[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-wbeebee-ipv6-cpe-router-04 comments

To: Antonio Querubin <tony@lava.net>
Subject: Re: draft-wbeebee-ipv6-cpe-router-04 comments
From: Mikael Abrahamsson <swmike@swm.pp.se>
Date: Thu, 26 Mar 2009 22:08:46 +0100 (CET)
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <alpine.OSX.1.00.0903260928140.127@cust11794.lava.net>
Organization: People's Front Against WWW
References: <93123C20-3758-43C8-9201-22CB6D5B6233@apple.com> <B00EDD615E3C5344B0FFCBA910CF7E1D06C0D8F4@xmb-rtp-20e.amer.cisco.com> <943C3A80-979F-4289-BA20-C17D20861111@apple.com> <2bbba3c10903231557i618926bavff56f877c18eeee9@mail.gmail.com> <6161A3E1-DCD1-467F-9AD5-0A15821413A2@apple.com> <2bbba3c10903231639t51dac3c3p57e1a4562bd342c4@mail.gmail.com> <EE8F7462-7233-4E0B-9CEB-FA2B7A2D15B3@apple.com> <2bbba3c10903231828g79b0207cnf4b53959e0a21706@mail.gmail.com> <30020A2D-4EE5-4F86-A1E5-532990B44D4F@apple.com> <BB56240F3A190F469C52A57138047A0301FBC00A@xmb-rtp-211.amer.cisco.com> <9AE362E6-46E1-4400-B1E3-F6B4D5392C06@apple.com> <B00EDD615E3C5344B0FFCBA910CF7E1D06C87A9C@xmb-rtp-20e.amer.cisco.com> <C4A0A0F2-FB98-4BCD-9FD4-5F58A61B3D9D@apple.com> <20090326192455.dbcedfab.ipng@69706e6720323030352d30312d31340a.nosense.org> <alpine.DEB.1.10.0903261049210.25843@uplift.swm.pp.se> <alpine.OSX.1.00.0903260928140.127@cust11794.lava.net>
User-agent: Alpine 1.10 (DEB 962 2008-03-14)

On Thu, 26 Mar 2009, Antonio Querubin wrote:

Perhaps you're assuming that multiple customers are sharing the samesubnet? In the case where customers do NOT share subnets, I fail to seehow this adds a security problem that didn't already exist before. InIPv4, if a DSL provider gives a customer a /28 instead of /30 for theWAN link, that customer could easily hang multiple CPE routers off oftheir WAN-side ethernet switch now and they could talk to each other.Some of our customers use their WAN subnet as a DMZ and their routersare firewalls. But the communication on the WAN subnet between customerdevices stays on the local ethernet switch and shouldn't traverse theDSL loop. I don't think we should cripple that capability for IPv6.

Yes I was under the impression that what Mark Smith was referring to wasmultiple residential customer CPEs (different unrelated households) in thesame subnet with ethernet backhaul.

As long as there is only a single administrative entity per subnet, nosecurity implications arise, just as you say.


--
Mikael Abrahamsson    email: swmike@swm.pp.se

References:
- draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Ole Troan <otroan@employees.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Ole Troan <otroan@employees.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Ole Troan <otroan@employees.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Wes Beebee (wbeebee)" <wbeebee@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- RE: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: "Hemant Singh (shemant)" <shemant@cisco.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: james woodyatt <jhw@apple.com>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Mark Smith <ipng@69706e6720323030352d30312d31340a.nosense.org>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Mikael Abrahamsson <swmike@swm.pp.se>
- Re: draft-wbeebee-ipv6-cpe-router-04 comments
  - From: Antonio Querubin <tony@lava.net>

Prev by Date: RE: draft-wbeebee-ipv6-cpe-router-04 comments
Next by Date: Re: draft-wbeebee-ipv6-cpe-router-04 comments
Previous by thread: Re: draft-wbeebee-ipv6-cpe-router-04 comments
Next by thread: Re: AW: draft-wbeebee-ipv6-cpe-router-04 comments
Index(es):
- Date
- Thread