One other thing I forgot to mention about firewalls vis-à-vis the CE router, is that not all CE routers have firewalls.
Some ISPs provide their customers with an option of receiving a "basic" (single LAN Ethernet port, no Wi-Fi) CE router that has no firewall. The expectation is that most users who are asking for these routers will put their own router behind the CE router, and this user-supplied interior router (IR) will have whatever firewall the user wants. This scenario is real today. I don't think the CER ID proposal would benefit it at all. If CER ID behaviors were implemented as suggested in the draft, the results would be undesirable. Looking from inside the home network, the IR is the "real" outer edge of the home network. Looking from the ISP network, the CE router is the edge. The Ethernet link in between is in limbo and only becomes important when there are problems. Barbara [Additional info for the curious: The ISP-provided CE router is responsible for all interactions with the ISP network (all DHCP, PPPoE). For IPv4, the ISP-provided router has an IP passthrough function that provides the acquired public IPv4 address to the IR, when the IR does a DHCPv4 request to the CE router. For IPv6, the CE router sub-delegates (IA_PD) from the prefix it got from the ISP. You may wonder why bother with a router; why not just provide a bridged modem? By having it as a router, the device is manageable (it can have its firmware updated, run diagnostics, manage PPPoE credentials that users struggle to remember, etc.), and troubleshooting is simplified because most users can directly connect a PC to the ISP-supplied router when on a help desk call (which results in shorter help desk calls). In other words, the basic CE router has significantly lower operational costs than a bridged modem.] _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
