[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)
Douglas Otis
dotis at mail-abuse.org
Tue Mar 20 23:28:44 CET 2012
On 3/20/12 2:37 PM, Owen DeLong wrote:
>
> On Mar 20, 2012, at 2:34 PM, Tim Chown wrote:
>
> On 17 Mar 2012, at 22:55, Owen DeLong wrote:
> >>
> >> ULA brings nothing meaningful to the table.
> >
> > There is an I-D on ULA usage, see
> > http://tools.ietf.org/html/draft-liu-v6ops-ula-usage-analysis-02.
> > I would assume the authors would like feedback.
> >
> > Having ULA-ULA communication in a homenet is a good thing if that
> > means internal connections are not dropped if the accompanying
> > global prefix changes.
> >
> A better solution is to provide some internal persistence on global
> prefixes in the absence of external communication.
>
> Yes, you'll still drop internal connections on a renumber event, but,
> that can be handled gracefully enough so as not to be of sufficient
> concern to merit the drawbacks of using ULA.
>
> > In the homenet scenario, it seems some LLN vendors say they only
> > want to use ULAs.
>
> Herein lies the real hazard of ULA. Forcing NPT into the world is a
> really really really bad thing.
Dear Owen,
I agree with Tim. While NPTv6 should be avoided, there are situations
that arise when dealing with IPv4 NATs.
http://tools.ietf.org/html/rfc6281#page-11 also makes this point by
using ULAs leverage IPv6 as a method for ensuring unique local
identifiers able to retain security associations. In this case, the
identifier lifetime needs to exceed that of any TCP connection or
Security Association running on the host. The HIP alternative may not
be supported.
Regards,
Douglas Otis
More information about the Ipv6hackers
mailing list