nanog mailing list archives
Re: Question about migrating to IPv6 with multiple upstreams.
From: Randy Carpenter <rcarpen () network1 net>
Date: Tue, 14 Jun 2011 13:43:32 -0400 (EDT)
Hi Ray, There's a nuance here you've missed. There are two main reasons for ULA inside the network: 1. Address stability (simplifies network management) 2. Source obfuscation (improves the depth of the security plan) Option 1: Obfuscation desired. ULA inside. NAT/PAT at both borders. You don't use prefix translation here because prefix translation does little obfuscation: it has a 1:1 relationship with each individual host and still reveals the internal routing structure. Option 2: Stability, no obfuscation desired. ULA inside, prefix translation at both borders. Option 3: Neither stability nor obfuscation required. GUA from one of the providers inside. Prefix translation to the other provider for the connections desired out that border. Giving the hosts real GUA addresses maximizes application compatibility.
Why doesn't GUA give you address stability? I would think that it would provide the best stability. And in terms of obfuscation, why couldn't we use DHCPv6 to give reasonably random addresses? Also, I don't see how prefix translation reveals my internal routing structure. I don't really see the point in ULA. It just seems like "The Return of RFC 1918, Part II, the Sequel" -Randy
Current thread:
- Re: Question about migrating to IPv6 with multiple upstreams., (continued)
- Re: Question about migrating to IPv6 with multiple upstreams. Seth Mos (Jun 11)
- Re: Question about migrating to IPv6 with multiple upstreams. Randy Carpenter (Jun 12)
- Re: Question about migrating to IPv6 with multiple upstreams. Owen DeLong (Jun 13)
- Re: Question about migrating to IPv6 with multiple upstreams. Randy Carpenter (Jun 13)
- Re: Question about migrating to IPv6 with multiple upstreams. Joel Maslak (Jun 13)
- Re: Question about migrating to IPv6 with multiple upstreams. William Herrin (Jun 13)
- Re: Question about migrating to IPv6 with multiple upstreams. Owen DeLong (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Randy Carpenter (Jun 12)
- Re: Question about migrating to IPv6 with multiple upstreams. Ray Soucy (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. William Herrin (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Ray Soucy (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Randy Carpenter (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Owen DeLong (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Seth Mos (Jun 11)
- Re: Question about migrating to IPv6 with multiple upstreams. Valdis . Kletnieks (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Randy Carpenter (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Ray Soucy (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Owen DeLong (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Scott Helms (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Owen DeLong (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Joel Jaeggli (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Owen DeLong (Jun 14)
- Re: Question about migrating to IPv6 with multiple upstreams. Ray Soucy (Jun 14)