Markus, CER-ID can apply to more than just the cable industry. DSL modems and satellite services can also take advantage of the benefits if we don’t lock down the interface. Also, some home owners may not want the natural boundary being the Cable modem or DSL modem and this provides a way to make that happen.
Do you still want to discuss how or why CER-ID is implemented this way? Thank you for your comments so far. Michael Kloberdans Lead Architect / Home Networking CableLabs® 858 Coal Creek Circle. Louisville, CO. 80027 303-661-3813 (v) On 10/27/14, 8:47 AM, "Markus Stenberg" <[email protected]> wrote: >On 27.10.2014, at 16.17, Michael Kloberdans <[email protected]> >wrote: >> All home routers should know their role; CER or IR. The status of CER >> places the burden of providing the firewall and NAPT as it was >>determined >> to be the edge router. The interior routers need to understand their >>role >> and disable their firewall and NAPT abilities. This is why the CER-ID >>is >> a numeric value (indicating CER status) or a double colon (indicating IR >> status). > >I agree with that. However, I disagree with how you are doing it. > >> In the case of the eRouter (combined cable modem and >> router/switch/wireless), it performs a /48 check between the IA_NA and >>the >> IA_PD ranges. If the ISP sends a double colon or null in the CER-ID >>ORO, >> AND if the IA_NA is in a different /48 than the given IA_PD, the eRouter >> becomes the CER. It must now declare to the IRs that it is the CER. A >> directly connected IR will see the CER value in the ORO and, in the >> absence of another controlling protocol, disable its firewall and NAPT >> functions. > >Why cannot it determine it is CER by bits coming from particular type of >plug? Cable modem plug looks different from ethernet/wireless? It would >be much more secure that way. > >> The nice advantage of the double colon is for network literate people >>like >> yourself to manually determine where the boundary between public and >> private network will be. If you didn¹t want the Cable or DSL modem to >>be >> the CER, manually give them a Œ::² and assign a CER-ID to a downstream >> router. Thus, CER-ID allows for automatic detection of the CER and >> uniform behavior of IRs within the home and also a way to design your >> network the way you desire. > >Again, bits coming from cable port <> not sounds much simpler to me. And >more secure. > >Cheers, > >-Markus _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
