multiple prefixes

Tim Chown tjc at ecs.soton.ac.uk
Mon Feb 11 15:09:00 CET 2013


On 10 Feb 2013, at 16:29, David Magda <dmagda at ee.ryerson.ca> wrote:

> On Feb 10, 2013, at 06:29, Phil Mayers wrote:
> 
>> Can you give an example of this use-case, and maybe highlight how it's different than just ACLing / firewalling the "server" subnet off? I'm having a hard time understanding the added value of ULA in this scenario, or how getting "internal only" traffic onto ULA addresses helps prevent it "going external" - isn't that what a routing table does? I'm sure I must be missing something...
> 
> If someone does not have an AS (or go through the effort of setting one up for a small-ish business), and/or if you can only get a provider dependent prefix, then you generally don't want to assign a bunch of servers / devices with IPs that may change if you decide to go with another ISP at some point in the future.
> 
> ULA becomes a form of provider independent prefixing mechanism for folks/organization that may not be able other get it.

Except that's really bad as it goes hand in hand with NPTv6, which maps between external global and internal ULA prefixes.  The IPv6 model supports use of both ULAs and globals. Hosts acquire both. Use ULAs for internal communications, and globals for external communications.  ULA is not by design intended to be used with any for of NAT.  Any organisation that cares enough about renumbering implications of changing provider should be able to obtain/afford PI.

Tim




More information about the ipv6-ops mailing list