On Tue, Jul 12, 2011 at 6:31 PM, Tom Ammon <tom.am...@utah.edu> wrote: > Hi All, > > We're pushing to get IPv6 deployed and working everywhere in our operation, > and I had some questions about best practices for a few things. > > On your management nets (network device management nets) , what's the best > approach for addressing them? Do you use ULA? Or do you use global addresses > and just depend on router ACLs to protect things? How close are we to having > a central registry for unique local addresses, and will that really happen?
What if you apply to a /48 block as end-user because the management network is not part of your ISP-related /32 or larger block ? What if you happen to get that /48 and never announce it to the DFZ ? Then your attack surface gets very small (but still exists, you'll need some ACLs here and there, notably your customers having default-routes to your core). Rubens