v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

Ricky Beam jfbeam at gmail.com
Mon Feb 9 16:01:25 CST 2009


On Fri, 06 Feb 2009 22:32:10 -0500, Owen DeLong <owen at delong.com> wrote:
> IPTables is decent firewall code.

Not really.  It's quite complicated for a non-engineer type to manage.   
Think of all the unpatched windows xp/vista users of the world.

> It's free.
...
> Further, since more and more CPE is being built on embedded linux,  
> there's no reason
> that IPTables isn't a perfectly valid approach to the underlying  
> firewall code.

No. It's not.  While you might not be paying anyone for the software, it  
does come with some significant costs... a moderately powerful processor  
and a lot of memory.  Ah, "but both are cheap these days, and getting  
cheaper", you say.  Tell me where I can get 500MHz+ processors and 16+ MB  
of ram for "pennies".  Case in point... (in case you missed it) Linksys  
stopped using Linux on their popular WRT54G line years ago in favor of  
vxWorks because it took less resources and therefor meant they could use  
less memory (flash and ram) and save money despite paying a license fee  
for vxWorks. (They still use vxWorks on the 54g, but have used linux on  
their newer (much more expensive) hardware.)

DSL and cable modems are extremely simple devices.  I'm amazed they have  
any amount of "router" in them at all.  And I've yet to see one running  
Linux. (the 2 popular brands around here -- westell and motorola -- run  
vxworks.)

--Ricky




More information about the NANOG mailing list