v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
TJ
trejrco at gmail.com
Tue Feb 10 13:29:38 UTC 2009
>> IPTables is decent firewall code.
>
>Not really. It's quite complicated for a non-engineer type to manage.
>Think of all the unpatched windows xp/vista users of the world.
>
>> It's free.
>...
>> Further, since more and more CPE is being built on embedded linux,
>> there's no reason that IPTables isn't a perfectly valid approach to
>> the underlying firewall code.
>
>No. It's not. While you might not be paying anyone for the software, it
>does come with some significant costs... a moderately powerful processor
and
>a lot of memory. Ah, "but both are cheap these days, and getting cheaper",
>you say. Tell me where I can get 500MHz+ processors and 16+ MB of ram for
>"pennies". Case in point... (in case you missed it) Linksys stopped using
>Linux on their popular WRT54G line years ago in favor of vxWorks because it
>took less resources and therefor meant they could use less memory (flash
and
>ram) and save money despite paying a license fee for vxWorks. (They still
>use vxWorks on the 54g, but have used linux on their newer (much more
>expensive) hardware.)
Well thank goodness that VxWorks 6.x (or with 3rd party hackery) can both do
IPv6 and can have firewalling functionality as well (or so Google tells me).
Oh, and Linux can be tiny - even with iptables. I suspect Cisco (nee
Linksys) chose VxWorks for a number of reasons, "footprint" being but one of
them.
>DSL and cable modems are extremely simple devices. I'm amazed they have
any
>amount of "router" in them at all. And I've yet to see one running Linux.
>(the 2 popular brands around here -- westell and motorola -- run
>vxworks.)
Actually, the DOCSIS 3.0 spec may be changing that ... "eRouter" ...
More information about the NANOG
mailing list