-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Matt Palmer Sent: Sunday, December 20, 2015 10:29 PM To: nanog@nanog.org Subject: Re: Nat
Depends on how many devices you have on it. Once you start filling your home with Internet of Unpatchable Security Holes devices, having everything on a single ethernet >segment might start to get a little... noisy.
Thankfully, IPv6 has well-defined multicast scopes, which makes it trivially easy to do cross-L2-segment service discovery without needing to resort to manually berking around >with firewall rules.
- Matt
If your home is full of unpatched or compromised hosts, and they're using these well-defined multicast scopes, doesn't that mean they can now communicate and infect one another? For years I've seen people on this list insist on "NAT/PAT != firewall". Well, a router routing everything it sees is even less of a firewall. I'm really not trying to be argumentative here, but I'm just having a hard time believing Joe Sixpack will be applying business networking principals such as micro-segmenting to a home network with 3 to 7 devices on it. If anything, these complexities we keep adding/debating such as DHCP vs RA, prefix delegation, etc are only slowing down the general deployment of IPv6. Chuck