nanog mailing list archives
Re: best practices for management nets in IPv6
From: Rubens Kuhl <rubensk () gmail com>
Date: Tue, 12 Jul 2011 18:55:10 -0300
On Tue, Jul 12, 2011 at 6:31 PM, Tom Ammon <tom.ammon () utah edu> wrote:
Hi All, We're pushing to get IPv6 deployed and working everywhere in our operation, and I had some questions about best practices for a few things. On your management nets (network device management nets) , what's the best approach for addressing them? Do you use ULA? Or do you use global addresses and just depend on router ACLs to protect things? How close are we to having a central registry for unique local addresses, and will that really happen?
What if you apply to a /48 block as end-user because the management network is not part of your ISP-related /32 or larger block ? What if you happen to get that /48 and never announce it to the DFZ ? Then your attack surface gets very small (but still exists, you'll need some ACLs here and there, notably your customers having default-routes to your core). Rubens
Current thread:
- best practices for management nets in IPv6 Tom Ammon (Jul 12)
- Re: best practices for management nets in IPv6 Rubens Kuhl (Jul 12)
- Re: best practices for management nets in IPv6 Cameron Byrne (Jul 12)
- Re: best practices for management nets in IPv6 Joel Maslak (Jul 12)
- Re: best practices for management nets in IPv6 James Harr (Jul 13)
- RE: best practices for management nets in IPv6 Ryan Finnesey (Jul 17)
- Re: best practices for management nets in IPv6 FRLinux (Jul 18)
- Re: best practices for management nets in IPv6 Tim Franklin (Jul 18)
- Re: best practices for management nets in IPv6 Dave Hart (Jul 18)
- Re: best practices for management nets in IPv6 Doug Barton (Jul 18)
- RE: best practices for management nets in IPv6 Ryan Finnesey (Jul 18)
- RE: best practices for management nets in IPv6 Frank Bulk (Jul 18)
- Re: best practices for management nets in IPv6 James Harr (Jul 13)