using ULA for 'hidden' v6 devices?

Justin M. Streiner streiner at
Wed Jan 25 18:03:52 UTC 2012

On Wed, 25 Jan 2012, Dale W. Carder wrote:

> We have one customer in particular with a substantial non-publicly
> reachable v6 deployment with globally assigned addresses.  I believe
> there is no need to replicate the headaches of rfc1918 in the next
> address-family eternity.

The one big issue I could see with doing that is that the vulnerability 
exposure, particularly from the outside world, is larger if devices that 
don't need public addresses have them.  For example, if a network engineer 
or NOC person accidentally removes a "hide my public infrastructure from 
the outside world" from an interface on a border router...

As others have mentioned, things like management interfaces on access 
switches, printers, and IP phones would be good candidates to hide with 


More information about the NANOG mailing list