| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
Hello all, It seems to me we have two distinct problems that are “solved” through the use of local MAC addresses: 1.
Exhaustion of number space caused by large numbers of IoT devices 2.
Privacy issues by publically associating a static address with a device The first (and I’ve not looked at 802c, so I’m speaking in ignorance) appears to be resolved by defining a protocol to allocate
MAC addresses to organizations based on the CID from the local address space. Doing so doubles the number of addresses available, and may go further is the local addresses can be re-used. The second might be resolved by allocating addresses randomly from 46 bits, and perhaps having some protocol to detect and correct
collisions. Both cannot be solved simultaneously with the solutions discussed. So I’m wondering if there exists a mechanism that will solve both simultaneously such as: 1.
Dividing connectivity into zones or regions where the knowledge of the existence of a particular MAC address cannot penetrate,
such as segments linked by routers. Within such a zone allow only problem 1 or 2 to be solved. 2.
Subdividing the local MAC address space further so that issue 1 gets 45 bits to play with and likewise issue 2. Best Regards, Adrian P STEPHENS Tel: +44 (1793) 404825 (office) Tel: +1 (408) 2397485 (mobile, USA) ---------------------------------------------- From: Dan Harkins [mailto:dharkins@xxxxxxxxxxxxxxxxx]
Hello, As Mathieu reported today, when randomizing only 24 bits of the MAC a collision is basically assured. We can calculate the probability of a collision out of a pool of c when there are n people by: p(n; c) = 1 - ((c-1)/c)^(n*(n-1)/2) If we are only randomizing 24 bits of MAC we end up with numbers like this: p(500, 2^24) = 0.0074 p(1000, 2^24) = 0.029 p(5000, 2^24) = 0.525 <-- worse than a coin flip Even with only 500 people it's basically assured that there will be a collision after a while. Whereas if we randomize 46 bits of MAC we end up with numbers like this: p(500, 2^46) = 0.0000000018 p(1000, 2^46) = 0.0000000071 p(5000, 2^46) = 0.0000001776 p(10000, 2^46) = 0.0000007105 p(30000, 2^46) = 0.00000639 The record for most simultaneous associations in a wi-fi network is 30,0000+ and even in that situation, assuming everyone is randomizing MAC addresses it's still around 1:156000. Never say never but we can say "highly unlikely." Whereas if we only randomize 24 bits we can safely say "definitely assured". I do not think this study group wants to come up with recommendations on how to most assuredly screw up a network. The critical issue is not whether someone temporarily sets his MAC address to that "owned" by someone somewhere (and I am still not convinced that purchasers of OUIs get them with the "local" bit set), the critical issue is whether there will be collisions on the switched network. We do not need to assure that a randomly chosen MAC address is unique in the world, we just need to make it as unlikely as possible that that address is already used on the same switched network. We can't make that assurance with only 24 bits but we can with 46. Please, let's abandon the idea of following 802.1's recommendations for their small, local LAN randomized MAC scheme. It won't work in wireless in the real world. regards, Dan. |