According to RFC 4193, unique local addresses will always have a prefix of FD00::/8.. but according to Wikipedia:
The block fd00::/8 is defined for /48 prefixes, formed by setting the forty least-significant bits of the prefix to a randomly generated bit string.
Is this enforced, and if so why? What stops me from having a prefix of /32 or /16 etc?
Best Answer
The requirement exists to prevent collisions. This is a bit more important than most people recognize.
Even if you have systems which currently don't communicate with other systems over the internet you still need your addresses to be globally unique. You may now or in the future need to add a host which can communicate both with your internal network and with the internet. And for communication with that host to work, the IP addresses with which it communicate will need to be unique.
If two internal networks exist with the same local range there is the possibility a host will eventually need to communicate with both and at that point you would have to renumber one of the networks. This kind of communication is likely to be needed if you are using a VPN connection and both client and server are on networks which make use of RFC 4193 address space.
Another way you could end up needing to communicate with other internal networks in the future is in case your company merges with another company which also uses internal networks.
40 random bits is enough to guarantee that a host which needs to communicate with multiple internal networks can expect to reach approximately one million different networks before seeing the first collision.
The 40 random bits requirement is not enforced in any way, but if you don't follow it you are setting yourself up for problems in the future when a collision happens.