nanog mailing list archives

Re: best practices for management nets in IPv6

From: Joel Maslak <jmaslak () antelope net>
Date: Tue, 12 Jul 2011 18:32:55 -0600

Public IPs.

At some point you will have to manage something outside your current world or your organization will need to 
merge/partner/outsource/contract/etc with someone else's network and they might not be keen to route to your ULA space 
(and might not be more trustworthy than the internet at large anyhow).  Think about things like VPN endpoints, video 
devices, telephones, etc, that may end up on a public network, maybe behind a device you manage.  You may just manage 
routers today, but who knows about tomorrow.  Put behind a firewall and use good ingress filtering throughout your 
network, separating trust zones with distinct subnets.

If you are worried about forgetting to enable a firewall, put in a network management system to verify connectivity 
stays blocked combined with a monitored IDS.

Current thread:

best practices for management nets in IPv6 Tom Ammon (Jul 12)
- Re: best practices for management nets in IPv6 Rubens Kuhl (Jul 12)
- Re: best practices for management nets in IPv6 Cameron Byrne (Jul 12)
- Re: best practices for management nets in IPv6 Joel Maslak (Jul 12)
  - Re: best practices for management nets in IPv6 James Harr (Jul 13)
    - RE: best practices for management nets in IPv6 Ryan Finnesey (Jul 17)
    - Re: best practices for management nets in IPv6 FRLinux (Jul 18)
    - Re: best practices for management nets in IPv6 Tim Franklin (Jul 18)
    - Re: best practices for management nets in IPv6 Dave Hart (Jul 18)
    - Re: best practices for management nets in IPv6 Doug Barton (Jul 18)
    - RE: best practices for management nets in IPv6 Ryan Finnesey (Jul 18)
    - RE: best practices for management nets in IPv6 Frank Bulk (Jul 18)
    - RE: best practices for management nets in IPv6 Ryan Finnesey (Jul 18)
    - Re: best practices for management nets in IPv6 Paul Ebersman (Jul 23)

(Thread continues...)