RE: Nat

["Chuck Church" <chuckchurch () gmail com>]

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Matt Palmer
Sent: Sunday, December 20, 2015 10:29 PM
To: nanog () nanog org
Subject: Re: Nat

> Depends on how many devices you have on it.  Once you start filling your
home with Internet of Unpatchable Security Holes devices, having everything
on a single ethernet >segment might start to get a little...  noisy.

> Thankfully, IPv6 has well-defined multicast scopes, which makes it
trivially easy to do cross-L2-segment service discovery without needing to
resort to manually berking around >with firewall rules.

> - Matt

If your home is full of unpatched or compromised hosts, and they're using
these well-defined multicast scopes, doesn't that mean they can now
communicate and infect one another?  For years I've seen people on this list
insist on "NAT/PAT != firewall".   Well, a router routing everything it sees
is even less of a firewall.  I'm really not trying to be argumentative here,
but I'm just having a hard time believing Joe Sixpack will be applying
business networking principals such as micro-segmenting to a home network
with 3 to 7 devices on it.  If anything, these complexities we keep
adding/debating such as DHCP vs RA, prefix delegation, etc are only slowing
down the general deployment of IPv6.

Chuck