Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
You have 3 addresses on your hosts:
- global address
You can have several ULA-ranges in your organisations and you setup any firewalls and internal DNS and so on to only use the ULA.
I know some people think ULA is a bad idea, but I think using NAT is a lot worse.
Posted Jul 21, 2011 19:58 UTC (Thu) by mstefani (subscriber, #31644)
What we hear from network vendors is that their customer that tried your proposal have reverted to use only global addresses pretty quickly and not bother with ULA. Even if they don't route their global address to the internet and provide only NATed or proxied Internet access over IPv6.
No, ULA is a nice idea but doesn't seem to work in practice.
NAT sounds like a bad idea but it tends to work in practice and can simplify some network designs tremendously (multihoming, making sure that the traffic returns through the same stateful firewall, stop gap measure for internet access while you beat your provider and upstream provider for weeks and months to not filter out your prefix, etc). After all NAT is *not* bad, NAT is just a tool. A tool that can be misused but also a tool that can save your ass sometimes.
Posted Jul 21, 2011 22:28 UTC (Thu) by Lennie (subscriber, #49641)
I do think there are ways to solve that, SLAAC and DHCPv6 have a lot of options, I wouldn't be surprised if most operating systems don't honor half of them though.
The solution could be to have the router(s) send 2 different RA-packets, one with the global routablable address and default route, the other with the ULA and more specific routes for other parts of the network.
That way the host-machine thinks there are 2 routers and thus it knows what source-address to use when talking to the router and hosts on the other parts of the network.
In other news, some people say proxy servers are the solution not NAT.
Posted Aug 30, 2011 23:20 UTC (Tue) by baldur (guest, #77305)
No, the host should follow the rules set out in RFC 3484: http://www.ietf.org/rfc/rfc3484.txt
More specifically the host will use the source address with the longest common prefix of the destination address. This rule guarantees that the ULA address will be used to communicate with other ULAs. And the GUA for other GUAs.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds