nanog mailing list archives

Re: Another v6 question

From: Valdis.Kletnieks () vt edu
Date: Thu, 27 Jan 2011 14:14:44 -0500

On Thu, 27 Jan 2011 07:04:31 PST, Owen DeLong said:

On Jan 27, 2011, at 6:49 AM, Jared Mauch wrote:
The ipv6 zealots talking about anything but a /64 for end-site are
talking about a "business class" service.  Even with my static IPs at
home, I have no need for more than a single /64 to be used in my wildest
dreams.  I could live with ~256 ips for the future.  I consider my tech
density "above-average".

Even today, it is not uncommon for a residential gateway to support
at least five segments:

      1.      External WAN segment shared with ISP
      2.      Internal wired network
      3.      Internal wireless network
      4.      "DMZ" segment
      5.      Guest wireless network


Even at the low end - a Belkin Play wireless router with that basic config can be had for $45 now:

http://www.google.com/products/catalog?oe=utf-8&q=belkin+play+router+wireless&um=1&ie=UTF-8&cid=8536738187275945735&ei=B5JBTaPwJYjVgAfPh7ngAQ&sa=X&oi=product_catalog_result&ct=result&resnum=3&ved=0CDcQ8wIwAg#

Nice unit, works reasonably well for me.  Too bad I'll probably have to replace
both that and the Linksys cablemodem in front of it when Comcast gets me IPv6
(I'm not holding my breath waiting for firmware upgrades for either to enable
IPv6, at that price level the flash memory must be fairly tiny and IPv6 will
cause the image to grow a bunch).

On Thu, 27 Jan 2011 11:03:41 EST, Jared Mauch said:

I could call out vendors that have highly sensitive data that is
available "if only" you brought a cat5 cable to the office vs using
their "guest" wireless.  that segmentation ignores the authentication of
end-stations, or person behind the keyboard.  If you actually did that,
you don't need to have a different 'guest' wireless vs the 'internal'
wireless network.


Enterprises don't use $45 Belkin wireless routers.  The segmentation security
model works just fine for a home network - I give my kids the SSID and key for
the one wireless net, and if they have friends along when they visit, they get
the SSID and key for the *other* network off the post-it note stuck to the side
of the Belkin. (That security model works too - if you can read the post-it, my
wireless is the least of my security problems).

Feel free to suggest a significantly better security model that involves less
management work for me. ;)

Attachment: _bin
Description:

Current thread:

Re: Another v6 question, (continued)
- - - Re: Another v6 question Owen DeLong (Jan 26)
    - Re: Another v6 question Max Pierson (Jan 27)
    - Re: Another v6 question Owen DeLong (Jan 26)
    - Re: Another v6 question Roland Dobbins (Jan 26)
    - Re: Another v6 question Max Pierson (Jan 27)
    - Re: Another v6 question Mark Smith (Jan 30)
    - Re: Another v6 question Jared Mauch (Jan 27)
    - Re: Another v6 question Owen DeLong (Jan 27)
    - /64 is "enough" until 2021 for 90% of users (was Re: Another v6 question) Jared Mauch (Jan 27)
    - Re: /64 is "enough" until 2021 for 90% of users (was Re: Another v6 question) Mark Smith (Jan 30)
    - Re: Another v6 question Valdis . Kletnieks (Jan 27)
    - Re: Another v6 question Mikael Abrahamsson (Jan 27)
    - Re: Another v6 question Owen DeLong (Jan 27)
    - Re: Another v6 question Per Carlson (Jan 28)
    - Re: Another v6 question Mark Andrews (Jan 28)
    - Re: Another v6 question Jimmy Hess (Jan 27)
    - Re: Another v6 question Jack Bates (Jan 27)
- RE: Another v6 question George Bonser (Jan 25)
- Re: Another v6 question Justin M. Streiner (Jan 25)
- Re: Another v6 question Seth Mattinen (Jan 25)
- Re: Another v6 question Mark Smith (Jan 25)

(Thread continues...)