using "reserved" IPv6 space

Jean-Francois.TremblayING at videotron.com Jean-Francois.TremblayING at videotron.com
Fri Jul 13 17:56:11 UTC 2012


-Hammer- <bhmccie at gmail.com> a écrit sur 13/07/2012 12:21:13 PM :

> I like the ULA approach. 

Global and ULA are two approach, but there's a third one: GUA + ULA. We 
actually put a GUA on servers speaking publicly, a ULA on servers speaking 
in our domain only and *both* ULA and GUA on servers which talk both ways. 
Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA 
connections only (just simple URPF over two interfaces). 

This setup works very well, surprisingly we've had very little source 
address selection problems so far (knock on wood). We're very happy that 
the separation between public and "private" networks is clear, it helps a 
lot with debugging and service separation. 

/JF






More information about the NANOG mailing list