[134865] in North American Network Operators' Group
Re: IPv6 - real vs theoretical problems
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Jan 12 14:30:46 2011
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20110112173645.3F4B210393B@mail-out06.xecu.net>
Date: Wed, 12 Jan 2011 11:28:56 -0800
To: Ted Fischer <ted@fred.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 12, 2011, at 9:34 AM, Ted Fischer wrote:
> At 11:59 AM 1/12/2011, Jim postulated wrote:
>=20
>> On 01/11/2011 01:31 PM, Owen DeLong wrote:
>> > It's not about the number of devices. That's IPv4-think. It's about =
the number
>> > of segments. I see a world where each home-entertainment cluster =
would
>> > be a separate segment (today, few things use IP, but, future HE =
solutions
>> > will include Monitors, Amps, Blu-Ray players, and other Media =
gateways
>> > that ALL have ethernet ports for control and software update).
>>=20
>> Your future is now, Owen. I have four network devices at my primary
>> television -- the TV itself, TiVo, PS3, and Wii (using the wired
>> adapter). All told, I have seven networked home entertainment =
devices
>> in my house, with another (Blu-Ray player) likely coming soon. I =
feel
>> confident in saying that my use case isn't unusual these days.
>>=20
>> While a lot of the scalability concerns are blown off as "not =
applying
>> to typical consumers," we're quickly getting to the point where your
>> average joe IS somewhat likely to have different classes of devices =
that
>> might benefit from being on separate subnets.
>>=20
>> Jima
>=20
> I helped a friend setup his "home network" recently. He is using an =
old Linksys Router with no v6 support. I like to be conservative and =
only allocate what might be needed ... part of my "Defense in Depth" =
strategy to provide some layer of "security" with NAT (yes, I know - my =
security by obscurity is to use something from 172.16) and a limited =
amount of addresses to allocate (not to mention WPA2 - he had default no =
security when I first got there). Used to be a /29 would be sufficient =
for any home. But, before I knew it, he had a wireless printer, laptop, =
and 4 iPhones all needing the new wireless passphrase to connect, plus =
he was anticipating 2 more laptops (one each for his children - to whom =
2 of the iPhones belonged), and addresses set aside for guests and the =
occasional business visitor (he works from home). I left him configured =
with a /28, and told him to call me if he anticipated more.
>=20
> As a side security note - we lost the laptop on the "new" secured =
network before I tracked down that it had automatically logged in to his =
neighbor's (also unprotected) network on reboot.
>=20
> Ted
>=20
I'm not sure how you see limiting available addresses as a security =
feature rather than just a nuisance, but, to each their own.
Owen
