Realistic number of hosts for a /64 subnet?
Mikael Abrahamsson
swmike at swm.pp.se
Tue May 14 11:45:38 CEST 2019
On Tue, 14 May 2019, WILSON Sam wrote:
> Except those nasty security people are now allowing systems to randomise
> their MAC addresses. I'm sure some people's Life Goal is to make life
> as difficult as possible for us network operators.
That's why one should always create solutions that do not depend on any
kind of uniqueness.
15 years ago I checked the mac addresses of our customers (ADSL customer
base). I noticed that 5% of the customers were using the same mac address.
Tracked that down to D-Link shipping lots of routers via electronics
stores, all with the same mac address. Then I was happy I had designed the
solution with single broadcast domain (vlan) per customer so this still
worked. Other ISPs weren't so lucky, and this caused significant customer
service costs.
If you want a robust access network, make sure it works even if the
customers have customer-controlled identifiers that overlap, such as DUID,
MAC addresses etc. Track people on physical ports (so you know where that
port/cable goes) or on username/password (802.1x). Make sure the
customers/users can't affect each other (protect the Internet from them).
--
Mikael Abrahamsson email: swmike at swm.pp.se
More information about the ipv6-ops
mailing list