using "reserved" IPv6 space

-Hammer- bhmccie at gmail.com
Fri Jul 13 16:21:13 UTC 2012


I'm having similar thoughts and we are about to implement. Fortunately 
we are implementing in an isolated lab first for this exact reason. For 
us to figure things out first before attempting them elsewhere.

I like the ULA approach. I'm not sure about link local being used as 
strategy for Internal services. I'm finally getting to the point where 
I'm looking past the vastness of the numbers and just focusing on 
subnets and masks and subnetting and whatnot.

-Hammer-

"I was a normal American nerd"
-Jack Herer



On 7/13/2012 11:11 AM, Tom Cooper wrote:
> On Fri, Jul 13, 2012 at 11:05 AM, TJ <trejrco at gmail.com 
> <mailto:trejrco at gmail.com>> wrote:
>
>     On Fri, Jul 13, 2012 at 10:38 AM, -Hammer- <bhmccie at gmail.com
>     <mailto:bhmccie at gmail.com>> wrote:
>
>     > OK. I'm pretty sure I'm gonna get some flak for this but I'll
>     share this
>     > question and it's background anyway. Please be gentle.
>     >
>     > In the past, with IPv4, we have used reserved or "non-routable"
>     space
>     > Internally in production for segments that won't be seen
>     anywhere else.
>     > Examples? A sync VLAN for some FWs to share state. An IBGP link
>     between
>     > routers that will never be seen or advertised. In those cases,
>     we have
>     > often used 192.0.2.0/24 <http://192.0.2.0/24>. It's reserved and
>     never used and even if it did
>     > get used one day we aren't "routing" it internally. It's just on
>     segments
>     > where we need some L3 that will never be seen.
>     >
>     > On to IPv6
>     >
>     > I was considering taking the same approach. Maybe using 0100::/8 or
>     > 1000::/4 or A000::/3 as a space for this.
>     >
>
>
>     Would using "just" Link Locals not be sufficient?
>     *(Failing that, as others noted, ULAs are the next "right" answer
>     ... )*
>     *
>     *
>     /TJ
>
>
> As an IPv6 newbie myself, I wonder how hosts handle link local, ULA 
> and global addresses.
> For example, if you have some internal web traffic used for intranet 
> use only, do you bind those servers to use only ULA addresses? This 
> way your internal users with ULA addressing only have access to those 
> servers? No need to give intranet-only servers a global address if 
> they're not needed to be accessed globally.
>
> Is there a way for hosts to "prefer" or "attempt" to connect to a 
> service by first trying a link-local scope, then a ULA and finally a 
> global address if its off the AS?
> I really like the idea of ULA and think it makes much more sense than 
> RFC1918 + NAT. I just don't have any deployment experience with it yet 
> so I'm curious how the host would handle it.
>
> On the router side, I'm sure ULA and global routing just run as 
> ships-in-the-night side-by-side anyways...right?
>
> -- 
> Thomas Cooper



More information about the NANOG mailing list