Realistic number of hosts for a /64 subnet?

Mikael Abrahamsson swmike at swm.pp.se
Tue May 14 11:45:38 CEST 2019


On Tue, 14 May 2019, WILSON Sam wrote:

> Except those nasty security people are now allowing systems to randomise 
> their MAC addresses.  I'm sure some people's Life Goal is to make life 
> as difficult as possible for us network operators.

That's why one should always create solutions that do not depend on any 
kind of uniqueness.

15 years ago I checked the mac addresses of our customers (ADSL customer 
base). I noticed that 5% of the customers were using the same mac address. 
Tracked that down to D-Link shipping lots of routers via electronics 
stores, all with the same mac address. Then I was happy I had designed the 
solution with single broadcast domain (vlan) per customer so this still 
worked. Other ISPs weren't so lucky, and this caused significant customer 
service costs.

If you want a robust access network, make sure it works even if the 
customers have customer-controlled identifiers that overlap, such as DUID, 
MAC addresses etc. Track people on physical ports (so you know where that 
port/cable goes) or on username/password (802.1x). Make sure the 
customers/users can't affect each other (protect the Internet from them).

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se


More information about the ipv6-ops mailing list