Hacker News new | ask | show | jobs
by gertrunde 533 days ago
Not sure I entirely agree with :

"Here is the classical topology of home network." ... "And all the LAN hosts have one /64 IPv6 prefix."

Are people really deploying IPv6 like this? Rather than a /64 to a vlan?

(Personally, in the home, I'm just using DHCPv6-PD to delegate a different /64 to each VLAN).
2 comments
tsimionescu 533 days ago
Who has multiple VLANs in a home network??
link
stephen_g 532 days ago
I have my main VLAN, a guest VLAN, and one for any 'smart'/IoT devices that need to connect to cloud services. Each is firewalled from each other and each has its own separate WiFi SSID.

Not just because the IoT devices are prone to attack because they may not get many updates, but also because they often need 2.4 GHz or may only support WPA 2. So my main network can be WPA3 only and 5 GHz only but the other networks are more lenient.

link
jeroenhd 532 days ago
My router configures a VLAN for guest network access, and that's a normal consumer Fritz!Box. I think other brands do the same.

People may not know they're running a VLAN, but VLANs aren't uncommon either.

link
simoncion 532 days ago
I have multiple VLANs on my home LAN. It's just so much easier to provide no-Internet or isolated-from-all-other-non-guest-hosts service if you set that up via VLANs. I might be mistaken, but it's my pretty strong understanding that with everything on the same VLAN, you have to deal with hosts using MAC and/or IP address spoofing to evade your router firewall rules. [0]

[0] Because what else would you use to decide how to block or permit traffic if you can't distinguish by the interface that the traffic came in on?

link
tikkabhuna 532 days ago
Definitely the realm of homelabbers, but I do. Mainly to segregate IoT devices, users, lab servers.

That is only because I want to though, I agree that the average home network will not have VLANs.

link
somerandomqaguy 532 days ago
It's starting to get a bit more common but in a roundabout way. Telus managed Wifi routers can provides isolated guest networks, which AFAIK uses VLAN's and firewall rules internally. It's not visible to the end user though.

https://www.telus.com/en/support/article/create-a-guest-netw...

link
sgjohnson 532 days ago
I don't think an average home user even knows what a VLAN is.

This, on the other hand, is Hacker News.

link
ta1243 532 days ago
HN has a surprisingly low level of network knowledge compared to sites a generation ago (slashdot etc)
link
tsimionescu 531 days ago
The question was about users in general, not HN users in particular.

Also, just because you know how to do it, doesn't mean you want to tinker with a complex network topology on your home network.

link
rfoo 533 days ago
Or maybe a "classical" (I assume author meant "typical"?) home network does not have multiple VLANs.
link
gertrunde 532 days ago
Agreed.

But the topology given in the article shows three separate, non-overlapping /64s, one for each host/router. (Although one would assume that the router at least must have an interface in each subnet, even if that's not what the diagram shows).

One might hope these would be on separate VLANs, as overlaying multiple subnets on one VLAN would be a bit iffy. I've not spotted anything in the article other than the diagram to detail interface configs.

link