----- Original Message ----- > From: "Mikael Abrahamsson" <swm...@swm.pp.se>
> On Fri, 7 Feb 2014, Jay Ashworth wrote: > > In my not-at-all humble opinion, in an eyeball network, you almost > > *never* want to make it easier for houses to talk to one another > > directly; there isn't any "real" traffic there. Just attack traffic. > > But creating a solution where you can talk to anyone else on the Internet > but not the ones in your own neighborhood is broken, so it needs to be > fixed. In IPv4 I've seen this solved with local-proxy-arp within the > subnet, and for IPv6 it's easily solvable by not announcing an on-link > network so they won't even try to communicate directly with each other but > instead everything is routed via the ISP upstream router and then down > again to the other customer CPE/computer. I did not show my work. I apologize. I will try again: If I am a commercial customer of an eyeball ISP like Road Runner: *I am entitled to expect that that ISP is technically capable of protecting me from possible attack traffic from that other customer*, who's outside my administrative span of control. If they can send me traffic directly across a local access subnet, that requires a much larger hammer than if such traffic must cross the edge concentrator first, the configuration I assert is a better choice. Does that help? Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
