On 3/28/24 10:36, qubist wrote: > 1. Why was 10.137.x.x and 10.138.x.x subnet chosen? (and not e.g > 10.222.x.x) Speaking as a QubesOS user with some networking experience (though little professional networking experience), I doubt that there was a lot of thought put into the exact numbers here. They needed to be in the 10.0.0.0/8 namespace so that they are a private namespace (they could have used 192.168.0.0/16 or 172.16.0.0/12, but these are smaller namespaces and /12 is an uncomfortable netmask to work with) but beyond that the numbers don't have special meaning. They just needed to decide on some number to use consistently. Or at least they did when the netmask was /16 for both, meaning that 10.137.0.0 and 10.138.0.0 were two separate networks. But now the netmask is /24 meaning that each host is on its own network (where the network only supports a single host). It would hypothetically be better to randomize across the entire 10.0.0.0 namespace since everything is on a separate network anyway, but it's not clear to me how much practical benefit that would have and I'm not sure if the network domains (sys-firewall, sys-net, etc) would need to change to account for this (they might use 137/138 as magic numbers when making decisions, but they might not).
The above is all about ipv4. My ISP doesn't give me an ipv6 address so I don't have any experience with it. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5ef66183-9c50-43e8-a672-17c5d2f4114b%40protonmail.com.
