IPv6 - real vs theoretical problems
owen at delong.com
Wed Jan 12 13:28:56 CST 2011
On Jan 12, 2011, at 9:34 AM, Ted Fischer wrote:
> At 11:59 AM 1/12/2011, Jim postulated wrote:
>> On 01/11/2011 01:31 PM, Owen DeLong wrote:
>> > It's not about the number of devices. That's IPv4-think. It's about the number
>> > of segments. I see a world where each home-entertainment cluster would
>> > be a separate segment (today, few things use IP, but, future HE solutions
>> > will include Monitors, Amps, Blu-Ray players, and other Media gateways
>> > that ALL have ethernet ports for control and software update).
>> Your future is now, Owen. I have four network devices at my primary
>> television -- the TV itself, TiVo, PS3, and Wii (using the wired
>> adapter). All told, I have seven networked home entertainment devices
>> in my house, with another (Blu-Ray player) likely coming soon. I feel
>> confident in saying that my use case isn't unusual these days.
>> While a lot of the scalability concerns are blown off as "not applying
>> to typical consumers," we're quickly getting to the point where your
>> average joe IS somewhat likely to have different classes of devices that
>> might benefit from being on separate subnets.
> I helped a friend setup his "home network" recently. He is using an old Linksys Router with no v6 support. I like to be conservative and only allocate what might be needed ... part of my "Defense in Depth" strategy to provide some layer of "security" with NAT (yes, I know - my security by obscurity is to use something from 172.16) and a limited amount of addresses to allocate (not to mention WPA2 - he had default no security when I first got there). Used to be a /29 would be sufficient for any home. But, before I knew it, he had a wireless printer, laptop, and 4 iPhones all needing the new wireless passphrase to connect, plus he was anticipating 2 more laptops (one each for his children - to whom 2 of the iPhones belonged), and addresses set aside for guests and the occasional business visitor (he works from home). I left him configured with a /28, and told him to call me if he anticipated more.
> As a side security note - we lost the laptop on the "new" secured network before I tracked down that it had automatically logged in to his neighbor's (also unprotected) network on reboot.
I'm not sure how you see limiting available addresses as a security feature rather than just a nuisance, but, to each their own.
More information about the NANOG