[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

using ULA for 'hidden' v6 devices?

Subject: using ULA for 'hidden' v6 devices?
From: streiner at cluebyfour.org (Justin M. Streiner)
Date: Wed, 25 Jan 2012 13:03:52 -0500 (EST)
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]>

On Wed, 25 Jan 2012, Dale W. Carder wrote:

> We have one customer in particular with a substantial non-publicly
> reachable v6 deployment with globally assigned addresses.  I believe
> there is no need to replicate the headaches of rfc1918 in the next
> address-family eternity.

The one big issue I could see with doing that is that the vulnerability 
exposure, particularly from the outside world, is larger if devices that 
don't need public addresses have them.  For example, if a network engineer 
or NOC person accidentally removes a "hide my public infrastructure from 
the outside world" from an interface on a border router...

As others have mentioned, things like management interfaces on access 
switches, printers, and IP phones would be good candidates to hide with 
ULA.

jms

Follow-Ups:
- using ULA for 'hidden' v6 devices?
  - From: owen at delong.com (Owen DeLong)

References:
- using ULA for 'hidden' v6 devices?
  - From: streiner at cluebyfour.org (Justin M. Streiner)
- using ULA for 'hidden' v6 devices?
  - From: dwcarder at wisc.edu (Dale W. Carder)

Prev by Date: using ULA for 'hidden' v6 devices?
Next by Date: using ULA for 'hidden' v6 devices?
Previous by thread: using ULA for 'hidden' v6 devices?
Next by thread: using ULA for 'hidden' v6 devices?
Index(es):
- Date
- Thread