On Aug 10, 2011, at 6:57 AM, Jeroen Massar wrote: > On 2011-08-10 15:02 , Owen DeLong wrote: > [..] >> Why do I want my appliance network's multicast packets getting tossed >> around on the guest wireless? > > Even wikipedia knows the answer to that: > http://en.wikipedia.org/wiki/IGMP_snooping > which is the first hit for IGMP snooping, which is generally a feature > that is present in the better (and thus more expensive) switching gear > (and thus probably not present in every home, but those homes probably > also don't care about that). >
That would be the answer to why I DON'T want that happening, but, why would I WANT it to happen when, as you said, the better and more appropriate solution is to route. Unless you have some benefit to offer from NOT Routing, I stand by my statement. > Granted, routing is the better and more appropriate way to isolate these > kind of packets and definitely more appropriate for broadcast nastyness > (mDNS is such a nice one there too...). > > That said, /56 or /48 to the home should be what is happening. > That said, /48 to the home should be what is happening, and /56 is a better compromise than anything smaller. > The whole point of settling on a single prefix btw is so that networks > can at least keep the same numbering plan when they switch from one PA > prefix to another. > That would be nice as well, but, unfortunately, it is obvious at this point that some ISPs will unfortunately refuse to give home users /48s. > Greets, > Jeroen > > PS: the more power to your kids if they can sniff the network for your > 'adult content', decode it, and then actually watch it (though if they > are technically inclined actually not too difficult, but heck, is that > not where crypto comes into play, as when they can pull that off on your > kiddienetwork they can also just plug something into the kiddie-'adult > content'-network and sniff it off there... something with 802.1x comes > to mind to solve that step. The chances of the average amplifier and television supporting that level of encryption in a way that the hypothetical kids in this situation would be unable to decrypt a stream that does work between the source and the television and amplifier are pretty slim IMHO. Heck, I can't even get any one of those devices to speak IPv6 yet, let alone all of them and with cryptography to boot. Owen
