multiple prefixes

Tim Chown tjc at ecs.soton.ac.uk
Mon Feb 11 23:35:41 CET 2013


On 11 Feb 2013, at 19:14, "David Magda" <dmagda at ee.ryerson.ca> wrote:

> On Mon, February 11, 2013 09:09, Tim Chown wrote:
>> On 10 Feb 2013, at 16:29, David Magda <dmagda at ee.ryerson.ca> wrote:
>> 
>>> ULA becomes a form of provider independent prefixing mechanism for
>>> folks/organization that may not be able other get it.
>> 
>> Except that's really bad as it goes hand in hand with NPTv6, which maps
>> between external global and internal ULA prefixes.  The IPv6 model
>> supports use of both ULAs and globals. Hosts acquire both. Use ULAs for
>> internal communications, and globals for external communications.  ULA is
>> not by design intended to be used with any for of NAT.  Any organisation
>> that cares enough about renumbering implications of changing provider
>> should be able to obtain/afford PI.
> 
> No where do I mention NPT.
> 
> ULA is used by clients (desktops, laptops, handhelds) to talk to internal
> servers. A PD prefix is used by clients to talk to the public Internet
> (ideally with privacy options).
> 
> Servers are assigned a ULA-prefix IPv6 address staticly (and put in DNS).
> If they want to talk to the outside world (e.g., for software updates)
> they have to go through a bastion / proxy host of some kind.
> 
> If the ISPs is changed, the new one is set up a head of time, and all the
> clients start using its prefix over the course of a week/month. Once it's
> confirmed that no traffic is going through the old ISP, service is
> terminated. Servers (and DNS) have not had to be altered, and the dynamic
> nature of most clients allows them to be self-updated. IMHO servers should
> always be staticly configured (i.e., not using RAs or some such), and so
> it would necessary to manually touch them otherwise (modulo things like
> Puppet, Chef, etc.).
> 
> The above scenario allows stability for static devices, better tracking on
> the ULA prefix for internal communication, and privacy for external
> communication. No NAT or NPT needed.
> 
> Even for small businesses (<50 people) this would be useful to an IT
> consultant (not withstanding wanting to put more hours in): all the static
> stuff (servers, PBXes) can be left untouched, and a new ISP could be
> connected. Or if the company is bought out (a scenario that I've dealt
> with), all the "important" bits are self-contained in a nice routable
> entry which can he connected to the mega-crop's WAN: no address conflicts
> since ULA should be fairly unique.

OK, sorry, yes, that's a similar reason as to why ULAs are recommended in the IPv6 homenet scenario - you use ULAs for internal communications, and stability through a flash renumbering event, and globals for external communications.

In a larger enterprise, you'll typically not need to have a flag day renumbering, so you can renumber without ULAs, following the RFC4192 procedure. We used that maybe 10 years ago, and it worked pretty well even then, at least for the host configuration element.

Tim




More information about the ipv6-ops mailing list