nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: misunderstanding scale

From: Michael Thomas <mike () mtcc com>
Date: Mon, 24 Mar 2014 18:38:44 -0700
On 03/24/2014 06:05 PM, Owen DeLong wrote:


So ULA the printers (if you must).

That doesn’t create a need for ULA on anything that talks to the internet, nor does it create a requirement to do NPT 
or NAT66.
From a security perspective, I wouldn't trust my printer to not number itself with a GUA. Unlike v4 with DHCP, any kind of glitch causing leakage of RA's-bearing-Global-prefixes (i'm sure there is a Greek Tragedy written about this) will cause it to number the interface with that prefix. You can argue that's misconfiguration and I wouldn't disagree, but it's just way to easy for the (printer) host to do, and it wouldn't be very apparent to anything but the 
host (printer).
I'm not entirely sure what the whole answer is to this. We're still talking about raw ip addresses here, so somebody would have to know the GUA the printer numbered itself to. Naming autodiscovery doesn't currently traverse subnets, though homenet and others are trying to relax that. Some sort of logic like "if I can't add my address to dns then don't listen to incoming requests on my gua" might be helpful, but as I said... people interested in this really should pay attention to the homenet working 
group which is charged, for better or worse, to sort a lot of this out.

Mike
Previous By Date Next
Previous By Thread Next

Current thread: