Re: [Cerowrt-devel] CeroWrt port numbering

[Richard Brown <richard.e.brown@dartware.com>]

>> This led me to look at the various tables made available via SNMP, and I had a couple consistency questions. (See the attached spreadsheet for the data, especially rows 58-66. It was taken from bql-40, but I believe it's the same for 3.3.)
> 
> I won't be able to look into the snmp stuff until next week.
> I'd like to know how well that is working with ipv6, btw, overall.

I don't (yet) have facilities for testing IPv6 here, so I can't offer any advice

>> - I note that there's no interface at 172.30.42.33/27. I believe this is correct, but just checking. (It's thinkable that the se00 wired interface could go to a /26 if more wired devices were needed. But let's keep to the rule "Everything's a /27" for a while longer.)
> 
> I thought about widening the default /27 in this case, but long on my
> mind has been getting to where vlans could be successfully used and
> tested, so mentally that's 'reserved for
> dmz vlan'. This was actually why .33 was used instead of .1 for the
> main router interface in the early days, but too many people found
> that puzzling.

Good choices (both reserving for dmz vlan and switching to .1)

>> - I'm a little surprised that the babel interfaces both have ...224/32. (But I don't know anything about babel...)
> 
> Actually that's an 'AHCP'-ism. Babel is capable of mesh routing, and
> with p2p wireless links nothing more than a /32 or /128 (for ipv6) is
> needed to be distributed on mesh node links.
> 
> It makes failover simpler in the mesh routing case.

I was just curious whether they were meant to be the same /32 address...

>> - I'm confused about the OUI's for the interfaces. As expected, C4:3D:C7... is the OUI for Netgear. But C6:3D:C7... isn't allocated to anyone. Is that by design?
> 
> Two issues:
> 
> There is no separate mac address for one of the network devices on the
> wndr, so we take a known good address from one of the devices, and
> flip the 'local mac' bit.

Ahah. I learn something every day. The 0x02 bit of the most significant byte is the "local" bit; the 0x01 bit is the multicast bit. See:  http://en.wikipedia.org/wiki/Organizationally_Unique_Identifier

> Each wireless VIF creates it's own mac address as well, based on
> incrementing the underlying mac, and I don't remember the algo
> offhand.

Yes, that makes sense. But... 

I still don't understand the reasoning behind the mix and match (see list below). Why wouldn't you put all the wireless together as C4:... and Ethernet on the other? Or divide by 2.4GHz or 5GHz? or Secure vs. Guest, or some other scheme? (Or is it purposely to prevent people like me from imputing meaning where none is needed? :-)

>> - I don't understand the pattern of the OUIs for the interfaces: why is the C4 prefix issued to the Ethernet ge00 and wireless sw00 and sw10, while C6 goes to Ethernet se00 and the remaining wireless interfaces?
>> 
>> - I also note that the MAC addresses sort to an odd order, intermixing ethernet and wireless. (This is related to the previous item.)
>> 
>> sw00    C4:3D:C7:9D:E3:9A
>> ge00    C4:3D:C7:9D:E3:9B
>> sw10    C4:3D:C7:9D:E3:9C
>> 
>> se00    C6:3D:C7:9D:E3:9A
>> gw00    C6:3D:C7:9D:E3:9B
>> gw01    C6:3D:C7:9D:E3:9C
>> gw10    C6:3D:C7:9D:E3:9D
>> gw11    C6:3D:C7:9D:E3:9E
> 
> Hopefully what I wrote above sort of explains this.
> 
>> - Finally, I haven't fired up 6to4 or anything, but will the global IP address assignments be randomized more than the local (fe80) address?
> 
> Not sure what you mean here.

Privacy advocates are saying that the "easy way" to create a global IPv6 address is bad: it's too easy to plop the MAC address in the lower 64 bits of your address, and then the bad guys can use that as another (really powerful) tracking identifier. This is clearly not a CeroWrt-specific issue, and it's actively in discussion. (See, for example Barrera et al, in the Usenix Vol 36, Number 1, https://www.usenix.org/system/files/login/articles/105438-Barrera.pdf )

Thanks!

Rich