[148915] in North American Network Operators' Group
RE: using ULA for 'hidden' v6 devices?
daemon@ATHENA.MIT.EDU (George Bonser)
Thu Jan 26 07:20:16 2012
From: George Bonser <gbonser@seven.com>
To: Tim Chown <tjc@ecs.soton.ac.uk>, NANOG list <nanog@nanog.org>
Date: Thu, 26 Jan 2012 12:19:07 +0000
In-Reply-To: <EMEW3|2a2c119f25d47ec1dfcdc216e4ec9ca4o0PBG303tjc|ecs.soton.ac.uk|9E13525B-E1D0-4F51-8AD0-68359095466A@ecs.soton.ac.uk>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> It was a suggestion a previous homenet session, but the security aspect
> of homenet is lagging rather behind the current focus of routing and
> prefix delegation. The usefulness of the suggestion does depend on ULA
> filtering at borders, and defining the borders.
>=20
> I'm interested in views as one of the editors of the homenet
> architecture text.
>=20
> Tim
>=20
I filter the entire space at the borders. Besides, if someone leaks the sp=
ace, most people won't accept it, certainly any provider worth their salt w=
on't. But one of the problems with ULA and the U part. With RFC 1918 ever=
yone is using the same space. So let's say 10 million networks are using 1=
0/8 and 10,000 of them are leaking bits of it. IF their providers accept t=
heir leaks and IF their providers' peers accept it, that leaves only 10,000=
different places a 10/8 destined packet could go. In other words, 1918 be=
comes a maze of twisty caverns each one looking the same as the other. The=
chances of being able to target any specific network is pretty darned low.=
With ULA and v6, if it leaks and the addresses were chosen properly, the =
chances of targeting a specific network are much better. I rather like the=
notion of everyone using the same v6 space for internal stuff and maybe us=
ing nat64/dns64 to talk to each other over VPN. That way if the space leak=
s in only .1% of cases, the chances of a packet ending up at its intended d=
estination is pretty much random and not guaranteed to end up in the same n=
etwork an hour from now as it is now. If you want LA, fine, assign ONE /32=
for that and everyone uses it. It's like having a million people named "B=
ob". If you should "Bob", there's no guarantee you will be answered by the=
Bob you intended and 5 minutes from now you might be answered by a complet=
ely different Bob.
In other words, you turn leakage into a feature. You make the fact that ro=
utes might leak add to the uncertainty by having everyone use the same nets=
. The more people that leak, the less likely you are to reach an intended =
destination. V6 ULA makes it MORE likely a leak will result in a security =
breach because it reduces the chances that two nets will leak the same rout=
es.
