> Each IPv6-enabled VM will be assigned a /96 address range from the subnet, which provides you with 4 billion unique IPv6 addresses for each VM interface.<p>That's odd. Almost every attempt to reflect IPv4 blacklisting seems to treat /56 or even /48 blocks the same as a regular IP address, since that is (or was) the recommended size to hand out to end users for residential ISPs. /64 is the smallest network size available for most applications so network level firewalls will often use that as the smallest range to ban in case of abuse.<p>Of course ULA networks aren't going reach out to the internet, but even on internal load balancers and attack detection mechanisms will need to be configured for this default. Which is very strange, given that ULAs are /48s with arbitrary 16 bit subnets and then a /64 at the end. I can't imagine exceeding 65k subnets being a common use case on these networks.<p>That said, I applaud the native availability of ULAs on cloud platforms. You can make it work yourself with VPNs and other overlay networks, but this is a much cleaner solution.
> Additionally, multi-nic VM instances may be dual-homed with both ULA (internal) and GUA (external) addresses.<p>You need a multi-NIC VM for that? Isn't it commonplace in the IPv6 world for a single NIC to have multiple addresses? In fact I just checked: my computer at home has a single NIC but it has multiple addresses (both ULA and GUA) configured through SLAAC with privacy extension. In fact I count 14 addresses, excluding link-local.