using ULA for 'hidden' v6 devices?

George Bonser gbonser at seven.com
Thu Jan 26 06:28:04 CST 2012


> In other words, you turn leakage into a feature.  You make the fact
> that routes might leak add to the uncertainty by having everyone use
> the same nets.  The more people that leak, the less likely you are to
> reach an intended destination.  V6 ULA makes it MORE likely a leak will
> result in a security breach because it reduces the chances that two
> nets will leak the same routes.
> 
> 

To put it another way, if you mandated that EVERY network announce the entire ULA space, it would make reaching any particular network in a predictable manner impossible.  Just as if every network announced RFC 1918 space and everyone accepted it, it would make that address space completely unusable for anything, particularly if everyone announced it and black holed it.  That might even be more effective than filtering it.  Everyone on the planet announces a route to 10/8 and everyone black holes it at their peering/transit points.  

So even if someone forgot to filter it, it wouldn't matter because it would be intercepted long before it ever gets to them or at least the chances of anyone being able to reliably reach them would be just about zero.









More information about the NANOG mailing list