[ppml] ULA

mcr at xdsinc.net mcr at xdsinc.net
Tue Sep 18 10:58:00 EDT 2007

Hash: SHA1

>>>>> "Randy" == Randy Bush <randy at psg.com> writes:
    >> All ULA space (L, C, G, or whatever) will come out of a single /7, which 
    >> should be route-filtered on all DFZ routers.

    Randy> the problem is the same old site local problem, what is a border.  this
    Randy> is exacerbated in ula-c by expecting conversation between 'private'
    Randy> spaces.  so you will have semi-permeable borders.  so i share part of my
    Randy> space with my vendor to the left, part with my customers to my right,
    Randy> and ...

  Randy, but you missed the point.
  The ULA proposal should say that all routers, everywhere, should
filter ULA/7 space --- by this I mean, blackhole route, not ACL. (Plus
ingress filtering on source IPs)

  Then, when you want to have semi-permeable borders, you permit
specific /32 or /48s through.  This is MUCH easier than with site-local
addresses, because the router is assured that it doesn't have the same
site-local address on two interfaces.

  Further, the reason I don't like rfc4193 for use in other than ad-hoc
networks is that a third party can't tell who an address belongs to. So,
when you *do* get:

    Randy> can you say "massive misconfiguration and leakage" three times quickly?

  you can use whois to find out who it belongs to.
  In the absense of ULA-Vixie (which letter is your's Paul?), people
like me are going to ask for PI space. (Thank you to those who offered
me a /48 out of their assignment, btw)

- -- 
Michael Richardson <mcr at xdsinc.net>
XDS Inc, Ottawa, ON             
Personal: http://www.sandelman.ca/mcr/ 

Version: GnuPG v1.4.1 (GNU/Linux)


More information about the ARIN-PPML mailing list