[142764] in North American Network Operators' Group
Re: best practices for management nets in IPv6
daemon@ATHENA.MIT.EDU (Joel Maslak)
Tue Jul 12 20:34:01 2011
In-Reply-To: <FBFA8286DF47FD4A962B385021012AD452EA2BEF89@C4V1.xds.umail.utah.edu>
From: Joel Maslak <jmaslak@antelope.net>
Date: Tue, 12 Jul 2011 18:32:55 -0600
To: Tom Ammon <tom.ammon@utah.edu>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Public IPs.
At some point you will have to manage something outside your current world o=
r your organization will need to merge/partner/outsource/contract/etc with s=
omeone else's network and they might not be keen to route to your ULA space (=
and might not be more trustworthy than the internet at large anyhow). Think=
about things like VPN endpoints, video devices, telephones, etc, that may e=
nd up on a public network, maybe behind a device you manage. You may just m=
anage routers today, but who knows about tomorrow. Put behind a firewall an=
d use good ingress filtering throughout your network, separating trust zones=
with distinct subnets.
If you are worried about forgetting to enable a firewall, put in a network m=
anagement system to verify connectivity stays blocked combined with a monito=
red IDS.=
