nanog mailing list archives
RE: using ULA for 'hidden' v6 devices?
From: George Bonser <gbonser () seven com>
Date: Thu, 26 Jan 2012 12:28:04 +0000
In other words, you turn leakage into a feature. You make the fact that routes might leak add to the uncertainty by having everyone use the same nets. The more people that leak, the less likely you are to reach an intended destination. V6 ULA makes it MORE likely a leak will result in a security breach because it reduces the chances that two nets will leak the same routes.
To put it another way, if you mandated that EVERY network announce the entire ULA space, it would make reaching any particular network in a predictable manner impossible. Just as if every network announced RFC 1918 space and everyone accepted it, it would make that address space completely unusable for anything, particularly if everyone announced it and black holed it. That might even be more effective than filtering it. Everyone on the planet announces a route to 10/8 and everyone black holes it at their peering/transit points. So even if someone forgot to filter it, it wouldn't matter because it would be intercepted long before it ever gets to them or at least the chances of anyone being able to reliably reach them would be just about zero.
Current thread:
- RE: using ULA for 'hidden' v6 devices?, (continued)
- RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Chuck Anderson (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Mark Andrews (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Justin M. Streiner (Jan 25)
- Re: using ULA for 'hidden' v6 devices? Ray Soucy (Jan 25)
- Message not available
- Re: using ULA for 'hidden' v6 devices? Tim Chown (Jan 26)
- RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)
- Message not available
- Re: using ULA for 'hidden' v6 devices? Tim Chown (Jan 26)
- RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)
- RE: using ULA for 'hidden' v6 devices? George Bonser (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Mark Tinka (Jan 27)
- Re: using ULA for 'hidden' v6 devices? Ray Soucy (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Jeroen Massar (Jan 26)
- Message not available
- Re: using ULA for 'hidden' v6 devices? Tim Chown (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Ray Soucy (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
- Message not available
- Re: using ULA for 'hidden' v6 devices? Tim Chown (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Owen DeLong (Jan 26)
- Re: using ULA for 'hidden' v6 devices? Valdis . Kletnieks (Jan 26)