At 10:12 AM 1/14/2013, Brian May wrote:
Plus, if you have both wired and wifi networks, it is good practise to have them on separate networks. So a single /64 might be insufficient even for typical home use. Or if it is sufficient, there is no room for future expansion.
How many home users _actually_ do this? Good practice or not, I'd say very few (this list would be an unrepresentative sample, skewing estimates very much higher than reality). Segmented networks can be a pain for non technical users with today's plug and play (pray?) devices which expect to find each other on the same LAN segment. 73 de VK3JED / VK3IRL http://vkradio.com
On Mon, 14 Jan 2013, Tony Langdon <vk3jed@gmail.com> wrote:
How many home users actually do this? Good practice or not, I'd say very few (this list would be an unrepresentative sample, skewing estimates very much higher than reality). Segmented networks can be a pain for non technical users with today's plug and play (pray?) devices which expect to find each other on the same LAN segment.
You can use a smart switch or a Linux box running bridging to enforce any form of firewall controls on different parts of the same subnet. So why is there a need for different subnets? It's a poor design to have the minimum subnet be 2^64 addresses though. 2^48 addresses for all Ethernet devices in the world hasn't turned out to be any sort of problem and it's only recently that 2^32 IP addresses for the entire world became a problem (and things still work reasonably well even though almost no-one is IPv6 only). -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
At 01:29 PM 1/14/2013, Russell Coker wrote:
You can use a smart switch or a Linux box running bridging to enforce any form of firewall controls on different parts of the same subnet. So why is there a need for different subnets?
That would likely be an easier solution to manage too.
It's a poor design to have the minimum subnet be 2^64 addresses though. 2^48 addresses for all Ethernet devices in the world hasn't turned out to be any sort of problem and it's only recently that 2^32 IP addresses for the entire world became a problem (and things still work reasonably well even though almost no-one is IPv6 only).
I agree, I know the idea was so host addresses could be hashed from MAC addresses, but writing the RFCs in a way to preclude the use of smaller subnets does seem short sighted to me, especially since there are mechanisms that can be used to manage IP addresses in a smaller subnet. 73 de VK3JED / VK3IRL http://vkradio.com
On 14 January 2013 13:29, Russell Coker <russell@coker.com.au> wrote:
You can use a smart switch or a Linux box running bridging to enforce any form of firewall controls on different parts of the same subnet. So why is there a need for different subnets?
I can think of two reasons, especially if somebody breaks into your wifi connection: 1. When you have two networks that are part of the same network, broadcasts are sent everywhere. Things like printers, dropbox, by default can send out routine broadcasts even when you don't want/need it. For a home network this can cause privacy issues. 2. When you are attached to the same subnet, this gives you opportunity to run ARP attacks (IPv4) and other attacks on the other network. Unless you trust the smart switch to filter out all such attacks (?). Brian May
It's a poor design to have the minimum subnet be 2^64 addresses though. 2^48 addresses for all Ethernet devices in the world hasn't turned out to be any sort of problem and it's only recently that 2^32 IP addresses for the entire world became a problem (and things still work reasonably well even though almost no-one is IPv6 only).
70 trillion possible vendor allocated MAC addresses (46 bits), and currently 7 billion people on earth. 10000 each. I suspect that will be enough for now, but they never get reclaimed (AFAIK) so they won't last forever. This article discusses some of the merits of the 64 bit subnet address - http://etherealmind.com/allocating-64-wasteful-ipv6-not/. I almost stopped reading when I read that "IPv6 addresses are 296 times more numerous than IPv4 addresses" until I realised that they meant 2^96. A lot of these arguments end in the circular statement that "subnets are 64 bits because SLAAC is 64 bits", so I'm yet to be convinced. James [1] do/did Bluetooth and token ring addresses come from the same pool? Google wouldn't tell me with any certainty
On 14/01/2013, at 14:53, James Harper <james.harper@bendigoit.com.au> wrote:
do/did Bluetooth and token ring addresses come from the same pool? Google wouldn't tell me with any certainty
IIRC, Bluetooth, Zigbee/802.15.4 and other wireless protocols newer than Ethernet all use 64-bit MACs. The 48-bit Ethernet MAC is encoded to fit along side any number of these other protocols. IPv6 SLAAC uses the EUI-64 encoding for this
On 14/01/2013, at 14:53, James Harper <james.harper@bendigoit.com.au> wrote:
do/did Bluetooth and token ring addresses come from the same pool? Google wouldn't tell me with any certainty
IIRC, Bluetooth, Zigbee/802.15.4 and other wireless protocols newer than Ethernet all use 64-bit MACs. The 48-bit Ethernet MAC is encoded to fit along side any number of these other protocols. IPv6 SLAAC uses the EUI-64 encoding for this
Thanks. That's the most sensible answer I've heard. James
participants (5)
-
Brian May -
hannah commodore -
James Harper -
Russell Coker -
Tony Langdon