[154826] in North American Network Operators' Group
Re: using "reserved" IPv6 space
daemon@ATHENA.MIT.EDU (TJ)
Fri Jul 13 14:48:46 2012
In-Reply-To: <OF7FAB6288.19E04E2D-ON85257A3A.0061C283-85257A3A.006287A5@videotron.com>
From: TJ <trejrco@gmail.com>
Date: Fri, 13 Jul 2012 14:47:26 -0400
To: Jean-Francois.TremblayING@videotron.com
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: trejrco@gmail.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Jul 13, 2012 at 1:56 PM, <Jean-Francois.TremblayING@videotron.com>w=
rote:
> -Hammer- <bhmccie@gmail.com> a =E9crit sur 13/07/2012 12:21:13 PM :
>
> > I like the ULA approach.
>
> Global and ULA are two approach, but there's a third one: GUA + ULA. We
> actually put a GUA on servers speaking publicly, a ULA on servers speakin=
g
> in our domain only and *both* ULA and GUA on servers which talk both ways=
.
> Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA
> connections only (just simple URPF over two interfaces).
>
> This setup works very well, surprisingly we've had very little source
> address selection problems so far (knock on wood). We're very happy that
> the separation between public and "private" networks is clear, it helps a
> lot with debugging and service separation.
>
Of the top of my head, the first problem you might hit there is
WRT multicast ...
*(ULA might "win" some source address selections that you want GUA to win)*
/TJ
