[143445] in North American Network Operators' Group
Re: IPv6 end user addressing
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Aug 10 14:06:43 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4E428E62.40700@unfix.org>
Date: Wed, 10 Aug 2011 11:03:59 -0700
To: Jeroen Massar <jeroen@unfix.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Aug 10, 2011, at 6:57 AM, Jeroen Massar wrote:
> On 2011-08-10 15:02 , Owen DeLong wrote:
> [..]
>> Why do I want my appliance network's multicast packets getting tossed
>> around on the guest wireless?
>
> Even wikipedia knows the answer to that:
> http://en.wikipedia.org/wiki/IGMP_snooping
> which is the first hit for IGMP snooping, which is generally a feature
> that is present in the better (and thus more expensive) switching gear
> (and thus probably not present in every home, but those homes probably
> also don't care about that).
>
That would be the answer to why I DON'T want that happening, but, why
would I WANT it to happen when, as you said, the better and more
appropriate solution is to route.
Unless you have some benefit to offer from NOT Routing, I stand by
my statement.
> Granted, routing is the better and more appropriate way to isolate these
> kind of packets and definitely more appropriate for broadcast nastyness
> (mDNS is such a nice one there too...).
>
> That said, /56 or /48 to the home should be what is happening.
>
That said, /48 to the home should be what is happening, and /56 is
a better compromise than anything smaller.
> The whole point of settling on a single prefix btw is so that networks
> can at least keep the same numbering plan when they switch from one PA
> prefix to another.
>
That would be nice as well, but, unfortunately, it is obvious at this point
that some ISPs will unfortunately refuse to give home users /48s.
> Greets,
> Jeroen
>
> PS: the more power to your kids if they can sniff the network for your
> 'adult content', decode it, and then actually watch it (though if they
> are technically inclined actually not too difficult, but heck, is that
> not where crypto comes into play, as when they can pull that off on your
> kiddienetwork they can also just plug something into the kiddie-'adult
> content'-network and sniff it off there... something with 802.1x comes
> to mind to solve that step.
The chances of the average amplifier and television supporting that
level of encryption in a way that the hypothetical kids in this situation
would be unable to decrypt a stream that does work between the
source and the television and amplifier are pretty slim IMHO.
Heck, I can't even get any one of those devices to speak IPv6 yet, let
alone all of them and with cryptography to boot.
Owen
