Re: Nat

2015-12-21 Thread Mark Andrews
We already have CPE vendors shipping with "guest" ssids. These require a seperate /64 and are usually treated as external to the home network. With IPv4 you grab a seperate chunck of rfc1918 space and nat that as well as the main chuck of space. For IPv6 you need multiple /64s from the ISP. A

Re: Nat

2015-12-21 Thread Owen DeLong
> On Dec 20, 2015, at 08:57 , Mike Hammett wrote: > > There's nothing that can really be done about it now and I certainly wasn't > able to participate when these things were decided. > > However, keeping back 64 bits for the host was a stupid move from the > beginning.

Re: Nat

2015-12-21 Thread Mark Andrews
In message , Tony Fin ch writes: > Alan Buxey wrote: > > > Most people don't need the devices to talk to each other > > A lot of home networking uses mDNS - partitioning off devices will break > things like

Re: Nat

2015-12-21 Thread Owen DeLong
Not quite true… "What happens when we have to make an incompatible change to the fundamental packet header?” is the real challenge. It happens that in the case of IPv4, we didn’t hit that particular wall until we needed a larger address. In IPv6, it will probably be something related to the

Re: Nat

2015-12-21 Thread Scott Weeks
--- ja...@puck.nether.net wrote: From: Jared Mauch I'd love to hear from people on what they perceive and the real barriers they have seen with regards to IPv6 in your environment. --- In the enterprise; managers

Re: IPv4 subnets for lease?

2015-12-21 Thread Martin Hannigan
On Thu, Dec 17, 2015 at 9:31 PM, Nick Ellermann wrote: > We have customers asking to lease IP space for BGP transit with us and > other peers. But they are struggling to get at a minimum even a Class C, > even though they have their own ASN. We don't have large

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

2015-12-21 Thread Stephane Bortzmeyer
On Fri, Dec 18, 2015 at 09:28:11AM +0100, Stephane Bortzmeyer wrote a message of 6 lines which said: > http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554 The password for the first backdoor (the one regarding

Re: Nat

2015-12-21 Thread Mark Tinka
On 21/Dec/15 07:22, Jason Baugher wrote: > > >From a service provider perspective, I feel we have 2 choices. The first is > to spend a lot of time trying to educate our customers on how networks work > and how to manage theirs. Personally, I'd rather have my fingernails pulled > out. The

Re: Nat

2015-12-21 Thread Matthew Newton
Hi, On Sat, Dec 19, 2015 at 03:03:18PM +0100, Sander Steffann wrote: > > The mix of having to do this crazy thing of gateway announcements > > from one place, DNS from somewhere else, possibly auto-assigning > > addresses from a router, but maybe getting them over DHCPv6. It's > > just confusing

Re: Nat

2015-12-21 Thread A . L . M . Buxey
Hi, > > > persuading people to move to IPv6. Especially when everyone > > > already understands DHCP in the v4 world. > > enterprise) and once they stop thinking "I want to do everything > > in IPv6 in exactly the same way as I have always done in IPv4" exactly. as my thoughts often gather

Re: Nat

2015-12-21 Thread Mike Hammett
It simply is not common and will not become common. Not everyone is a network engineer. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Keith Medcalf"

RE: Nat

2015-12-21 Thread Jon Lewis
On Sun, 20 Dec 2015, Chuck Church wrote: insist on "NAT/PAT != firewall". Well, a router routing everything it sees is even less of a firewall. I'm really not trying to be argumentative here, but I'm just having a hard time believing Joe Sixpack will be applying business networking

RE: Nat

2015-12-21 Thread Alan Buxey
I'm surprised that noone of the home wifi router folk haven't cornered the market on that one in terms of client separation. Most people don't need the devices to talk to each other so by default all ports on different VLANs .. 192.168.0-8.x etc Internet of things security out of the box. Web

RE: Nat

2015-12-21 Thread Scott Weeks
--- chuckchu...@gmail.com wrote: From: "Chuck Church" but I'm just having a hard time believing Joe Sixpack will be applying business networking principals such as micro-segmenting to a home network with 3 to 7 devices on it. If anything, these complexities we keep

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

2015-12-21 Thread Doug Barton
https://www.schneier.com/blog/archives/2015/12/back_door_in_ju.html

Re: Nat

2015-12-21 Thread John Levine
In article <4102d692-a315-4c38-a2cb-54f96999e...@lboro.ac.uk> you write: >I'm surprised that noone of the home wifi router folk haven't cornered the >market on that >one in terms of client separation. Most people don't need the devices to talk >to each >other so by default all ports on

RE: Nat

2015-12-21 Thread Tony Finch
Alan Buxey wrote: > Most people don't need the devices to talk to each other A lot of home networking uses mDNS - partitioning off devices will break things like printing and chromecast and using your phone as a remote control for your media players, etc. ad nauseam.