> Hi Ray, > > There's a nuance here you've missed. > > There are two main reasons for ULA inside the network: > > 1. Address stability (simplifies network management) > 2. Source obfuscation (improves the depth of the security plan) > > Option 1: Obfuscation desired. > > ULA inside. NAT/PAT at both borders. You don't use prefix translation > here because prefix translation does little obfuscation: it has a 1:1 > relationship with each individual host and still reveals the internal > routing structure. > > Option 2: Stability, no obfuscation desired. > > ULA inside, prefix translation at both borders. > > Option 3: Neither stability nor obfuscation required. > > GUA from one of the providers inside. Prefix translation to the other > provider for the connections desired out that border. Giving the > hosts > real GUA addresses maximizes application compatibility.
Why doesn't GUA give you address stability? I would think that it would provide the best stability. And in terms of obfuscation, why couldn't we use DHCPv6 to give reasonably random addresses? Also, I don't see how prefix translation reveals my internal routing structure. I don't really see the point in ULA. It just seems like "The Return of RFC 1918, Part II, the Sequel" -Randy