nanog mailing list archives
Re: using ULA for 'hidden' v6 devices?
From: Owen DeLong <owen () delong com>
Date: Wed, 25 Jan 2012 15:46:54 -0800
On Jan 25, 2012, at 10:03 AM, Justin M. Streiner wrote:
On Wed, 25 Jan 2012, Dale W. Carder wrote:We have one customer in particular with a substantial non-publicly reachable v6 deployment with globally assigned addresses. I believe there is no need to replicate the headaches of rfc1918 in the next address-family eternity.The one big issue I could see with doing that is that the vulnerability exposure, particularly from the outside world, is larger if devices that don't need public addresses have them. For example, if a network engineer or NOC person accidentally removes a "hide my public infrastructure from the outside world" from an interface on a border router...
Use different GUA ranges for internal and external. It's easy enough to get an additional prefix.
As others have mentioned, things like management interfaces on access switches, printers, and IP phones would be good candidates to hide with ULA.
Or non-advertised, filtered GUA. Works just as well either way. Owen
Current thread:
- using ULA for 'hidden' v6 devices? Justin M. Streiner (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Jay Ford (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Dale W. Carder (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Nick Hilliard (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Dave Pooser (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Justin M. Streiner (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 25)
- RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Jima (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Nick Hilliard (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Cameron Byrne (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Douglas Otis (Jan 26)
- RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)