using ULA for 'hidden' v6 devices?

Justin M. Streiner streiner at cluebyfour.org
Wed Jan 25 12:03:52 CST 2012


On Wed, 25 Jan 2012, Dale W. Carder wrote:

> We have one customer in particular with a substantial non-publicly
> reachable v6 deployment with globally assigned addresses.  I believe
> there is no need to replicate the headaches of rfc1918 in the next
> address-family eternity.

The one big issue I could see with doing that is that the vulnerability 
exposure, particularly from the outside world, is larger if devices that 
don't need public addresses have them.  For example, if a network engineer 
or NOC person accidentally removes a "hide my public infrastructure from 
the outside world" from an interface on a border router...

As others have mentioned, things like management interfaces on access 
switches, printers, and IP phones would be good candidates to hide with 
ULA.

jms



More information about the NANOG mailing list