Hi, On 27.09.2011 18:06, Eric Vyncke (evyncke) wrote: > At the risk of stating the obvious, ULA does not provide any > real-world security... They do not have the E-bit set ;-)
Even with the :-), I neither understood nor described ULAs as a security solution - they only simplify some filtering rules. > More seriously, ULA can be routed, so, if a ULA route leaks, then > your ULA can be reached. Obviously, if your ULA gets a default route, > then it can send packets to the Internet (information leak/covert > channel). That should be avoided/excluded by proper engineering and putting appropriate filters at the right places. A car will likely get a lot of different and changing external addresses for Internet connectivity, e.g., via the built-in UMTS/LTE module, via a connected smartphone, or even WLAN hotspots... the internal network should never be affected adversely by external routes or addresses. > The 'only' advantage of ULA vs. GUA is ease of filtering on a very > short and well-known prefix. True, but not the only one. ULAs have the advantage of being usable even in an autonomous and spontaneous setting, i.e., they can be generated on demand without any further interaction, which is a nice feature for autonomous and isolated networks. But you don't need that in some cases. Using a global unicast address will also work for most scenarios if appropriate filters are in place. The question was, whether a ULA-like approach is preferable. Regards, Roland -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
