Another v6 question

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Jan 27 13:14:44 CST 2011


On Thu, 27 Jan 2011 07:04:31 PST, Owen DeLong said:
> > On Jan 27, 2011, at 6:49 AM, Jared Mauch wrote:
> > The ipv6 zealots talking about anything but a /64 for end-site are
> > talking about a "business class" service.  Even with my static IPs at
> > home, I have no need for more than a single /64 to be used in my wildest
> > dreams.  I could live with ~256 ips for the future.  I consider my tech
> > density "above-average".

> Even today, it is not uncommon for a residential gateway to support
> at least five segments:
> 
> 	1.	External WAN segment shared with ISP
> 	2.	Internal wired network
> 	3.	Internal wireless network
> 	4.	"DMZ" segment
> 	5.	Guest wireless network

Even at the low end - a Belkin Play wireless router with that basic config can be had for $45 now:

http://www.google.com/products/catalog?oe=utf-8&q=belkin+play+router+wireless&um=1&ie=UTF-8&cid=8536738187275945735&ei=B5JBTaPwJYjVgAfPh7ngAQ&sa=X&oi=product_catalog_result&ct=result&resnum=3&ved=0CDcQ8wIwAg#

Nice unit, works reasonably well for me.  Too bad I'll probably have to replace
both that and the Linksys cablemodem in front of it when Comcast gets me IPv6
(I'm not holding my breath waiting for firmware upgrades for either to enable
IPv6, at that price level the flash memory must be fairly tiny and IPv6 will
cause the image to grow a bunch).

On Thu, 27 Jan 2011 11:03:41 EST, Jared Mauch said:
> I could call out vendors that have highly sensitive data that is
> available "if only" you brought a cat5 cable to the office vs using
> their "guest" wireless.  that segmentation ignores the authentication of
> end-stations, or person behind the keyboard.  If you actually did that,
> you don't need to have a different 'guest' wireless vs the 'internal'
> wireless network.

Enterprises don't use $45 Belkin wireless routers.  The segmentation security
model works just fine for a home network - I give my kids the SSID and key for
the one wireless net, and if they have friends along when they visit, they get
the SSID and key for the *other* network off the post-it note stuck to the side
of the Belkin. (That security model works too - if you can read the post-it, my
wireless is the least of my security problems).

Feel free to suggest a significantly better security model that involves less
management work for me. ;)



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110127/b62c64bb/attachment.bin>


More information about the NANOG mailing list