nanog mailing list archives

Re: Use of unique local IPv6 addressing rfc4193

From: Ca By <cb.list6 () gmail com>
Date: Thu, 8 Sep 2016 17:17:23 -0700

On Thursday, September 8, 2016, Pshem Kowalczyk <pshem.k () gmail com> wrote:

With NAT I have a single entry/exit point to those infrastructure subnets
which can be easily policed.
If I give them public IPs then they're routable and potentially can reach
the internet via devices that don't police the traffic.

My real question is does anyone bother with the fc00::/7 addressing or do



Yes.

That space is used for non-internet scenarios.

NAT is bad


CB

you use your public space (and police that)?

kind regards
Pshem


On Fri, 9 Sep 2016 at 10:27 Mark Andrews <marka () isc org <javascript:;>>
wrote:


In message <CAEaZiRU+wgQ0GDzxcmtqKO=_
SASAVsNX31Q_70Q+uDM1oeoHrQ () mail gmail com <javascript:;>>, Pshem

Kowalczyk writes:

Hi,

We're looking at rolling out IPv6 to our internal DC infrastructure.

Those

systems support only our internal network and in the IPv4 world they

all

live in 'private' space of 10.0.0.0/8. I was wondering if anyone uses

the

fc00::/7 space for these sort of things or do ppl use a bit of their

public

IPv6 allocation and manage the security for those ranges?
I realise I'd have to use a proxy or NAT66 for the regular outbound
connectivity (but we do it already for IPv4 anyway). The truth is that

even

if we do use something out of our public allocation we're likely to do

the

same thing (just to be sure that nothing spills out accidentally).

So what do you do in this space?

kind regards
Pshem


If you have a NAT you can't prevent things spilling out.  The ONLY
way to prevent things spilling out is to not connect the network
in any shape or form.

All NAT does is make it harder to run your network and increases
the cost of software development.

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

<javascript:;>

Current thread:

Use of unique local IPv6 addressing rfc4193 Pshem Kowalczyk (Sep 08)
- Re: Use of unique local IPv6 addressing rfc4193 Mark Andrews (Sep 08)
  - Re: Use of unique local IPv6 addressing rfc4193 Pshem Kowalczyk (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Josh Reynolds (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Valdis . Kletnieks (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Mark Andrews (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Pshem Kowalczyk (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Karl Auer (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Ryan, Spencer (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Ca By (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Yang Yu (Sep 08)
    - Re: Use of unique local IPv6 addressing rfc4193 Octavio Alvarez (Sep 09)