James Knott
Sebastian Freundt wrote:
I pick a mixture, imagine someone `uses' (read forges) one of your addresses inside your /64 (choose a different prefix if you want, the idea is that /x is assigned to you in a bigger network /y (y< x)), say they use 2001:db8:0:0::4 and their `assigned' network is actually 2001:db8:0:1::/64, now since you insist that they must route ALL traffic inside your network, they will certainly route that address, and since you have no designated router in the 2001:db8:0:0 network (you haven't named one, there's no BGP entry either), they will start an ndp request if noone had used the 0::4 before. Imagine the box that you declared as your router (but the ISP doesn't know about that) is busy/slow/off, it doesn't send a negative reply fast enough, the other guy's router had already ack'd the ndp. Now, their MAC address is in the neighbourhood table, they can now constantly keep it updated by ping6ing the router (a unicast address of the router was in the ndp packet). Long story short, there's a host in `your' /64 you don't know about and there's nothing you can do about it.
I am struggling to make sense of this. First, the ISP does not route anything within my network, only traffic to or from it, from the rest of the world. There is no routing within a local network, as all
Exactly. Keep that in mind. No routing within a local network.
traffic is managed by MAC address. It is entirely possible to run a local network without a router, if you don't want to be able to reach elsewhere. Also, if they spoof an address on my subnet from elsewhere, then there's no way their MAC address will be recorded anywhere other than their network, as MAC addresses are stripped off when a packet passes through a router and replaced by one for the
Nope, there is no routing within a local network you said that just 6 lines ago.
router port. That is, if you send an IP packet from a computer on your network to one on mine, I will not see your MAC address, but your IP packet will be carried by an Ethernet frame bearing my router's local MAC address. This means your MAC address will never, ever appear on my network or any other than your own. It's simply not possible.
You didn't understand the scenario at all. +------------------+-------------------+-------------+ | Your network /64 | Neighbour A /64 | ... +------------------+-------------------+-------------+ +----------------------------------------------------+ | router /48 | +----------------------------------------------------+ Yours is 2001:db8:0:0::/64 Neighbour A's is 2001:db8:0:1::/64 You have a router 2001:db8:0::/48 Traffic is coming in to a previously not known (or stale) address 2001:db8:0:0::4 The router issues an NDP for ::4, there is no router in your network in this example (you said that, see above). Neighbour A is clever and replies to the NDP before you can send an icmp6-unreachable.
From now on the router thinks ::4 is in your /64 but you have no control over that machine nor do you have a possibility to convince the router otherwise nor do you know where that machine is coming from.
Now it's your task to convince the court (or jury) that you did NOT possess ::4 at the time in question. Or that you didn't possess a node with MAC address x:y:z.
This means that the number of computers or addresses you use is irrelevant, so long as they all belong to your network or subnet. That's incorrect. Many routing table implementations allow a short cut notation if you want to route a whole network, cisco IOS allows that,
Routing tables are based on network, not individual host addresses. linux too. Apparently, if the ISP was in their right mind, they would just route the whole /64 if their hardware supports it. If not, well, you could use STP to generate routes, or you do it the hard way, as the NOC team in our university and enter them one by one, also entering the MAC address associated with the IP into the MAC filter. How would you do that?
It is possible to list a route to a single host, but not that hosts specific address. When you set up a route, each end of the route is in a different subnet. For example, if we were configuring a route between our networks, I'd have an address in my subnet range e.g. 192.168.1.1 on my end and you'd have one for your end e.g. 172.16.3.1. Any traffic for your network would be sent via my 192.168.1.1 address, even though your addresses never appear on my end. I do not know if the address on your end is a router or a computer and I don't have to know.
So why do you throw in v4 now? I tell you that my main router is 2001:db8::1 if you want to communicate with 2001:db8:2::/48, you need a route to that computer THEN you will have a route to the :2::/48 network, so the task is down to finding a route to 2001:db8::1, and so on. If I don't happen to have 2001:db8::1 as my main router, and you don't and we want two of our computers to communicate, well, then we'll have to find a route ourselves. And that's all I'm saying. You have to put two routing rules on EVERY hop inbetween our networks. It is fun, I think everybody should have done that once in their life :)
tables. The tables contain only network addresses and are done in a hierarchical manner, so that the most significant bits are sorted first then lesser ones, as you get closer to the destination. You will not find individual computers in a routing table. Nope, incorrect. Don't claim stuff you're not sure about, at least use
One of the advantages of IPv6 is that it reduces the size of routing phrases like `I think' or so, others may get a completely wrong impression if they read your postings.
Actually, what I stated is correct. From http://www.tech-faq.com/understanding-ipv6.html
"An efficient hierarchical addressing and routing infrastructure: The IPv6 global addresses are designed to create an efficient routing infrastructure. The backbone routers of an IPv6 Internet have small routing tables. This is in line with the routing infrastructure of global ISPs."
So we were talking about the backbone routers all of a sudden? Who talked me out of talking about BGP? ;) The key idea is the hierarchy, and that facilitates smaller routing tables, but it's still wrong and wild interpretation to claim there are no individual computers in a routing table. I proved you wrong, I have more at least one in mine. And besides, what I have in my routing table has got nothing to do with the protocol itself, the protocol doesn't tell me how to organise my network.
Or from http://ezinearticles.com/?IPv4-Vs-IPv6-%28Advantages-and-Disadvantages%29&id=5160096
"Addressing and Routing Infrastructure Efficiency in IPv6
IPv6 designed to create an efficient, hierarchical, and summarize able routing infrastructure that is based on the common occurrence of multiple levels of Internet Service Providers. It reduce the size of routing table of backbone routers. Which is can cause of efficient internet experience."
There are many other sources on the Internet and in books that say the same thing.
None of your sources states that there won't be any individual nodes in the routing table. That was just fantasy and isn't true. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org