On 27.10.2014, at 16.17, Michael Kloberdans <[email protected]> wrote: > All home routers should know their role; CER or IR. The status of CER > places the burden of providing the firewall and NAPT as it was determined > to be the edge router. The interior routers need to understand their role > and disable their firewall and NAPT abilities. This is why the CER-ID is > a numeric value (indicating CER status) or a double colon (indicating IR > status).
I agree with that. However, I disagree with how you are doing it. > In the case of the eRouter (combined cable modem and > router/switch/wireless), it performs a /48 check between the IA_NA and the > IA_PD ranges. If the ISP sends a double colon or null in the CER-ID ORO, > AND if the IA_NA is in a different /48 than the given IA_PD, the eRouter > becomes the CER. It must now declare to the IRs that it is the CER. A > directly connected IR will see the CER value in the ORO and, in the > absence of another controlling protocol, disable its firewall and NAPT > functions. Why cannot it determine it is CER by bits coming from particular type of plug? Cable modem plug looks different from ethernet/wireless? It would be much more secure that way. > The nice advantage of the double colon is for network literate people like > yourself to manually determine where the boundary between public and > private network will be. If you didn¹t want the Cable or DSL modem to be > the CER, manually give them a Œ::² and assign a CER-ID to a downstream > router. Thus, CER-ID allows for automatic detection of the CER and > uniform behavior of IRs within the home and also a way to design your > network the way you desire. Again, bits coming from cable port <> not sounds much simpler to me. And more secure. Cheers, -Markus _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
