There is some deployable technology that allows some aspects of this today. Yes, it's in its infancy. Small prefix limitations will guarantee it never sees the light of day just as NAT precluded many useful innovations from getting deployed. Layer 3 isolation is only isolation by agreement if the hosts have some way to get on the same physical or logical LAN layer 2 segment. Otherwise, layer 3 isolation is as effective as any firewall. Layer 2 isolation, OTOH, is both harder to administer and no more effective than layer 3. If you can bypass layer 3 by connecting to the same LAN segment, chances are you can bypass layer 2 by making that LAN segment one which doesn't go through the enforcement switch between the two devices in question. Owen On Aug 10, 2011, at 8:11 AM, Scott Helms wrote:
Neither of these are true, though in the future we _might_ have deployable technology that allows for automated routing setup (though I very seriously doubt it) in the home. Layer 2 isolation is both easier and more reliable than attempting it at layer 3 which is isolation by agreement, i.e. it doesn't really exist.
On 8/10/2011 9:02 AM, Owen DeLong wrote:
Bridging eliminates the multicast isolation that you get from routing.
This is not a case for bridging, it's a case for making it possible to do real routing in the home and we now have the space and the technology to actually do it in a meaningful and sufficiently automatic way as to be applicable to Joe 6-Mac.
-- Scott Helms Vice President of Technology ISP Alliance, Inc. DBA ZCorum (678) 507-5000 -------------------------------- http://twitter.com/kscotthelms --------------------------------