using ULA for 'hidden' v6 devices?
Justin M. Streiner
streiner at cluebyfour.org
Wed Jan 25 12:03:52 CST 2012
On Wed, 25 Jan 2012, Dale W. Carder wrote:
> We have one customer in particular with a substantial non-publicly
> reachable v6 deployment with globally assigned addresses. I believe
> there is no need to replicate the headaches of rfc1918 in the next
> address-family eternity.
The one big issue I could see with doing that is that the vulnerability
exposure, particularly from the outside world, is larger if devices that
don't need public addresses have them. For example, if a network engineer
or NOC person accidentally removes a "hide my public infrastructure from
the outside world" from an interface on a border router...
As others have mentioned, things like management interfaces on access
switches, printers, and IP phones would be good candidates to hide with
More information about the NANOG