[148913] in North American Network Operators' Group
RE: using ULA for 'hidden' v6 devices?
daemon@ATHENA.MIT.EDU (George Bonser)
Thu Jan 26 06:10:43 2012
From: George Bonser <gbonser@seven.com>
To: Tim Chown <tjc@ecs.soton.ac.uk>, NANOG list <nanog@nanog.org>
Date: Thu, 26 Jan 2012 11:10:12 +0000
In-Reply-To: <EMEW3|b72a697efe1157735ee304b250d989f0o0PAfI03tjc|ecs.soton.ac.uk|06704517-398C-4FD4-9AC4-4D4A83D9D493@ecs.soton.ac.uk>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>=20
> The potential advantage of ULAs is that you have a stable internal
> addressing scheme within the homenet, while your ISP-assigned prefix
> may change over time. You run ULAs alongside your PA prefix. ULAs are
> not used for host-based NAT. The implication is that all homenet
> devices carry a ULA, though whether some do not also have a global PA
> address is open for debate.
Yeah, there's some advantage to that. Have a "corp.foo.com" domain that is=
the native domain for the internal machines while the foo.com domain that =
is visible to the outside world has outside accessible addressing.
> There's a suggestion that ULAs could be used to assist security to some
> extent, allowing ULA to ULA communications as they are known to be
> within the homenet.
Not sure how that assists security unless you simply want to limit site-sit=
e communications to your ULA ranges only, then sure. In practice, sites of=
ten back each other up and you can have external traffic for site A using s=
ite B for its internet access, but that's not a big deal, just need to keep=
your internal and external traffic separated which any good admin will do =
as a matter of course, anyway.
