On Jul 30, 2010, at 1:13 AM, Matthew Walster wrote:
On 30 July 2010 08:32, Jeroen Massar <jeroen@unfix.org> wrote:
On 2010-07-30 09:27, Matthew Walster wrote:
On 29 July 2010 18:08, Leo Vegoda <leo.vegoda@icann.org> wrote:
There's a good chance that in the long run multi-subnet home networks will become the norm.
With all due respect, I can't see it. Why would a home user need multiple subnets?
* Wireless * Wired * DMZ
Those three I see a lot at various people's places.
I have *never* seen those three security zones separated outside of a business or the house of a nerd who runs his own Linux distro (Smoothwall etc). Furthermore, you're then pushing all that traffic into a $30 router which almost guaranteed will be underpowered.
If you'd like to come by my house, we can arrange that. I don't run linux on anything except one server. It doesn't do any routing. The routers that provide security boundaries are: 1. Juniper SRX-100 2. Apple Airport Extreme
Look at it this way: When I signed up at tunnelbroker.net, I received a /64. I was happy, and I went about my business. I wanted to have a play with something a bit bigger, I pressed "Assign /48" and it was ready to go in under a second. That's how it *should* work, or at least, in my opinion.
That's certainly one way to do it. However, I'm not sure it's how we would do it if we were starting today knowing what we know now. It does add a certain amount of complexity to our address planning and to our systems to make it work that way. IMHO, that complexity is unnecessary.
Also note that you should stop thinking of "today", think about what might be possible in 10, 20, 30, 40, 50 years...
I'm not thinking of today, I'm thinking about the people who use these services. They don't know about networking, they don't know about security apart from "install this virus checker". Most of them will laboriously transfer files from system to system using a USB drive (or floppy disk!) even though there's a big flashing icon on their desktop saying "put files here and they'll magically appear on your other machine". These people don't know and don't *care* about networks. They care about the service they get. That isn't going to change in 50 years.
First, your assumption that their knowledge level remains constant is absurd, so, in that statement you are thinking only of today. 10 years ago, most of those users wouldn't know what a web site was. Most of the do today. Just 10 years ago, most of them didn't know what email was. Most of them use email on a daily basis today. Second, with DHCP-PD and likely future CPE products, they will be able to simply connect pre-defined security zones to the right ports on the CPE based on the port labels. There will likely be a reasonable default security policy pre-installed for each zone. Even my parents could handle plugging things like TiVo, the stereo, etc. into ports labeled "Home Entertainment" while plugging the Kids computers into "Nanny" ports and their own computers into "General Access" ports. It's not significantly harder than the current need to get the LAN and WAN ports right on today's CPE.
If you genuinely think that regular residential users need multiple subnets to create a zoned config... You're wrong. It *will* piss them off, even if transparent. It's not just because of the speed (which as you say, will improve over time) it's because suddenly their wired-in Xbox in front of the TV just won't talk to the wireless Xbox their mate just brought round to have a play with. If you say that's down to education, you've entirely missed the point.
Why wouldn't they be able to talk to each other? You make assumptions about the future implementations of CPE there that I don't think are entirely accurate. I don't even see a reason to expect that wireless devices wouldn't be able to register for an appropriate security zone by device type in some implementations. Alternatively, the wired Xbox may need to initiate the connection to the wireless, or, vice-versa depending on implementation, but, I would expect CPE vendors to be able to solve that problem in the future.
Owen