Sebastian Freundt wrote:
I pick a mixture, imagine someone `uses' (read forges) one of your addresses inside your /64 (choose a different prefix if you want, the idea is that /x is assigned to you in a bigger network /y (y< x)), say they use 2001:db8:0:0::4 and their `assigned' network is actually 2001:db8:0:1::/64, now since you insist that they must route ALL traffic inside your network, they will certainly route that address, and since you have no designated router in the 2001:db8:0:0 network (you haven't named one, there's no BGP entry either), they will start an ndp request if noone had used the 0::4 before. Imagine the box that you declared as your router (but the ISP doesn't know about that) is busy/slow/off, it doesn't send a negative reply fast enough, the other guy's router had already ack'd the ndp. Now, their MAC address is in the neighbourhood table, they can now constantly keep it updated by ping6ing the router (a unicast address of the router was in the ndp packet). Long story short, there's a host in `your' /64 you don't know about and there's nothing you can do about it.
I am struggling to make sense of this. First, the ISP does not route anything within my network, only traffic to or from it, from the rest of the world. There is no routing within a local network, as all traffic is managed by MAC address. It is entirely possible to run a local network without a router, if you don't want to be able to reach elsewhere. Also, if they spoof an address on my subnet from elsewhere, then there's no way their MAC address will be recorded anywhere other than their network, as MAC addresses are stripped off when a packet passes through a router and replaced by one for the router port. That is, if you send an IP packet from a computer on your network to one on mine, I will not see your MAC address, but your IP packet will be carried by an Ethernet frame bearing my router's local MAC address. This means your MAC address will never, ever appear on my network or any other than your own. It's simply not possible.
Routing tables are based on network, not individual host addresses.
This means that the number of computers or addresses you use is irrelevant, so long as they all belong to your network or subnet.
That's incorrect. Many routing table implementations allow a short cut notation if you want to route a whole network, cisco IOS allows that, linux too. Apparently, if the ISP was in their right mind, they would just route the whole /64 if their hardware supports it. If not, well, you could use STP to generate routes, or you do it the hard way, as the NOC team in our university and enter them one by one, also entering the MAC address associated with the IP into the MAC filter. How would you do that?
It is possible to list a route to a single host, but not that hosts specific address. When you set up a route, each end of the route is in a different subnet. For example, if we were configuring a route between our networks, I'd have an address in my subnet range e.g. 192.168.1.1 on my end and you'd have one for your end e.g. 172.16.3.1. Any traffic for your network would be sent via my 192.168.1.1 address, even though your addresses never appear on my end. I do not know if the address on your end is a router or a computer and I don't have to know.
One of the advantages of IPv6 is that it reduces the size of routing
tables. The tables contain only network addresses and are done in a hierarchical manner, so that the most significant bits are sorted first then lesser ones, as you get closer to the destination. You will not find individual computers in a routing table.
Nope, incorrect. Don't claim stuff you're not sure about, at least use phrases like `I think' or so, others may get a completely wrong impression if they read your postings.
Actually, what I stated is correct. From http://www.tech-faq.com/understanding-ipv6.html "An efficient hierarchical addressing and routing infrastructure: The IPv6 global addresses are designed to create an efficient routing infrastructure. The backbone routers of an IPv6 Internet have small routing tables. This is in line with the routing infrastructure of global ISPs." Or from http://ezinearticles.com/?IPv4-Vs-IPv6-%28Advantages-and-Disadvantages%29&am... "Addressing and Routing Infrastructure Efficiency in IPv6 IPv6 designed to create an efficient, hierarchical, and summarize able routing infrastructure that is based on the common occurrence of multiple levels of Internet Service Providers. It reduce the size of routing table of backbone routers. Which is can cause of efficient internet experience." There are many other sources on the Internet and in books that say the same thing. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org