Re: using "reserved" IPv6 space

[TJ <trejrco () gmail com>]

On Fri, Jul 13, 2012 at 1:56 PM, <Jean-Francois.TremblayING () videotron com>wrote:

> -Hammer- <bhmccie () gmail com> a écrit sur 13/07/2012 12:21:13 PM :
>
> > I like the ULA approach.
>
> Global and ULA are two approach, but there's a third one: GUA + ULA. We
> actually put a GUA on servers speaking publicly, a ULA on servers speaking
> in our domain only and *both* ULA and GUA on servers which talk both ways.
> Our datacenter firewalls are configured to enforce GUA-GUA and ULA-ULA
> connections only (just simple URPF over two interfaces).
>
> This setup works very well, surprisingly we've had very little source
> address selection problems so far (knock on wood). We're very happy that
> the separation between public and "private" networks is clear, it helps a
> lot with debugging and service separation.


Of the top of my head, the first problem you might hit there is
WRT multicast ...
*(ULA might "win" some source address selections that you want GUA to win)*
/TJ