Re: Using IPv6 with prefixes shorter than a /64 on a LAN

[Lamar Owen <lowen () pari edu>]

On Thursday, February 03, 2011 10:39:28 am TJ wrote:
> Correct me if I am wrong, but won't Classified networks will get their
> addresses IAW the DoD IPv6 Addressing Plan (using globals)?

'Classified' networks are not all governmental.  HIPPA requirements can be met with SCIFs, and those need 'classified' 
networks.

Here, we have some control networks that one could consider 'classified' in the access control sense of the word, that 
is, even if a host is allowed access it must have a proven need to access, and such access needs supervision by another 
host.  

This type of network is used here for our large antenna controls, which need to be network accessible on-campus but 
such access must have two points of supervision (one of which is an actual person), with accessing hosts not allowed to 
access other networks while accessing the antenna controller.  This has been an interesting network design problem, and 
turns traditional 'stateful' firewalling on its ear, as the need is to block access when certain connections are open, 
and permit access otherwise.  It's made some easier since wireless access is not an option (interferes with the 
research done with the antennas), and wireless AP's and cell cards are actively hunted down, as well as passively 
hindered with shielding in the areas which have network access to the antenna controllers.

It's a simple matter of protecting assets that would cost millions to replace if the controllers were given errant 
commands, or if the access to those controllers were to be hacked.