James Knott <james.knott@rogers.com> writes:
Sebastian Freundt wrote:
I am struggling to make sense of this. First, the ISP does not route
anything within my network, only traffic to or from it, from the rest of the world. There is no routing within a local network, as all
Exactly. Keep that in mind. No routing within a local network.
traffic is managed by MAC address. It is entirely possible to run a local network without a router, if you don't want to be able to reach elsewhere. Also, if they spoof an address on my subnet from elsewhere, then there's no way their MAC address will be recorded anywhere other than their network, as MAC addresses are stripped off when a packet passes through a router and replaced by one for the
Nope, there is no routing within a local network you said that just 6 lines ago.
You seem to be making a habit of twisting what I say.
I'm just stopping you, pointing out EXACTLY what YOU said. You said it's not necessary to have a router WITHIN a local network, correct, and you said it's necessary in order to connect that network with another network you need a router, correct. Then reread what I said, look at every step and point out where I'm wrong.
router port. That is, if you send an IP packet from a computer on your network to one on mine, I will not see your MAC address, but your IP packet will be carried by an Ethernet frame bearing my router's local MAC address. This means your MAC address will never, ever appear on my network or any other than your own. It's simply not possible.
You didn't understand the scenario at all.
I find much of what you say difficult to understand.
+------------------+-------------------+-------------+ | Your network /64 | Neighbour A /64 | ... +------------------+-------------------+-------------+ +----------------------------------------------------+ | router /48 | +----------------------------------------------------+
Yours is 2001:db8:0:0::/64 Neighbour A's is 2001:db8:0:1::/64
You have a router 2001:db8:0::/48
Traffic is coming in to a previously not known (or stale) address 2001:db8:0:0::4
The router issues an NDP for ::4, there is no router in your network in this example (you said that, see above). Neighbour A is clever and replies to the NDP before you can send an icmp6-unreachable.
From now on the router thinks ::4 is in your /64 but you have no control over that machine nor do you have a possibility to convince the router otherwise nor do you know where that machine is coming from.
The router should know what port contains what subnet. It should only
Wrong, that's what NDP is for. In this role the router is just like any other box. Anyone can ask anyone else connected link-locally for addresses. No protocol states that the router must know which subnet is on which port. Prove me wrong.
ask for the MAC (NDP) on the appropriate network. You're asking it to
Yes, the appropriate network according to RFC 4861 (NDP) is to use link local multicast. That's a very appropriate network, don't you think?
accept that MAC from a network where it didn't ask and the IP address does not match the network it appears on. Do you have proof of that
You don't know how NDP works. And yes, I have proof, I can show you the implementation in the linux kernel for instance. Also, I can give you full tcpdumps and the name of the provider. They do have a solution for the arp injection attack by now, the `solution' is that you can talk to the router ONLY via its fe80:: address and obviously you must use your fe80 address for that and that one has to be centrally registered via web-interface, tedious!
happening. Cache poisoning requires a host on the local network to do
That was my scenario to begin with. Reread my posting.
that. Also, if the router sends out a request for what appears to be a valid address, but for which there is no host, there will be no response. Also, in order for there to be any traffic between me and a
I can always send out a response that I possess ::4 in your network, after all it's link-local multicast, so why can't I? What mechanism exactly is stopping that?
neighbour with a different subnet there has to be a router, so "The router issues an NDP for ::4, there is no router in your network in this example (you said that, see above)." doesn't apply. What I was referring to is the situation where one host is talking to another host on the same network. A host on the other subnet does not use that method.
Oh, what do they use then? JKFP, James Knott Fantasy Protocol? The router was just the critical machine in that scenario because it now happily routes outside traffic meant for your subnet to my box. Other than that, it's just a normal host asking for its neighbours.
So why do you throw in v4 now?
To simply the example (less typing). Functionally, there's no difference between IPv6 and IPv4 in this regard.
The key idea is the hierarchy, and that facilitates smaller routing tables, but it's still wrong and wild interpretation to claim there are no individual computers in a routing table. I proved you wrong, I have more at least one in mine. And besides, what I have in my routing table has got nothing to do with the protocol itself, the protocol doesn't tell me
Much B.S. deleted.
I'm happy you deleted your bullshit, and kept mine :)
Please do yourself a favour and do some research on this topic.
Please do yourself a favour and do some research on this topic. Where exactly in the protocols does it say that no routing table must contain individual hosts? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org