[148916] in North American Network Operators' Group
RE: using ULA for 'hidden' v6 devices?
daemon@ATHENA.MIT.EDU (George Bonser)
Thu Jan 26 07:29:04 2012
From: George Bonser <gbonser@seven.com>
To: Tim Chown <tjc@ecs.soton.ac.uk>, NANOG list <nanog@nanog.org>
Date: Thu, 26 Jan 2012 12:28:04 +0000
In-Reply-To: <596B74B410EE6B4CA8A30C3AF1A155EA09C93566@RWC-MBX1.corp.seven.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> In other words, you turn leakage into a feature. You make the fact
> that routes might leak add to the uncertainty by having everyone use
> the same nets. The more people that leak, the less likely you are to
> reach an intended destination. V6 ULA makes it MORE likely a leak will
> result in a security breach because it reduces the chances that two
> nets will leak the same routes.
>=20
>=20
To put it another way, if you mandated that EVERY network announce the enti=
re ULA space, it would make reaching any particular network in a predictabl=
e manner impossible. Just as if every network announced RFC 1918 space and=
everyone accepted it, it would make that address space completely unusable=
for anything, particularly if everyone announced it and black holed it. T=
hat might even be more effective than filtering it. Everyone on the planet=
announces a route to 10/8 and everyone black holes it at their peering/tra=
nsit points. =20
So even if someone forgot to filter it, it wouldn't matter because it would=
be intercepted long before it ever gets to them or at least the chances of=
anyone being able to reliably reach them would be just about zero.
