This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 75%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Is it expected that ARM will use Unique Local Addresses (ULAs)? How should we deal with this? We use IP blocking, and releasing the entire IPv6 range would be too insecure for me.
Background, we are using an spn which has the permissions to manage/create an aks.
A cloud-based identity and access management service for securing user authentication and resource access
ARM’s been leaking those v6 ULA hops for a while now, it’s just backend plumbing.
you can’t really fence that stuff with IPs and the trick is lock the spn down with CA + tight roles, not the addr. chasing v6 blocks is… kinda a fool’s errand tbh.
Makes sense to me. Do you know if there is any documentation somewhere that ARM uses these ranges? I searched for it, but couldn't find anything, hence the question.