Home page logo

nanog logo nanog mailing list archives

Re: IPv6 end user addressing
From: Owen DeLong <owen () delong com>
Date: Wed, 10 Aug 2011 15:33:20 -0700

There is some deployable technology that allows some aspects of this today.
Yes, it's in its infancy. Small prefix limitations will guarantee it never sees the
light of day just as NAT precluded many useful innovations from getting deployed.

Layer 3 isolation is only isolation by agreement if the hosts have some way
to get on the same physical or logical LAN layer 2 segment. Otherwise, layer 3
isolation is as effective as any firewall. Layer 2 isolation, OTOH, is both
harder to administer and no more effective than layer 3. If you can bypass layer 3
by connecting to the same LAN segment, chances are you can bypass layer 2
by making that LAN segment one which doesn't go through the enforcement
switch between the two devices in question.


On Aug 10, 2011, at 8:11 AM, Scott Helms wrote:

Neither of these are true, though in the future we _might_ have deployable technology that allows for automated 
routing setup (though I very seriously doubt it) in the home.  Layer 2 isolation is both easier and more reliable 
than attempting it at layer 3 which is isolation by agreement, i.e. it doesn't really exist.

On 8/10/2011 9:02 AM, Owen DeLong wrote:

Bridging eliminates the multicast isolation that you get from routing.

This is not a case for bridging, it's a case for making it possible to do real
routing in the home and we now have the space and the technology to
actually do it in a meaningful and sufficiently automatic way as to be
applicable to Joe 6-Mac.

Scott Helms
Vice President of Technology
ISP Alliance, Inc. DBA ZCorum
(678) 507-5000

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]