One of my readers sent me an email that’s easiest paraphrased into: “Why can’t I have a different IPv6 link-local address (LLA) on every access port connected to a VLAN interface?”
There’s probably nothing stopping someone from implementing such an approach, but it would go against the usual understanding of how bridging and routing interact in L2+L3 switches.
What Is a VLAN Interface?
A VLAN interface is nothing more than a routed (L3) virtual interface connected to a bridge domain (VLAN). Regardless of how this construct is implemented in hardware or software, it should look like a router connected to a bridge, or (ignoring optimizations in frame forwarding) a router connected to an Ethernet cable.
What MAC Address Should a VLAN Interface Use?
Every L3 interface (including a VLAN interface) potentially participating in the same L2 domain should have a unique L2 (MAC) address, which means that a L2+L3 switch needs a unique MAC address for each of its physical interfaces (because each physical interface could be turned into a L3 interface). You can usually see those addresses (bia or burned-in-address) in show interfaces printout.
A bridge (remarketed as a L2 switch) does not need a unique MAC address on every interface. All it needs is a single MAC address to send BPDUs (and other control-plane messages) from.
A VLAN interface could (theoretically) reuse a MAC address of a physical interface (in case the physical interface has a separate burned-in-address), or use a MAC address from a pool of addresses assigned by the vendor to the switch itself… but in most cases, the implementation details don’t really matter, as the MAC addresses have to be unique within a single L2 domain.
Stretching L2 domains or merging multiple L2 domains into a single transport domain with Q-in-Q encapsulation can lead to interesting results as some people trying to use the same HSRP group on multiple stretched VLANs found out the hard way.
Coming Back to IPv6 LLA
An IPv6 interface is usually assigned a single IPv6 LLA. A VLAN interface thus gets a single IPv6 LLA.
Physical access ports connected to a VLAN instance are not L3 ports, and thus don’t get a L3 address. Quite often they don’t even need a L2 address (see above).
You could assign numerous LLA to a VLAN interface (one per physical port), but they’d have to be bound to VLAN interface (not physical ports) anyway to retain the semantics of VLAN interface, so why bother.
Interestingly, based on recent discussions on one of the IPv6 mailing lists (where you’ll also find other interesting tidbits), it looks like some vendors decided to move in the opposite direction: they use the same IPv6 LLA on all IPv6 interfaces present in a network device. Yet again, that shouldn’t be a problem (after all, LLA are supposed to be unique only within a single L2 domain) until you’re forced to connect two IPv6 interfaces back-to-back to implement whatever design not supported by the underlying hardware (Nexus 7000 comes to mind ;).