[182089] in North American Network Operators' Group
Re: Dual stack IPv6 for IPv4 depletion
daemon@ATHENA.MIT.EDU (Mark Tinka)
Fri Jul 10 04:26:41 2015
X-Original-To: nanog@nanog.org
To: Matthew Huff <mhuff@ox.com>, Tyler Applebaum <applebaumt@ochin.org>,
"Naslund, Steve" <SNaslund@medline.com>
From: Mark Tinka <mark.tinka@seacom.mu>
Date: Fri, 10 Jul 2015 10:11:08 +0200
In-Reply-To: <eca62f0e797444d8ad8c4ac1a50c11d5@pur-vm-exch13n1.ox.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 9/Jul/15 21:45, Matthew Huff wrote:
> I've seen VLAN/subnet security used frequently in the financial world, =
even to the point of having full firewalls between vlans/subnets. Mostly =
for regulator purposes (Chinese firewall and all that). It's also common =
to allow outbound requests or redirect to different proxies based on sour=
ce addresses within a corporate network.
>
> In residential networks, it's mostly used for guest networks that can r=
oute out to the internet, but not to other local devices.
In the AN, you don't want residential neighbors viewing each others'
Layer 2 domains. But using different VLAN's for that doesn't scale -
so-called Split Horizons (Private VLAN's) are the answer.
Mark.
