Re: Why ULA: low collision chance (Was: IPv6 fc00::/7 — Unique local addresses)
Owen DeLong
owen at delong.com
Fri Oct 22 01:38:27 UTC 2010
On Oct 21, 2010, at 3:42 PM, Jack Bates wrote:
> On 10/21/2010 5:27 PM, Joel Jaeggli wrote:
>>
>> Announce your gua and then blackhole it and monitor your prefix. you can
>> tell if you're leaking. it's generally pretty hard to tell if you're
>> leaking rfc 1918 since your advertisement may well work depending on the
>> filters of your peers but not very far.
>
> This is always the argument I hear from corporate customers concerning wanting NAT. If mistake is made, the RFC 1918 space isn't routable. They often desire the same out of v6 for that reason alone.
>
Given the number of times and the distance over which I have seen RFC-1918
routes propagate, this belief is false to begin with, so, removing this false sense
of security is not necessarily a bad thing.
> I personally could understand the fear of wondering if your stateful firewall is properly working and doing it's job and how a simple mistake could have disastrous effects that NAT systems usually don't have. ULA w/ NAT very well may become the norm.
>
I tend to doubt that it will... Hopefully there will be enough proper deployments
that developers will not eschew improvements that depend on an end-to-end
model and there will be real features unavailable to any network that deploys
such relatively quickly.
The tragedy won't be networks deploying NAT. I'm all for allowing you to buy
a gun, ammunition, and aim at your foot or head as you wish.
The tragedy will be if enough networks do this to hobble development of truly
useful tools that depend on a NAT-free environment to work.
Owen
More information about the NANOG
mailing list