[154821] in North American Network Operators' Group
Re: using "reserved" IPv6 space
daemon@ATHENA.MIT.EDU (Jean-Francois.TremblayING@videotro)
Fri Jul 13 13:56:46 2012
In-Reply-To: <50004AF9.9010601@gmail.com>
To: bhmccie@gmail.com
From: Jean-Francois.TremblayING@videotron.com
Date: Fri, 13 Jul 2012 13:56:11 -0400
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
-Hammer- <bhmccie@gmail.com> a =E9crit sur 13/07/2012 12:21:13 PM :
> I like the ULA approach.=20
Global and ULA are two approach, but there's a third one: GUA + ULA. We=20
actually put a GUA on servers speaking publicly, a ULA on servers speaking =
in our domain only and *both* ULA and GUA on servers which talk both ways. =
Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA=20
connections only (just simple URPF over two interfaces).=20
This setup works very well, surprisingly we've had very little source=20
address selection problems so far (knock on wood). We're very happy that=20
the separation between public and "private" networks is clear, it helps a=20
lot with debugging and service separation.=20
/JF
