One other thing I forgot to mention about firewalls vis-à-vis the CE router, is 
that not all CE routers have firewalls.

Some ISPs provide their customers with an option of receiving a "basic" (single 
LAN Ethernet port, no Wi-Fi) CE router that has no firewall. The expectation is 
that most users who are asking for these routers will put their own router 
behind the CE router, and this user-supplied interior router (IR) will have 
whatever firewall the user wants.
 
This scenario is real today. I don't think the CER ID proposal would benefit it 
at all. If CER ID behaviors were implemented as suggested in the draft, the 
results would be undesirable. Looking from inside the home network, the IR is 
the "real" outer edge of the home network. Looking from the ISP network, the CE 
router is the edge. The Ethernet link in between is in limbo and only becomes 
important when there are problems.
Barbara

[Additional info for the curious: The ISP-provided CE router is responsible for 
all interactions with the ISP network (all DHCP, PPPoE). For IPv4, the 
ISP-provided router has an IP passthrough function that provides the acquired 
public IPv4 address to the IR, when the IR does a DHCPv4 request to the CE 
router. For IPv6, the CE router sub-delegates (IA_PD) from the prefix it got 
from the ISP. You may wonder why bother with a router; why not just provide a 
bridged modem? By having it as a router, the device is manageable (it can have 
its firmware updated, run diagnostics, manage PPPoE credentials that users 
struggle to remember, etc.), and troubleshooting is simplified because most 
users can directly connect a PC to the ISP-supplied router when on a help desk 
call (which results in shorter help desk calls). In other words, the basic CE 
router has significantly lower operational costs than a bridged modem.]

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to