[143459] in North American Network Operators' Group
Re: IPv6 end user addressing
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Aug 10 18:36:20 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <4E429FA4.2070506@ispalliance.net>
Date: Wed, 10 Aug 2011 15:33:20 -0700
To: Scott Helms <khelms@ispalliance.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There is some deployable technology that allows some aspects of this =
today.
Yes, it's in its infancy. Small prefix limitations will guarantee it =
never sees the
light of day just as NAT precluded many useful innovations from getting =
deployed.
Layer 3 isolation is only isolation by agreement if the hosts have some =
way
to get on the same physical or logical LAN layer 2 segment. Otherwise, =
layer 3
isolation is as effective as any firewall. Layer 2 isolation, OTOH, is =
both
harder to administer and no more effective than layer 3. If you can =
bypass layer 3
by connecting to the same LAN segment, chances are you can bypass layer =
2
by making that LAN segment one which doesn't go through the enforcement
switch between the two devices in question.
Owen
On Aug 10, 2011, at 8:11 AM, Scott Helms wrote:
> Neither of these are true, though in the future we _might_ have =
deployable technology that allows for automated routing setup (though I =
very seriously doubt it) in the home. Layer 2 isolation is both easier =
and more reliable than attempting it at layer 3 which is isolation by =
agreement, i.e. it doesn't really exist.
>=20
> On 8/10/2011 9:02 AM, Owen DeLong wrote:
>>=20
>> Bridging eliminates the multicast isolation that you get from =
routing.
>>=20
>> This is not a case for bridging, it's a case for making it possible =
to do real
>> routing in the home and we now have the space and the technology to
>> actually do it in a meaningful and sufficiently automatic way as to =
be
>> applicable to Joe 6-Mac.
>>=20
>=20
> --=20
> Scott Helms
> Vice President of Technology
> ISP Alliance, Inc. DBA ZCorum
> (678) 507-5000
> --------------------------------
> http://twitter.com/kscotthelms
> --------------------------------
>=20
