nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: using "reserved" IPv6 space

From: TJ <trejrco () gmail com>
Date: Fri, 13 Jul 2012 12:34:15 -0400
Note that I meant using Link Locals for directly connected devices *(neighbors;
e.g. - routing protocol neighborship formation)*.
If they are not on-link with each other, Link Locals are a non-starter ...
ULAs would be a possible solution for a completely disconnected network.

Note that many are proponents of using Globals even in those situations,
with judicious filtering stopping any inboud/outbound traffic.
The benefit being that "it's never going to be connected " doesn't really,
always mean "it's never going to be connected" :).


*YMMV, as always!*
/TJ


On Fri, Jul 13, 2012 at 12:21 PM, -Hammer- <bhmccie () gmail com> wrote:


 I'm having similar thoughts and we are about to implement. Fortunately we
are implementing in an isolated lab first for this exact reason. For us to
figure things out first before attempting them elsewhere.

I like the ULA approach. I'm not sure about link local being used as
strategy for Internal services. I'm finally getting to the point where I'm
looking past the vastness of the numbers and just focusing on subnets and
masks and subnetting and whatnot.

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 7/13/2012 11:11 AM, Tom Cooper wrote:

On Fri, Jul 13, 2012 at 11:05 AM, TJ <trejrco () gmail com> wrote:


On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- <bhmccie () gmail com> wrote:


OK. I'm pretty sure I'm gonna get some flak for this but I'll share this
question and it's background anyway. Please be gentle.

In the past, with IPv4, we have used reserved or "non-routable" space
Internally in production for segments that won't be seen anywhere else.
Examples? A sync VLAN for some FWs to share state. An IBGP link between
routers that will never be seen or advertised. In those cases, we have
often used 192.0.2.0/24. It's reserved and never used and even if it

did

get used one day we aren't "routing" it internally. It's just on

segments

where we need some L3 that will never be seen.

On to IPv6

I was considering taking the same approach. Maybe using 0100::/8 or
1000::/4 or A000::/3 as a space for this.




 Would using "just" Link Locals not be sufficient?
*(Failing that, as others noted, ULAs are the next "right" answer ... )*
*
*
/TJ



As an IPv6 newbie myself, I wonder how hosts handle link local, ULA and
global addresses.
For example, if you have some internal web traffic used for intranet use
only, do you bind those servers to use only ULA addresses? This way your
internal users with ULA addressing only have access to those servers? No
need to give intranet-only servers a global address if they're not needed
to be accessed globally.

Is there a way for hosts to "prefer" or "attempt" to connect to a service
by first trying a link-local scope, then a ULA and finally a global address
if its off the AS?
I really like the idea of ULA and think it makes much more sense than
RFC1918 + NAT. I just don't have any deployment experience with it yet so
I'm curious how the host would handle it.

On the router side, I'm sure ULA and global routing just run as
ships-in-the-night side-by-side anyways...right?

--
Thomas Cooper
Previous By Date Next
Previous By Thread Next

Current thread: