[148910] in North American Network Operators' Group
RE: using ULA for 'hidden' v6 devices?
daemon@ATHENA.MIT.EDU (George Bonser)
Thu Jan 26 05:00:41 2012
From: George Bonser <gbonser@seven.com>
To: Owen DeLong <owen@delong.com>
Date: Thu, 26 Jan 2012 10:00:20 +0000
In-Reply-To: <168C9CFC-60E3-4947-999A-15334E07BFB0@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Use different GUA ranges for internal and external. It's easy enough to
> get an additional prefix.
>=20
> > As others have mentioned, things like management interfaces on access
> switches, printers, and IP phones would be good candidates to hide with
> ULA.
>=20
> Or non-advertised, filtered GUA. Works just as well either way.
>=20
> Owen
>=20
If one is obtaining "another" prefix for local addressing, I see no benefit=
. I am assuming that anyone that is using ULA is using it for things that =
don't communicate off the site such as management interfaces of things, etc=
. This won't be a subnet you are connecting by VPN to another organization=
, usually, but even if you do the chances of collision is pretty low if you=
select your nets properly. But for the most absolutely paranoid site, I c=
an see some appeal in using ULA in conjunction with DNS64/NAT64 and see the=
m giving the devices internet access via v4. Not that I agree with the not=
ion, mind you, just that I can see someone looking at that as an appealing =
solution for some things. Even if someone managed to get through the NAT d=
evice via v4, they would have nothing to talk to on the other side as the o=
ther side is all v6.
