How are IPv6 addresses allocated?
How are IPv6 addresses allocated?
It's feasible in real-world scenarios. Initially, the connection between two customers wouldn't even reach the ISP router because their WAN interfaces for those routers share the same subnet. Consequently, traffic would travel straight from one router's WAN port to the other's, meaning any blockage at the ISP level wouldn't affect private traffic just yet. Not every ISP actively blocks RFC1918 addresses from reaching the Internet. My employer blocks it at the Internet gateway (BGP edge), allowing such traffic to pass through the gateway before being dropped. This attack relies on the router having no firewall and only using NAT. It functions in most cases except two: Possibility 1—only you are on that subnet (dedicated)—and Possibility 2—other customers are isolated from each other. In all other situations, it succeeds.
This scenario is uncommon, most ISPs isolate customer traffic until it reaches the Network Gateway or BRAS, depending on their setup. For instance, QinQ or nested VLANs ensure customers can't communicate directly without going through our router first. Currently, some ISPs still maintain this separation. Your example remains functional with public IP addresses and static routes to private networks. Without a firewall, the router will forward traffic as long as a path exists. A /16 subnet would cover all devices in typical consumer routers. Also, note that the /64 in an IPv6 address defines the network size, but the device only uses one of those addresses. It operates similarly to IPv4 routing. The WAN/TIP IP used in the example belongs to the ISP's /64 for broader access, while a separate /64 is assigned for LAN use during tethering, with the phone selecting one IP as its local gateway.
We capture customer traffic until it reaches the BRAS (we rely on PPPoE). The provider I have for my city connection (major cable company) seems to employ a mix of traffic separation and local proxy ARP. Most other ISPs serving our rural or remote areas lack deep technical expertise and attempted isolation methods like local proxy ARP or PPPoE, only to face complaints from users who can't connect with others. Many simply turn off customer isolation for those who complain or ignore it entirely. One small ISP we acquired experienced their customers restarting routers repeatedly—about six times in a row—to regain connectivity, because of rogue DHCP servers. These customers didn’t know how to locate or block the rogue DHCP, nor did they realize it was the root cause. Occasionally our technicians make mistakes during configuration and inadvertently disable isolation, which we’ve observed with some APs or switches failing when isolation is turned off. As a WISP, I’ve seen a few access points or switches go offline simply because isolation was disabled, only becoming apparent after a rogue DHCP issue emerged.