Re: using ULA for 'hidden' v6 devices?

["Justin M. Streiner" <streiner () cluebyfour org>]

On Wed, 25 Jan 2012, Dale W. Carder wrote:

> We have one customer in particular with a substantial non-publicly
> reachable v6 deployment with globally assigned addresses.  I believe
> there is no need to replicate the headaches of rfc1918 in the next
> address-family eternity.

The one big issue I could see with doing that is that the vulnerability 
exposure, particularly from the outside world, is larger if devices that 
don't need public addresses have them.  For example, if a network engineer 
or NOC person accidentally removes a "hide my public infrastructure from 
the outside world" from an interface on a border router...

As others have mentioned, things like management interfaces on access 
switches, printers, and IP phones would be good candidates to hide with 
ULA.

jms