On Thu, 27 Jan 2011 07:04:31 PST, Owen DeLong said:
On Jan 27, 2011, at 6:49 AM, Jared Mauch wrote: The ipv6 zealots talking about anything but a /64 for end-site are talking about a "business class" service. Even with my static IPs at home, I have no need for more than a single /64 to be used in my wildest dreams. I could live with ~256 ips for the future. I consider my tech density "above-average".
Even today, it is not uncommon for a residential gateway to support at least five segments:
1. External WAN segment shared with ISP 2. Internal wired network 3. Internal wireless network 4. "DMZ" segment 5. Guest wireless network
Even at the low end - a Belkin Play wireless router with that basic config can be had for $45 now: http://www.google.com/products/catalog?oe=utf-8&q=belkin+play+router+wireless&um=1&ie=UTF-8&cid=8536738187275945735&ei=B5JBTaPwJYjVgAfPh7ngAQ&sa=X&oi=product_catalog_result&ct=result&resnum=3&ved=0CDcQ8wIwAg# Nice unit, works reasonably well for me. Too bad I'll probably have to replace both that and the Linksys cablemodem in front of it when Comcast gets me IPv6 (I'm not holding my breath waiting for firmware upgrades for either to enable IPv6, at that price level the flash memory must be fairly tiny and IPv6 will cause the image to grow a bunch). On Thu, 27 Jan 2011 11:03:41 EST, Jared Mauch said:
I could call out vendors that have highly sensitive data that is available "if only" you brought a cat5 cable to the office vs using their "guest" wireless. that segmentation ignores the authentication of end-stations, or person behind the keyboard. If you actually did that, you don't need to have a different 'guest' wireless vs the 'internal' wireless network.
Enterprises don't use $45 Belkin wireless routers. The segmentation security model works just fine for a home network - I give my kids the SSID and key for the one wireless net, and if they have friends along when they visit, they get the SSID and key for the *other* network off the post-it note stuck to the side of the Belkin. (That security model works too - if you can read the post-it, my wireless is the least of my security problems). Feel free to suggest a significantly better security model that involves less management work for me. ;)