[186505] in North American Network Operators' Group
RE: Nat
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sun Dec 20 22:11:58 2015
X-Original-To: nanog@nanog.org
Date: Sun, 20 Dec 2015 20:11:53 -0700
In-Reply-To: <00e801d13b96$873e1120$95ba3360$@gmail.com>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> I agree that a /48 or /56 being reserved for business
> customers/sites is reasonable. But for residential use, I'm having a har=
d
> time believing multi-subnet home networks are even remotely common outsid=
e
> of networking folk such as the NANOG members. A lot of recent IPv4
> devices
> such as smart TVs have the ability to auto-discover things they can talk
> to
> on the network. If we start segmenting our home networks to keep toaster=
s
> from talking to thermostats, doesn't this end up meaning your average hom=
e
> user will need to be proficient in writing FW rules? Bridging an entire
> house network isn't that bad.
I have (currently) 6 network segments. One for my "trusted" clients, one f=
or my "trusted" servers, one for the "entertainment" systems, one for "dirt=
y & untrustworthy" computers (such as those from $dayjob), one for "clean" =
WiFi, and one for dirty WiFi. If there were any additional classes of devi=
ces, they would live in their own subnets as well.
I cannot habituation between classes of devices on the same network segment=
. Untrustworthy devices are relegated to their own segments where they can=
not talk to anything that they ought not be talking to. Of course, your de=
finition of "untrustworthy" may not be the same as mine. Any device over w=
hich I do not have supreme complete authority is untrustworthy -- which by =
definition includes most entertainment and other "Internet-of-Crap" devices=
.
