using "reserved" IPv6 space

• Previous message (by thread): using "reserved" IPv6 space
• Next message (by thread): using "reserved" IPv6 space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 13, 2012 at 1:56 PM, <Jean-Francois.TremblayING at videotron.com>wrote:

> -Hammer- <bhmccie at gmail.com> a écrit sur 13/07/2012 12:21:13 PM :
>
> > I like the ULA approach.
>
> Global and ULA are two approach, but there's a third one: GUA + ULA. We
> actually put a GUA on servers speaking publicly, a ULA on servers speaking
> in our domain only and *both* ULA and GUA on servers which talk both ways.
> Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA
> connections only (just simple URPF over two interfaces).
>
> This setup works very well, surprisingly we've had very little source
> address selection problems so far (knock on wood). We're very happy that
> the separation between public and "private" networks is clear, it helps a
> lot with debugging and service separation.
>


Of the top of my head, the first problem you might hit there is
WRT multicast ...
*(ULA might "win" some source address selections that you want GUA to win)*
/TJ

• Previous message (by thread): using "reserved" IPv6 space
• Next message (by thread): using "reserved" IPv6 space
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]