Home page logo

nanog logo nanog mailing list archives

Re: IPv6 end user addressing
From: Owen DeLong <owen () delong com>
Date: Wed, 10 Aug 2011 11:03:59 -0700

On Aug 10, 2011, at 6:57 AM, Jeroen Massar wrote:

On 2011-08-10 15:02 , Owen DeLong wrote:
Why do I want my appliance network's multicast packets getting tossed
around on the guest wireless?

Even wikipedia knows the answer to that:
which is the first hit for IGMP snooping, which is generally a feature
that is present in the better (and thus more expensive) switching gear
(and thus probably not present in every home, but those homes probably
also don't care about that).

That would be the answer to why I DON'T want that happening, but, why
would I WANT it to happen when, as you said, the better and more
appropriate solution is to route.

Unless you have some benefit to offer from NOT Routing, I stand by
my statement.

Granted, routing is the better and more appropriate way to isolate these
kind of packets and definitely more appropriate for broadcast nastyness
(mDNS is such a nice one there too...).

That said, /56 or /48 to the home should be what is happening.

That said, /48 to the home should be what is happening, and /56 is
a better compromise than anything smaller.

The whole point of settling on a single prefix btw is so that networks
can at least keep the same numbering plan when they switch from one PA
prefix to another.

That would be nice as well, but, unfortunately, it is obvious at this point
that some ISPs will unfortunately refuse to give home users /48s.


PS: the more power to your kids if they can sniff the network for your
'adult content', decode it, and then actually watch it (though if they
are technically inclined actually not too difficult, but heck, is that
not where crypto comes into play, as when they can pull that off on your
kiddienetwork they can also just plug something into the kiddie-'adult
content'-network and sniff it off there... something with 802.1x comes
to mind to solve that step.

The chances of the average amplifier and television supporting that
level of encryption in a way that the hypothetical kids in this situation
would be unable to decrypt a stream that does work between the
source and the television and amplifier are pretty slim IMHO.

Heck, I can't even get any one of those devices to speak IPv6 yet, let
alone all of them and with cryptography to boot.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]