux will accept them, but IBM z/OS might not.