top | item 44773320

(no title)

dogcow | 7 months ago

Doesn't using ULAs kind of defeat the purpose (or one of the main intents) of IPv6, which is every device having a globally rotatable IP address? It kind of puts us right back in the IPv4 with NAT situation, only with longer, uglier addresses.

I personally think it is absurd that the ISPs that do actually support IPv6 are being so difficult and stingy about assigning static v6 prefixes.

discuss

RiverCrochet|7 months ago

IPv4/NAT is not the only "to get to system X you must pass through system Y" scenario.

Example: You have a bastion host that is Internet-accessible, and it has one or more server behind it you only want accessible "through" the bastion host. The bastion host might be running nginx and reverse proxying multiple servers behind it, and this host is doing caching in addition to WAF and some other stuff.

So this bastion host would have at least 2 NICs, one for the Internet-facing connection and one or more where servers exist on a non-public LAN. The small network(s) connecting these servers to the bastion host can use a ULA and thus be guaranteed to not be globally routable.

Link-locals are suboptimal because since they are link local, they only have to be unique per link. This means some commands insist you specify interface name with the LLA, e.g. fe80::aaaa%eth1.