[142761] in North American Network Operators' Group
Re: best practices for management nets in IPv6
daemon@ATHENA.MIT.EDU (Cameron Byrne)
Tue Jul 12 19:30:46 2011
In-Reply-To: <FBFA8286DF47FD4A962B385021012AD452EA2BEF89@C4V1.xds.umail.utah.edu>
Date: Tue, 12 Jul 2011 16:29:33 -0700
From: Cameron Byrne <cb.list6@gmail.com>
To: Tom Ammon <tom.ammon@utah.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 12, 2011 2:33 PM, "Tom Ammon" <tom.ammon@utah.edu> wrote:
>
> Hi All,
>
> We're pushing to get IPv6 deployed and working everywhere in our
operation, and I had some questions about best practices for a few things.
>
> On your management nets (network device management nets) , what's the best
approach for addressing them? Do you use ULA? Or do you use global
addresses and just depend on router ACLs to protect things? How close are we
to having a central registry for unique local addresses, and will that
really happen?
>
ACL are prone to typos and inconsistent deployment. If the security policy
is that a give interface must not talk to the internet, ULA is a good choice
as part of a multi-layer security strategy
Cb
> Tom
>
>
-----------------------------------------------------------------------------
> Tom Ammon
> Network Engineer
> M: (801)674-9273
> tom.ammon@utah.edu
>
> Center for High Performance Computing
> University of Utah
> http://www.chpc.utah.edu
>
-----------------------------------------------------------------------------
>
>
