----- Original Message -----
From: "Butch Evans" <[EMAIL PROTECTED]>
To: "WISPA General List" <wireless@wispa.org>
Sent: Saturday, December 02, 2006 10:44 PM
Subject: [WISPA] Routed vs bridged (again)...
On Sat, 2 Dec 2006, Marlon K. Schafer wrote:
It's a very high cost. Why does every residential user need to tie up 3
ip addys? How long can we keep handing them out like that before we run
into trouble again? There is only so much nat that we're gonna get away
with.
I give up...why does a residential user need 3 ips? I never suggested
that they did. And I guess I don't understand what nat has to do with any
of it.
OK, what's the minimum number of ip addys that a routed customer HAS to use?
I thought it was three. Is it really two or four instead? Either way, it's
a waste of ip addresses.
NAT matters because it's the only way many of us would ever get enough ip
addys for every customer AND every device on the network. For customers
that increasinly need two way communications NAT isn't a good option.
Then there's the CALEA crap. How in the world is a person going to track
EVERY packet in his network? And those doing NAT may well have to as ALL
customers behind a nat'd address show up as the one public addy. That's not
gonna help anyone find that Kiddie porn freak. So what will we have to do
to comply? Don't know for sure yet, but I certinly think that it'll be much
easier to deal with the issue if every customer has a public ip.
No...not a requirement. It's just a more scalable solution.
There are nearly 4000 (unfortunately not all mine :-) 100meg customers on
that network.
I don't want to argue this point, because I just don't have enough
information about the network. I seriously doubt, though, that all those
customers are all on a single /20 network (which would support 4096
hosts). Even worse, if there are routers there, too, it may need a /19
(which would accomodate over 8000 customers). If they are not, take my
word for it...they are routed.
They are routed to the world at the isp. But they are NOT routed within the
network. They are vlan'd. Some isp's may have multiple vlans or some such
thing, but I'd be surprised at that.
I'm just saying that it's far less important than it used to be.
With the proliferation of worms being what it is, and most of them
spreading by broadcast to the local network? You must be kidding...
Nope. We block client to client communications at the ap (and hopefully
soon at the switch). The worms can only get sideways on my network by going
through the router, which under your theory will block them.
Also, we require all customers have a firewall and antivirus. In theory we
actually have several levels of protection in place against just such
problems.
OK, I've had enough fun poking at the religious right on the routed vs.
bridged debate. The reality of the situation (as with so many things in
life) is that both are used and both do a better job if used in the right
places. Right tool for the right job. And EVERYONE's job is a different
one. The isp has to be able to make smart choices for his network. Talk
about all or nothing in either direction isn't really helpful in my mind.
How's that?
marlon
--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
Mikrotik Certified Consultant
(http://www.mikrotik.com/consultants.html)
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
--
WISPA Wireless List: wireless@wispa.org
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/