[148914] in North American Network Operators' Group
Re: using ULA for 'hidden' v6 devices?
daemon@ATHENA.MIT.EDU (Tim Chown)
Thu Jan 26 06:16:29 2012
From: Tim Chown <tjc@ecs.soton.ac.uk>
In-Reply-To: <596B74B410EE6B4CA8A30C3AF1A155EA09C934BC@RWC-MBX1.corp.seven.com>
Date: Thu, 26 Jan 2012 11:15:55 +0000
To: NANOG list <nanog@nanog.org>
X-ECS-MailScanner-From: tjc@ecs.soton.ac.uk
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 26 Jan 2012, at 11:10, George Bonser wrote:
>> The potential advantage of ULAs is that you have a stable internal
>> addressing scheme within the homenet, while your ISP-assigned prefix
>> may change over time. You run ULAs alongside your PA prefix. ULAs =
are
>> not used for host-based NAT. The implication is that all homenet
>> devices carry a ULA, though whether some do not also have a global PA
>> address is open for debate.
>=20
> Yeah, there's some advantage to that. Have a "corp.foo.com" domain =
that is the native domain for the internal machines while the foo.com =
domain that is visible to the outside world has outside accessible =
addressing.
Perhaps host.local or host.home internally and host.foo.com externally, =
though the latter could/should work internally as well.
>> There's a suggestion that ULAs could be used to assist security to =
some
>> extent, allowing ULA to ULA communications as they are known to be
>> within the homenet.
>=20
> Not sure how that assists security unless you simply want to limit =
site-site communications to your ULA ranges only, then sure. In =
practice, sites often back each other up and you can have external =
traffic for site A using site B for its internet access, but that's not =
a big deal, just need to keep your internal and external traffic =
separated which any good admin will do as a matter of course, anyway.
It was a suggestion a previous homenet session, but the security aspect =
of homenet is lagging rather behind the current focus of routing and =
prefix delegation. The usefulness of the suggestion does depend on ULA =
filtering at borders, and defining the borders.
I'm interested in views as one of the editors of the homenet =
architecture text.
Tim
