On May 22, 2007, at 1:18 AM, Shane Kerr wrote:
I really think ULA is a solution looking for a problem.
I half agree.Bottom line, a ULA is a private address - an address that one can use to identify internal things that people outside don't need to know how to route to. It differs from site-local, which it replaced, in what I consider a relatively minor way: there is potentially a different administration-local for every site, maybe multiple such.
This is eminently doable with global space; one simply doesn't advertise a portion of one's global space outside one's own shop. Yes, that depends on having the right filters all around one's periphery; so does the ULA. The big advantage of the ULA, as near as I can tell, is that it is a filter everyone has agreed to, not only "do not advertise" but "do not accept advertisements of".
I can think of lots of good reasons for administration-local addressing. Internal servers, loopback addresses of routers, switches, and other network elements, anything one doesn't want external things reaching is a good place to use an administration- local address. So a ULA is in some respects a solution to the administration-local addressing problem that we all agree to.
If we're going to manage them centrally, though, a lot of that disappears. If someone outside can predict that I am using a given ULA, and they can figure out how to present one to my edge router, then I have to not only not advertise the ULA to my peer but defend against datagrams bearing the address at my firewall. That pretty much puts us back where we are right now. At that, I scratch my head.
It would be really good, if we want to discuss this, to have an I-D to discuss.