Hi, On Thu, Oct 18, 2018 at 09:16:12AM -0600, Grant Taylor wrote: > On 10/18/2018 01:10 AM, Erik Auerswald wrote: > > >One example I experienced are misconfigured end-systems using IP > >addresses from network A in the broadcast domain of network B. The > >gateway for both networks was based on the Linux kernel. > >Misconfigured hosts were able to reach their gateway without > >problems (the ARP request was answered from the "wrong" interface, > >any interface accepts any IP destined for the host). > > I feel like there are details pertinent to the conversation that I'm > not privy to. Including shared or separate broadcast domains, > routing, IP addressing scheme, etc. Most of which would need to be > known from both ends of the communications to be able to even > speculate. The original question was a bit scarce on details, thus I substituted pertinent experience of my own. This is not necessarily easy to follow. ;) > >AFAIK one can configure ARP to separate more, but not competely. > >Using bridges is said to allow for more separation, but I have not > >yet tested this. > > I'm going to be doing some testing in this area, partially around > this conversation and other very similar conversations. Please tell us about your results. > >For version 4, but this changes with version 6. ;-) > > Would you please elaborate? In IPv6, addresses are assigned to interfaces. This is obvious with link-local addresses, but true for differently scoped addresses as well. I am sorry, but I do not know the RFC off the top of my head. OK, had to search... RFC 8200, Internet Protocol, Version 6 (IPv6) Specification, section 2: "interface a node's attachment to a link." "address an IPv6-layer identifier for an interface or a set of interfaces." RFC 4291, IP Version 6 Addressing Architecture, section 2.1: "IPv6 addresses of all types are assigned to interfaces, not nodes." > I've not run across anything indicating such. I've not gotten far > enough in the reading that I'm doing to delve this deep into IPv6 > yet. IPv6 is an interesting rabbit hole to dive into. ;) > >I'd say the same. But part of the problem is that the weak host > >model is a bit more surprising than the strong host model. In my > >experience this is especially true when a weak host is used as a > >router. > > I assume that the weak host (end system) model is easier to code > for, thus more likely to be used on single homed hosts (end systems) > a they are the vast majority compared to multi-homed hosts (E.S.). They might even be a bit simpler to use without a 100% correct networking configuration. ;) > Thank you! Good discussion that is banging some of my brain cells together. Likewise. :) Thanks, Erik -- I think of math as a splendid way to learn to think straight. -- Bjarne Stroustrup