nanog mailing list archives

Re: using ULA for 'hidden' v6 devices?

From: Owen DeLong <owen () delong com>
Date: Wed, 25 Jan 2012 15:46:54 -0800


On Jan 25, 2012, at 10:03 AM, Justin M. Streiner wrote:

On Wed, 25 Jan 2012, Dale W. Carder wrote:

We have one customer in particular with a substantial non-publicly
reachable v6 deployment with globally assigned addresses.  I believe
there is no need to replicate the headaches of rfc1918 in the next
address-family eternity.


The one big issue I could see with doing that is that the vulnerability exposure, particularly from the outside 
world, is larger if devices that don't need public addresses have them.  For example, if a network engineer or NOC 
person accidentally removes a "hide my public infrastructure from the outside world" from an interface on a border 
router...


Use different GUA ranges for internal and external. It's easy enough to get an additional prefix.

As others have mentioned, things like management interfaces on access switches, printers, and IP phones would be good 
candidates to hide with ULA.


Or non-advertised, filtered GUA. Works just as well either way.

Owen

Current thread:

using ULA for 'hidden' v6 devices? Justin M. Streiner (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Jay Ford (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Dale W. Carder (Jan 25)
  - Re: using ULA for 'hidden' v6 devices? Nick Hilliard (Jan 25)
    - Re: using ULA for 'hidden' v6 devices? Dave Pooser (Jan 25)
  - Re: using ULA for 'hidden' v6 devices? Justin M. Streiner (Jan 25)
    - Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 25)
    - RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Jima (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 26)
    - Re: using ULA for 'hidden' v6 devices? Douglas Otis (Jan 26)
    - RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)

(Thread continues...)