On Jan 12, 2011, at 9:34 AM, Ted Fischer wrote: > At 11:59 AM 1/12/2011, Jim postulated wrote: > >> On 01/11/2011 01:31 PM, Owen DeLong wrote: >> > It's not about the number of devices. That's IPv4-think. It's about the >> > number >> > of segments. I see a world where each home-entertainment cluster would >> > be a separate segment (today, few things use IP, but, future HE solutions >> > will include Monitors, Amps, Blu-Ray players, and other Media gateways >> > that ALL have ethernet ports for control and software update). >> >> Your future is now, Owen. I have four network devices at my primary >> television -- the TV itself, TiVo, PS3, and Wii (using the wired >> adapter). All told, I have seven networked home entertainment devices >> in my house, with another (Blu-Ray player) likely coming soon. I feel >> confident in saying that my use case isn't unusual these days. >> >> While a lot of the scalability concerns are blown off as "not applying >> to typical consumers," we're quickly getting to the point where your >> average joe IS somewhat likely to have different classes of devices that >> might benefit from being on separate subnets. >> >> Jima > > I helped a friend setup his "home network" recently. He is using an old > Linksys Router with no v6 support. I like to be conservative and only > allocate what might be needed ... part of my "Defense in Depth" strategy to > provide some layer of "security" with NAT (yes, I know - my security by > obscurity is to use something from 172.16) and a limited amount of addresses > to allocate (not to mention WPA2 - he had default no security when I first > got there). Used to be a /29 would be sufficient for any home. But, before > I knew it, he had a wireless printer, laptop, and 4 iPhones all needing the > new wireless passphrase to connect, plus he was anticipating 2 more laptops > (one each for his children - to whom 2 of the iPhones belonged), and > addresses set aside for guests and the occasional business visitor (he works > from home). I left him configured with a /28, and told him to call me if he > anticipated more. > > As a side security note - we lost the laptop on the "new" secured network > before I tracked down that it had automatically logged in to his neighbor's > (also unprotected) network on reboot. > > Ted >
I'm not sure how you see limiting available addresses as a security feature rather than just a nuisance, but, to each their own. Owen
