multiple prefixes

Bernd Walter ticso at cicely7.cicely.de
Wed Feb 13 22:19:18 CET 2013


On Wed, Feb 13, 2013 at 10:37:21AM -0800, Rui Paulo wrote:
> On 13 Feb 2013, at 09:14, Bernd Walter <ticso at cicely7.cicely.de> wrote:
> 
> > The IPv6 based light switch can't talk to the IPv6 based light bulb anymore
> > for some time fraction because your DSL flapped.
> 
> Then the light switch and the light bulb were using the wrong addresses in the first place. They should use IPv6 link-local addresses and advertise themselves using mDNS. This problem has already been solved.

This is no solution - it is replacing one restriction with another.
It requires that all systems are in the same LAN.
Do you really want your outside actors to be in the same LAN as your inside
home installation?
You don't even do it with power rails - use seprate fuses for outside
installations, so that an attacker can't compromise your inhouse electrical
system just by short circuiting an external power plug.
There are other reasons for different fuses as well, but this is one of them.
There are many reasons for outdoor installations, which have low physical
access barriers, like garden sheds, greenhouse, car garage, etc...
You want to access your camera at home if you are traveling?
Great - do a VPN and then - ups, you are in a routed network, because
since you are a resonable person your VPN won't bridge directly into your
single home automation network, right?

mDNS itself only works well in a fully trusted environment, also not possible
with outdoor installations.
It works so pretty well, that my ipad can't find my windows computer to sync
with, because I thought separated network for WLAN is a great idea.
Configuring a normal DNS name or at least fixed IP address is impossible.
A security nightmare, which forced me to add a WLAN stick to my computer,
which is now vulnerable by WLAN too.
Is that's your imagination of the future world - mine is different.
Multicast routing? One thing is that I don't want mDNS or other plug and
play services to pass networks, because if I want to travese unprotected
data of any kind, then I wouldn't want to split at all.
Add special bridging software? - not possible with every router product,
I'm not even aware of any, because google won't help with such questions.
I can't speak for mDNS, but my HP printer sends it's presence packet
(not mDNS) with TTL=1, so routing is impossible anyway.
No doubt - mDNS is nice, but it only solves a standard use case.
Don't get me wrong - it is clearly a good thing for the non technical user.
On the other hand it has a limited use case and not everyone is doing
mainstream products.

Btw.:
With IPv6 there is also RFC4620 for hostname lookups, but it is using
ff02::2:x:x addresses and is therefor link local.

> > Link local addresses won't allow a split network, although many people
> > live with a single flat network at home this is not really advised with
> > home automation in place.
> 
> Home automation might be in a separate network segment and link local will work just fine.

There are also many things based on that assumption that you use link
local.
e.g. 6LoWPAN compression works best with link local, but they don't enforce
it if packets need to tranverse networks.
That's "Inter"Net - you remember?
A single separate segment works well for many, but enforcing this makes
the whole IP thing senseless.
Nevertheless the problem already starts with a single separated network,
if you want to access a device within your automation network from your
TV set.

I really like IPv6, because it has the option to wipe out all the grown
and ugly IPv4 address exhaustion workarounds and because of many amazing
new features.
I'm absolutely dissapointed that so many companies are still thinking
with workaround filled IPv4 style when it comes to IPv6 deplyment after
13+ years IPv6 making IPv6 into IPv4 as a mix of old and new problems.

-- 
B.Walter <bernd at bwct.de> http://www.bwct.de
Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.



More information about the ipv6-ops mailing list