Independent Submission M. K. Savich Internet-Draft 4 June 2026 Intended status: Informational Expires: 6 December 2026 Residential Network Mapping Model draft-savich-residential-network-map-00 Abstract Residential networks increasingly include managed routers, switches, wireless access points, home lab systems, smart home devices, surveillance devices, guest networks, and cloud-connected equipment. These devices are often added incrementally without a durable mapping model for addressing, classification, review, or troubleshooting. This document describes a lightweight residential network mapping model for IPv4 address planning and device classification. The model defines Network Categories, Addressing Priority, Trust Levels, Exposure Levels, device record fields, flat-network and segmented- network examples, and simple review and change-log practices. The motivation for this document is security awareness. A residential network map can help consumers understand what kinds of devices are on their network, which devices are trusted or restricted, which devices are reachable locally or remotely, and where personal or household data may flow. The model is intended for regular users and technically capable home administrators who need a practical way to organize residential, home lab, IoT, and surveillance networks without deploying enterprise network management systems. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Savich Expires 6 December 2026 [Page 1] Internet-Draft Residential Net Map June 2026 This Internet-Draft will expire on 6 December 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 4. Applicability . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Design Goals . . . . . . . . . . . . . . . . . . . . . . . . 6 6. Non-Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Mapping Model Overview . . . . . . . . . . . . . . . . . . . 8 8. Network Categories . . . . . . . . . . . . . . . . . . . . . 9 8.1. Management . . . . . . . . . . . . . . . . . . . . . . . 9 8.2. Main . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8.3. Guest . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8.4. IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8.5. Surveillance . . . . . . . . . . . . . . . . . . . . . . 11 8.6. Unknown . . . . . . . . . . . . . . . . . . . . . . . . . 11 9. Addressing Priority . . . . . . . . . . . . . . . . . . . . . 12 9.1. Static Required . . . . . . . . . . . . . . . . . . . . . 12 9.2. Reservation Recommended . . . . . . . . . . . . . . . . . 13 9.3. Dynamic Acceptable . . . . . . . . . . . . . . . . . . . 13 10. Trust Levels . . . . . . . . . . . . . . . . . . . . . . . . 13 10.1. Management . . . . . . . . . . . . . . . . . . . . . . . 14 10.2. Trusted . . . . . . . . . . . . . . . . . . . . . . . . 14 10.3. Restricted . . . . . . . . . . . . . . . . . . . . . . . 14 10.4. Guest . . . . . . . . . . . . . . . . . . . . . . . . . 14 10.5. Unknown . . . . . . . . . . . . . . . . . . . . . . . . 14 11. Exposure Levels . . . . . . . . . . . . . . . . . . . . . . . 15 11.1. Internal Only . . . . . . . . . . . . . . . . . . . . . 15 11.2. Local Shared . . . . . . . . . . . . . . . . . . . . . . 15 11.3. Remote Access . . . . . . . . . . . . . . . . . . . . . 15 11.4. Internet Exposed . . . . . . . . . . . . . . . . . . . . 15 11.5. Unknown . . . . . . . . . . . . . . . . . . . . . . . . 16 12. Classification Consistency . . . . . . . . . . . . . . . . . 16 13. Classification Examples . . . . . . . . . . . . . . . . . . . 16 14. Device Records . . . . . . . . . . . . . . . . . . . . . . . 18 Savich Expires 6 December 2026 [Page 2] Internet-Draft Residential Net Map June 2026 15. Credential Guidance . . . . . . . . . . . . . . . . . . . . . 19 16. Flat Networks and Segmented Networks . . . . . . . . . . . . 19 17. Flat-Network Address Planning . . . . . . . . . . . . . . . . 20 18. Segmented-Network Address Planning . . . . . . . . . . . . . 21 19. Review Guidance . . . . . . . . . . . . . . . . . . . . . . . 22 20. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 23 21. Troubleshooting Uses . . . . . . . . . . . . . . . . . . . . 24 21.1. Address Conflicts . . . . . . . . . . . . . . . . . . . 24 21.2. Unknown Devices . . . . . . . . . . . . . . . . . . . . 24 21.3. Unreachable Devices . . . . . . . . . . . . . . . . . . 24 22. Privacy Considerations . . . . . . . . . . . . . . . . . . . 25 23. Security Considerations . . . . . . . . . . . . . . . . . . . 26 24. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 25. References . . . . . . . . . . . . . . . . . . . . . . . . . 27 25.1. Normative References . . . . . . . . . . . . . . . . . . 27 25.2. Informative References . . . . . . . . . . . . . . . . . 27 Appendix A. Example Network Map . . . . . . . . . . . . . . . . 27 Appendix B. Example Device Records . . . . . . . . . . . . . . . 28 B.1. Router . . . . . . . . . . . . . . . . . . . . . . . . . 29 B.2. Switch . . . . . . . . . . . . . . . . . . . . . . . . . 29 B.3. Wireless Access Point . . . . . . . . . . . . . . . . . . 30 B.4. Smart Display . . . . . . . . . . . . . . . . . . . . . . 30 B.5. Camera . . . . . . . . . . . . . . . . . . . . . . . . . 31 B.6. Robotic Cleaner . . . . . . . . . . . . . . . . . . . . . 31 B.7. Phone . . . . . . . . . . . . . . . . . . . . . . . . . . 32 B.8. EV Charger . . . . . . . . . . . . . . . . . . . . . . . 33 B.9. Connected Vehicle . . . . . . . . . . . . . . . . . . . . 33 B.10. Streaming Device . . . . . . . . . . . . . . . . . . . . 34 B.11. Robotic Vacuum . . . . . . . . . . . . . . . . . . . . . 34 B.12. Guest Phone . . . . . . . . . . . . . . . . . . . . . . . 35 B.13. Unknown Device . . . . . . . . . . . . . . . . . . . . . 35 Appendix C. CSV Representation . . . . . . . . . . . . . . . . . 36 Appendix D. JSON Representation . . . . . . . . . . . . . . . . 37 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 39 1. Introduction Residential networks are no longer limited to a router, a few laptops, and a printer. Many homes now contain managed routers or firewalls, switches, wireless access points, smart home systems, surveillance systems, guest networks, home lab equipment, cloud- connected devices, and transient client devices. These environments often grow incrementally. A router is installed. A switch is added. A camera appears. A robotic cleaner joins the network. A guest network is enabled. A network-connected vehicle, EV charger, thermostat, streaming device, or appliance begins using an address. Over time, the administrator can lose track of which Savich Expires 6 December 2026 [Page 3] Internet-Draft Residential Net Map June 2026 devices exist, which addresses are assigned, which devices should receive stable addresses, which devices are trusted, and which devices are reachable locally or remotely. This document describes a lightweight residential network mapping model that combines: * IPv4 address planning, * device classification, * addressing stability guidance, * trust posture, * exposure posture, * review practices, and * lightweight change tracking. This document does not define a new protocol. It defines an operational mapping model that can be implemented as a worksheet, spreadsheet, Markdown document, database table, configuration record, or simple network mapping tool. 2. Terminology The following terms are used in this document. Administrator: The person or group responsible for maintaining the residential network and its mapping records. Address Plan: A documented allocation of IPv4 addresses or address ranges to Network Categories. Addressing Priority: A classification field that describes how stable a device's address assignment is expected to be. Device Record: A structured record describing a mapped network device. Dynamic Address: An IP address assigned by DHCP without a fixed reservation. Exposure Level: A classification field that describes how reachable a mapped device is expected to be. Savich Expires 6 December 2026 [Page 4] Internet-Draft Residential Net Map June 2026 Flat Network: A network where multiple device classes share a common subnet, such as 192.0.2.0/24. Network Category: A logical network zone or administrative grouping. In segmented networks, a Network Category often maps to a VLAN, subnet, SSID, firewall zone, or equivalent control boundary. In flat networks, a Network Category can still be used as an administrative mapping label. Residential Network Map: A structured representation of devices, addresses, categories, and classification information for a residential network. Segmented Network: A network where devices are separated into multiple VLANs, subnets, SSIDs, firewall zones, or equivalent control boundaries. Static Address: An IP address manually configured on a device or otherwise fixed so that the device is expected to remain reachable at that address. DHCP Reservation: An IP address assigned by a Dynamic Host Configuration Protocol server to a specific device, typically based on a link-layer address. Trust Level: A classification field that describes the expected access posture of a mapped device. 3. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 4. Applicability This document applies to residential, home lab, and prosumer networks that include managed routing, switching, guest access, Internet of Things devices, and surveillance devices. The model is intended for networks where address planning and device classification are useful, but enterprise network management systems are unnecessary or impractical. This document is most applicable to: Savich Expires 6 December 2026 [Page 5] Internet-Draft Residential Net Map June 2026 * residential networks with managed routing or switching, * home lab networks, * smart home networks, * residential IoT networks, * residential surveillance networks, * networks with guest access, * networks maintained by technically capable homeowners, * networks maintained by family members or informal administrators, and * networks maintained by residential technology consultants or integrators. The examples in this document use IPv4 documentation addresses. A real residential deployment would normally use IPv4 private address space, including the address ranges described in [RFC1918]. IPv6 mapping guidance is out of scope for this version of the document. This document is not limited to any router, firewall, wireless, surveillance, smart home, or home lab vendor. 5. Design Goals The mapping model described in this document has the following goals: * provide predictable address planning, * classify devices consistently, * distinguish network zones from trust and exposure posture, * identify devices that need stable addressing, * improve consumer awareness of the types of devices on the network, * help administrators recognize devices that may collect, transmit, or expose household data, * encourage review of devices with remote access or unknown classifications, Savich Expires 6 December 2026 [Page 6] Internet-Draft Residential Net Map June 2026 * reduce address conflicts, * support troubleshooting, * support flat networks and segmented networks, * remain usable by regular home-network administrators, * avoid credential collection, and * provide a simple path from an informal worksheet to a structured map. 6. Non-Goals This document does not define: * a new Internet protocol, * a full enterprise IP address management system, * a firewall policy model, * a network monitoring system, * a credential vault, * an automated device discovery protocol, * IPv6 address planning, * residential audio/video system classification, * a complete zero trust architecture, * a vendor-specific configuration method, or * a replacement for professional network design or security assessment. This document does not define firewall policy between Network Categories. Administrators can use Network Categories as inputs to firewall or segmentation policy, but those policies are out of scope for this document. Savich Expires 6 December 2026 [Page 7] Internet-Draft Residential Net Map June 2026 7. Mapping Model Overview A residential network map describes devices using four classification axes: * Network Category, * Addressing Priority, * Trust Level, and * Exposure Level. These axes answer four different questions: The four classification axes answer these questions: * Network Category: Where does this device belong logically? * Addressing Priority: How stable does this device's address assignment need to be? * Trust Level: How much access should this device receive? * Exposure Level: How reachable is this device expected to be? The following diagram shows the four classification questions used by the residential network mapping model. +------------------------------------------------------+ | Device Classification Model | +--------------------------+---------------------------+ | Network Category | Addressing Priority | | | | | Where does this device | How stable does its | | belong logically? | address need to be? | +--------------------------+---------------------------+ | Trust Level | Exposure Level | | | | | How much access should | How reachable is this | | this device receive? | device expected to be? | +--------------------------+---------------------------+ These axes are intentionally separate. For example, a device can belong to the IoT Network Category, have a Restricted Trust Level, and have a Remote Access Exposure Level. Similarly, a device can belong to the Main Network Category while still having a Restricted Trust Level if the administrator does not fully trust it. Savich Expires 6 December 2026 [Page 8] Internet-Draft Residential Net Map June 2026 8. Network Categories A Network Category represents the logical network zone or administrative grouping to which a device belongs. This document defines the following Network Categories: * Management, * Main, * Guest, * IoT, * Surveillance, and * Unknown. In a segmented network, a Network Category often maps one-to-one to a VLAN, subnet, SSID, firewall zone, or equivalent control boundary. In a flat network, a Network Category can still be used as an administrative label for planning and documentation. 8.1. Management The Management category is used for devices and interfaces involved in administering or operating the network. Examples include: * router or firewall management interfaces, * switches, * wireless access points, * network controllers, * local network management systems, and * administrative appliances. Devices in this category commonly require stable addressing. Savich Expires 6 December 2026 [Page 9] Internet-Draft Residential Net Map June 2026 8.2. Main The Main category is used for trusted household or primary user devices. Examples include: * personal laptops, * desktop computers, * phones, * tablets, * trusted printers, * trusted storage devices, and * other regular household devices. The Main category is commonly associated with the primary LAN or primary trusted Wi-Fi network. 8.3. Guest The Guest category is used for visitor, temporary, or contractor devices. Examples include: * visitor phones, * visitor laptops, * contractor devices, and * temporary devices that should not be treated as trusted household devices. 8.4. IoT The IoT category is used for smart home, appliance, embedded, cloud- connected, or lower-trust connected devices. Examples include: * smart thermostats, Savich Expires 6 December 2026 [Page 10] Internet-Draft Residential Net Map June 2026 * robotic cleaners, * smart speakers, * appliances, * lighting bridges, * smart plugs, * EV chargers, * connected vehicles, * sensors, and * vendor-managed smart devices. 8.5. Surveillance The Surveillance category is used for physical monitoring and video security devices. Examples include: * IP cameras, * network video recorders, * video door stations, * camera bridges, * intercom cameras, and * other monitoring devices. The Surveillance category is intentionally narrower than a general "Security" category. A general Security category can become ambiguous because it could include firewalls, alarm panels, door locks, cameras, identity systems, endpoint security tools, or access control systems. 8.6. Unknown The Unknown category is used for devices that have been discovered but not yet classified. Savich Expires 6 December 2026 [Page 11] Internet-Draft Residential Net Map June 2026 The Unknown category is intended as a temporary holding category by default. Devices SHOULD NOT remain in the Unknown category indefinitely without review. If a device remains Unknown for an extended period, the Notes field SHOULD explain why the device has not been reclassified. 9. Addressing Priority Addressing Priority describes the addressing stability expected for a mapped device. This document defines the following Addressing Priority values: * Static Required, * Reservation Recommended, and * Dynamic Acceptable. 9.1. Static Required Static Required means the device needs predictable addressing. A static address or a functionally equivalent fixed assignment is expected. This value is appropriate when loss of address predictability can disrupt administration, routing, switching, surveillance, automation, or core network operation. Examples include: * router or firewall management interfaces, * switches, * wireless access points, * network controllers, * network video recorders, and * other devices that must remain reachable for troubleshooting. Savich Expires 6 December 2026 [Page 12] Internet-Draft Residential Net Map June 2026 9.2. Reservation Recommended Reservation Recommended means the device should receive a stable DHCP reservation when practical, but the network can tolerate temporary dynamic assignment. This value is appropriate for devices that are easier to maintain when their address is stable, but that are not core network infrastructure. Examples include: * cameras, * printers, * smart home hubs, * robotic cleaners, * EV chargers, and * devices commonly accessed from applications or local dashboards. 9.3. Dynamic Acceptable Dynamic Acceptable means the device can use ordinary DHCP without a fixed reservation. This value is appropriate for devices that do not require a predictable address. Examples include: * ordinary phones, * laptops, * tablets, * guest devices, and * transient devices. 10. Trust Levels Trust Level describes the expected access posture of a mapped device. Savich Expires 6 December 2026 [Page 13] Internet-Draft Residential Net Map June 2026 This document defines the following Trust Levels: * Management, * Trusted, * Restricted, * Guest, and * Unknown. 10.1. Management The Management Trust Level is used for devices or interfaces that administer, control, or operate network infrastructure. Examples include router management interfaces, switch management interfaces, wireless controller interfaces, and network administration systems. 10.2. Trusted The Trusted Trust Level is used for known household or primary user devices that are expected to have ordinary access to the Main network. Examples include trusted laptops, phones, tablets, and workstations. 10.3. Restricted The Restricted Trust Level is used for known devices that should receive limited access compared with Trusted devices. Examples include IoT devices, surveillance devices, appliances, smart home devices, and devices with unclear update or security posture. 10.4. Guest The Guest Trust Level is used for visitor or temporary devices. 10.5. Unknown The Unknown Trust Level is used when the trust posture of a device has not yet been determined. Devices SHOULD NOT remain Unknown indefinitely without review. Savich Expires 6 December 2026 [Page 14] Internet-Draft Residential Net Map June 2026 11. Exposure Levels Exposure Level describes how reachable a mapped device is expected to be. This document defines the following Exposure Levels: * Internal Only, * Local Shared, * Remote Access, * Internet Exposed, and * Unknown. 11.1. Internal Only Internal Only is used for devices that should only be reachable for device-specific operation or administration. Examples include switches, management interfaces, and cameras that should not be accessed directly by ordinary client devices. 11.2. Local Shared Local Shared is used for devices that provide services to other devices on the local network. Examples include printers, storage devices, shared controllers, local media services, or devices intentionally discoverable by trusted local clients. 11.3. Remote Access Remote Access is used for devices that are reachable from outside the local network through a controlled method, such as a vendor cloud service, VPN, managed remote access feature, or remote management application. 11.4. Internet Exposed Internet Exposed is used for devices that are directly reachable from the public Internet or through an explicit port forwarding rule. Savich Expires 6 December 2026 [Page 15] Internet-Draft Residential Net Map June 2026 This document does not define port-forwarding record fields. The Internet Exposed value is intended only to help regular administrators identify that a device has public exposure. 11.5. Unknown Unknown is used when reachability has not yet been verified. Devices SHOULD NOT remain Unknown indefinitely without review. 12. Classification Consistency A mapped device can have classifications that appear unusual. For example, a device can belong to the IoT Network Category while having a Remote Access Exposure Level, or a device in the Main Network Category can have a Restricted Trust Level. When classification fields appear to conflict, administrators SHOULD review whether the device belongs in the correct Network Category and whether the Trust Level or Exposure Level accurately reflects how the device is used. Unusual classifications MAY be valid, but the Notes field SHOULD explain the reason. 13. Classification Examples The following examples illustrate how the four classification axes can be applied. * router-1 - Network Category: Management - Addressing Priority: Static Required - Trust Level: Management - Exposure Level: Remote Access - Notes: Primary gateway with administrative access. * switch-1 - Network Category: Management - Addressing Priority: Static Required Savich Expires 6 December 2026 [Page 16] Internet-Draft Residential Net Map June 2026 - Trust Level: Management - Exposure Level: Internal Only - Notes: Main switch. * phone-1 - Network Category: Main - Addressing Priority: Dynamic Acceptable - Trust Level: Trusted - Exposure Level: Local Shared - Notes: Trusted household device. * camera-1 - Network Category: Surveillance - Addressing Priority: Reservation Recommended - Trust Level: Restricted - Exposure Level: Internal Only - Notes: IP camera. * nvr-1 - Network Category: Surveillance - Addressing Priority: Static Required - Trust Level: Restricted - Exposure Level: Remote Access - Notes: Network video recorder. * robotic-cleaner-1 - Network Category: IoT - Addressing Priority: Dynamic Acceptable Savich Expires 6 December 2026 [Page 17] Internet-Draft Residential Net Map June 2026 - Trust Level: Restricted - Exposure Level: Remote Access - Notes: Vendor app access. * guest-phone-1 - Network Category: Guest - Addressing Priority: Dynamic Acceptable - Trust Level: Guest - Exposure Level: Local Shared - Notes: Visitor device. * unknown-1 - Network Category: Unknown - Addressing Priority: Dynamic Acceptable - Trust Level: Unknown - Exposure Level: Unknown - Notes: Needs review. 14. Device Records A mapped device SHOULD have a device record. A device record SHOULD contain the following fields: The device record fields are listed below in their canonical order. Hostname: Required. A human-readable hostname, device hostname, or administrator-assigned label. IP Address: Required. The assigned IPv4 address. MAC Address: Recommended. The link-layer address used for identification or DHCP reservation. Manufacturer: Recommended. The device manufacturer or vendor. Savich Expires 6 December 2026 [Page 18] Internet-Draft Residential Net Map June 2026 Network Category: Required. One of Management, Main, Guest, IoT, Surveillance, or Unknown. Addressing Priority: Required. One of Static Required, Reservation Recommended, or Dynamic Acceptable. Trust Level: Required. One of Management, Trusted, Restricted, Guest, or Unknown. Exposure Level: Required. One of Internal Only, Local Shared, Remote Access, Internet Exposed, or Unknown. Notes: Optional. Location, purpose, firmware, switch port, owner, review note, or other context. This document does not define a separate device-type taxonomy. Device type can be recorded in freeform Notes or implementation- specific metadata when useful. This document also does not define credential fields. Administrators SHOULD NOT store credentials in the residential network map. 15. Credential Guidance The network map defined by this document does not include credential fields. Administrators SHOULD store credentials in a password manager or other credential management system rather than in the network map. Administrators MUST NOT store plaintext passwords in a published or shared residential network map. If a separate credential system is used, the network map MAY note that a credential exists elsewhere, but it SHOULD NOT include the credential itself, password hints, recovery answers, multi-factor recovery codes, or shared secrets. 16. Flat Networks and Segmented Networks The Network Categories defined by this document can be used in both flat and segmented residential networks. In a flat network, all devices may share a single subnet, such as 192.0.2.0/24. In this case, Network Categories are administrative labels that help the administrator plan addresses and classify devices. Savich Expires 6 December 2026 [Page 19] Internet-Draft Residential Net Map June 2026 In a segmented network, Network Categories can map to VLANs, subnets, SSIDs, firewall zones, or equivalent control boundaries. For example, Management, Main, Guest, IoT, Surveillance, and Unknown can each map to a separate VLAN and subnet. This document does not require segmentation. A residential network map can begin as a flat-network planning tool and later evolve into a segmented design. 17. Flat-Network Address Planning In a flat network, Network Categories can be mapped to ranges within a single subnet. The following example uses 192.0.2.0/24, which is reserved for documentation examples. Example flat-network ranges: * Management: 192.0.2.1-192.0.2.19 - Router, firewall, switches, access points, and management interfaces. * Main: 192.0.2.20-192.0.2.99 - Trusted household devices. * IoT: 192.0.2.100-192.0.2.159 - Smart home devices, hubs, sensors, appliances, and cloud- connected devices. * Surveillance: 192.0.2.160-192.0.2.199 - Cameras, network video recorders, and door stations. * Guest: 192.0.2.200-192.0.2.239 - Guest DHCP pool. * Unknown: 192.0.2.240-192.0.2.254 - Temporary holding range for unclassified devices. In a /24 network, the .0 address is the network address and the .255 address is the broadcast address. These addresses MUST NOT be assigned to hosts. Savich Expires 6 December 2026 [Page 20] Internet-Draft Residential Net Map June 2026 The ranges in this section are examples only. Administrators can choose different ranges based on network size, router capabilities, existing address assignments, or operational preference. 18. Segmented-Network Address Planning In a segmented network, Network Categories can map to VLANs, subnets, SSIDs, firewall zones, or equivalent control boundaries. The following example uses one documentation subnet slice per Network Category. A real deployment would normally use private IPv4 subnets. Example segmented-network layout: * Management - VLAN: 10 - Subnet: 192.0.2.0/28 - Notes: Router, firewall, switches, access points, and management interfaces. * Main - VLAN: 20 - Subnet: 192.0.2.16/28 - Notes: Trusted household devices. * IoT - VLAN: 30 - Subnet: 192.0.2.32/28 - Notes: Smart home devices, hubs, sensors, appliances, and cloud-connected devices. * Surveillance - VLAN: 40 - Subnet: 192.0.2.48/28 - Notes: Cameras, network video recorders, and door stations. Savich Expires 6 December 2026 [Page 21] Internet-Draft Residential Net Map June 2026 * Guest - VLAN: 50 - Subnet: 192.0.2.64/28 - Notes: Guest devices. * Unknown - VLAN: 99 - Subnet: 192.0.2.80/28 - Notes: Unclassified devices pending review. This document does not define firewall policy between these categories. 19. Review Guidance A residential network map SHOULD be reviewed when meaningful network changes occur. Examples of meaningful changes include: * adding or removing a device, * changing a device address, * creating or removing a DHCP reservation, * moving a device to a different Network Category, * changing a device Trust Level, * changing a device Exposure Level, * adding a guest network, * adding an IoT device, * adding a surveillance device, * replacing the router or firewall, * replacing a switch, and Savich Expires 6 December 2026 [Page 22] Internet-Draft Residential Net Map June 2026 * replacing an access point. Administrators SHOULD also review the map periodically to identify unknown devices, outdated records, and devices that no longer match their intended classification. This document does not define a fixed review interval. A review interval can be selected based on the size, complexity, and risk of the network. 20. Change Log A residential network map SHOULD include a lightweight change log. The change log helps administrators understand when meaningful network changes occurred and why they were made. A change log entry SHOULD include: A change log entry SHOULD include: * Date: The date of the change. * Change: What changed. * Reason: Why the change was made. Example: * 2026-06-04 - Change: Added IoT Network Category. - Reason: Smart home devices needed separate classification. * 2026-06-08 - Change: Reserved address for main switch. - Reason: Switch should remain reachable for troubleshooting. * 2026-06-12 - Change: Moved unknown device to Guest. - Reason: Device was identified as a visitor phone. Savich Expires 6 December 2026 [Page 23] Internet-Draft Residential Net Map June 2026 21. Troubleshooting Uses The mapping model is intended to support ordinary troubleshooting. 21.1. Address Conflicts When an address conflict is suspected, an administrator can: 1. check the residential network map for the assigned device, 2. check router or firewall client lists, 3. check DHCP lease records, 4. compare the observed MAC address with the mapped MAC address, 5. identify duplicate static assignments or reservation conflicts, 6. correct the assignment, and 7. update the map. 21.2. Unknown Devices When an unknown device is discovered, an administrator can: 1. record the IP address, 2. record the host name if available, 3. record the MAC address if available, 4. record the manufacturer if available, 5. classify the device as Unknown, 6. investigate the device, 7. reclassify the device when identified, and 8. add a note if the device remains Unknown. 21.3. Unreachable Devices When a mapped device is unreachable, an administrator can check: 1. whether the device is powered on, Savich Expires 6 December 2026 [Page 24] Internet-Draft Residential Net Map June 2026 2. whether the device is connected to the expected network, 3. whether the device address changed, 4. whether the device appears in the router or firewall client list, 5. whether the mapped MAC address matches the observed MAC address, 6. whether the device moved to a different Network Category, and 7. whether recent changes explain the issue. 22. Privacy Considerations A completed residential network map can reveal sensitive operational details. Examples include: * internal addressing, * host names, * MAC addresses, * device manufacturers, * network categories, * trust posture, * exposure posture, * camera or surveillance device presence, * smart home device presence, * guest network structure, * management infrastructure, and * maintenance patterns. Completed maps SHOULD be protected from unauthorized access. Administrators SHOULD consider: * encrypted storage, Savich Expires 6 December 2026 [Page 25] Internet-Draft Residential Net Map June 2026 * restricted sharing, * secure backups, * redaction before vendor sharing, * removal of sensitive fields before publication, and * avoiding publication of real host names, MAC addresses, or locations. Public examples SHOULD use fictitious MAC addresses, fictitious host names, and non-sensitive device descriptions. 23. Security Considerations The practices described in this document can improve residential network manageability and consumer security awareness, but they can also concentrate sensitive information into one artifact. A residential network map can help an administrator identify devices that may affect privacy or security, including devices that collect video, audio, location, usage, occupancy, or behavioral data. It can also help identify devices that rely on remote access, vendor cloud services, or unclear connectivity patterns. This document does not attempt to define where each device sends data or whether a device's data handling is acceptable. Instead, it provides a simple structure that can help consumers notice which classes of devices exist on the network and which devices deserve further review. If an attacker obtains a completed residential network map, the attacker may gain insight into device roles, management interfaces, internal addressing, device manufacturers, device trust posture, device exposure posture, and possible privacy-sensitive device categories. Administrators MUST NOT store plaintext passwords in the map. Administrators SHOULD restrict access to completed maps. Administrators SHOULD avoid sharing maps that contain real MAC addresses, host names, device locations, or other sensitive operational details unless sharing is necessary and appropriately controlled. Savich Expires 6 December 2026 [Page 26] Internet-Draft Residential Net Map June 2026 Administrators SHOULD review Unknown devices, devices marked Internet Exposed, and devices marked Remote Access. Administrators SHOULD pay particular attention to IoT and Surveillance devices because these devices may collect or transmit household data that users do not routinely inspect. Administrators SHOULD update the map after meaningful network changes. Security considerations for protocol design are discussed more generally in [RFC3552]. Although this document does not define a protocol, the same general discipline applies: operational guidance should identify risks and mitigations clearly. 24. IANA Considerations This document has no IANA actions. 25. References 25.1. Normative References [RFC1918] Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G. J., and E. Lear, "Address Allocation for Private Internets", BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . 25.2. Informative References [RFC3552] Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, July 2003, . Appendix A. Example Network Map The following example illustrates how the Network Categories defined in this document can be represented as a residential network map. Savich Expires 6 December 2026 [Page 27] Internet-Draft Residential Net Map June 2026 The diagram is illustrative only. It does not define required topology, firewall policy, routing behavior, or permitted communication between categories. Example Residential Network Map +----------+ | Internet | +----+-----+ | +------+------+ | Router/ | | Firewall | +------+------+ | +------+------+ | Network | | Core | +------+------+ | +------------------+------------------+ | | | +------+-----+ +------+-----+ +------+-----+ | Management | | Main | | IoT | | VLAN 10 | | VLAN 20 | | VLAN 30 | | .2.0/28 | | .2.16/28 | | .2.32/28 | +------------+ +------------+ +------------+ +------------------+------------------+ | | | +------+-----+ +------+-----+ +------+-----+ | Surveillance| | Guest | | Unknown | | VLAN 40 | | VLAN 50 | | VLAN 99 | | .2.48/28 | | .2.64/28 | | .2.80/28 | +-------------+ +------------+ +------------+ In a flat-network implementation, the same categories can be represented as ranges inside a single subnet instead of separate VLANs or subnets. Appendix B. Example Device Records The following tables provide realistic but sanitized example device records for a residential, home lab, IoT, and surveillance network. The IP addresses are documentation addresses and are not intended for deployment. Savich Expires 6 December 2026 [Page 28] Internet-Draft Residential Net Map June 2026 The fields are listed in the canonical order defined by this document. B.1. Router +=====================+=======================+ | Field | Value | +=====================+=======================+ | hostname | router-1 | +---------------------+-----------------------+ | ip_address | 192.0.2.1 | +---------------------+-----------------------+ | mac_address | 00:00:5E:00:53:01 | +---------------------+-----------------------+ | manufacturer | Example Router Vendor | +---------------------+-----------------------+ | network_category | Management | +---------------------+-----------------------+ | addressing_priority | Static Required | +---------------------+-----------------------+ | trust_level | Management | +---------------------+-----------------------+ | exposure_level | Remote Access | +---------------------+-----------------------+ | notes | Primary gateway | +---------------------+-----------------------+ Table 1 B.2. Switch +=====================+=======================+ | Field | Value | +=====================+=======================+ | hostname | switch-1 | +---------------------+-----------------------+ | ip_address | 192.0.2.10 | +---------------------+-----------------------+ | mac_address | 00:00:5E:00:53:10 | +---------------------+-----------------------+ | manufacturer | Example Switch Vendor | +---------------------+-----------------------+ | network_category | Management | +---------------------+-----------------------+ | addressing_priority | Static Required | +---------------------+-----------------------+ | trust_level | Management | +---------------------+-----------------------+ Savich Expires 6 December 2026 [Page 29] Internet-Draft Residential Net Map June 2026 | exposure_level | Internal Only | +---------------------+-----------------------+ | notes | Main switch | +---------------------+-----------------------+ Table 2 B.3. Wireless Access Point +=====================+=========================+ | Field | Value | +=====================+=========================+ | hostname | ap-1 | +---------------------+-------------------------+ | ip_address | 192.0.2.11 | +---------------------+-------------------------+ | mac_address | 00:00:5E:00:53:11 | +---------------------+-------------------------+ | manufacturer | Example Wireless Vendor | +---------------------+-------------------------+ | network_category | Management | +---------------------+-------------------------+ | addressing_priority | Static Required | +---------------------+-------------------------+ | trust_level | Management | +---------------------+-------------------------+ | exposure_level | Internal Only | +---------------------+-------------------------+ | notes | Wireless access point | +---------------------+-------------------------+ Table 3 B.4. Smart Display +=====================+=============================+ | Field | Value | +=====================+=============================+ | hostname | smart-tv-1 | +---------------------+-----------------------------+ | ip_address | 192.0.2.50 | +---------------------+-----------------------------+ | mac_address | 00:00:5E:00:53:50 | +---------------------+-----------------------------+ | manufacturer | Samsung Electronics | +---------------------+-----------------------------+ | network_category | IoT | +---------------------+-----------------------------+ Savich Expires 6 December 2026 [Page 30] Internet-Draft Residential Net Map June 2026 | addressing_priority | Reservation Recommended | +---------------------+-----------------------------+ | trust_level | Restricted | +---------------------+-----------------------------+ | exposure_level | Local Shared | +---------------------+-----------------------------+ | notes | Smart display or television | +---------------------+-----------------------------+ Table 4 B.5. Camera +=====================+=========================+ | Field | Value | +=====================+=========================+ | hostname | camera-1 | +---------------------+-------------------------+ | ip_address | 192.0.2.64 | +---------------------+-------------------------+ | mac_address | 00:00:5E:00:53:64 | +---------------------+-------------------------+ | manufacturer | Hikvision | +---------------------+-------------------------+ | network_category | Surveillance | +---------------------+-------------------------+ | addressing_priority | Reservation Recommended | +---------------------+-------------------------+ | trust_level | Restricted | +---------------------+-------------------------+ | exposure_level | Internal Only | +---------------------+-------------------------+ | notes | IP camera | +---------------------+-------------------------+ Table 5 B.6. Robotic Cleaner +=====================+==========================================+ | Field | Value | +=====================+==========================================+ | hostname | robotic-cleaner-1 | +---------------------+------------------------------------------+ | ip_address | 192.0.2.100 | +---------------------+------------------------------------------+ | mac_address | 00:00:5E:00:53:70 | +---------------------+------------------------------------------+ Savich Expires 6 December 2026 [Page 31] Internet-Draft Residential Net Map June 2026 | manufacturer | Espressif | +---------------------+------------------------------------------+ | network_category | IoT | +---------------------+------------------------------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+------------------------------------------+ | trust_level | Restricted | +---------------------+------------------------------------------+ | exposure_level | Remote Access | +---------------------+------------------------------------------+ | notes | Robotic cleaner or embedded smart device | +---------------------+------------------------------------------+ Table 6 B.7. Phone +=====================+================================+ | Field | Value | +=====================+================================+ | hostname | phone-1 | +---------------------+--------------------------------+ | ip_address | 192.0.2.106 | +---------------------+--------------------------------+ | mac_address | 00:00:5E:00:53:71 | +---------------------+--------------------------------+ | manufacturer | Unknown | +---------------------+--------------------------------+ | network_category | Main | +---------------------+--------------------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+--------------------------------+ | trust_level | Trusted | +---------------------+--------------------------------+ | exposure_level | Local Shared | +---------------------+--------------------------------+ | notes | Trusted personal mobile device | +---------------------+--------------------------------+ Table 7 Savich Expires 6 December 2026 [Page 32] Internet-Draft Residential Net Map June 2026 B.8. EV Charger +=====================+=========================+ | Field | Value | +=====================+=========================+ | hostname | ev-charger-1 | +---------------------+-------------------------+ | ip_address | 192.0.2.138 | +---------------------+-------------------------+ | mac_address | 00:00:5E:00:53:72 | +---------------------+-------------------------+ | manufacturer | Tesla | +---------------------+-------------------------+ | network_category | IoT | +---------------------+-------------------------+ | addressing_priority | Reservation Recommended | +---------------------+-------------------------+ | trust_level | Restricted | +---------------------+-------------------------+ | exposure_level | Remote Access | +---------------------+-------------------------+ | notes | EV charging equipment | +---------------------+-------------------------+ Table 8 B.9. Connected Vehicle +=====================+====================+ | Field | Value | +=====================+====================+ | hostname | vehicle-1 | +---------------------+--------------------+ | ip_address | 192.0.2.143 | +---------------------+--------------------+ | mac_address | 00:00:5E:00:53:73 | +---------------------+--------------------+ | manufacturer | Tesla | +---------------------+--------------------+ | network_category | IoT | +---------------------+--------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+--------------------+ | trust_level | Restricted | +---------------------+--------------------+ | exposure_level | Remote Access | +---------------------+--------------------+ | notes | Connected vehicle | Savich Expires 6 December 2026 [Page 33] Internet-Draft Residential Net Map June 2026 +---------------------+--------------------+ Table 9 B.10. Streaming Device +=====================+====================+ | Field | Value | +=====================+====================+ | hostname | streaming-device-1 | +---------------------+--------------------+ | ip_address | 192.0.2.145 | +---------------------+--------------------+ | mac_address | 00:00:5E:00:53:74 | +---------------------+--------------------+ | manufacturer | Apple | +---------------------+--------------------+ | network_category | IoT | +---------------------+--------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+--------------------+ | trust_level | Restricted | +---------------------+--------------------+ | exposure_level | Local Shared | +---------------------+--------------------+ | notes | Streaming device | +---------------------+--------------------+ Table 10 B.11. Robotic Vacuum +=====================+====================+ | Field | Value | +=====================+====================+ | hostname | robotic-cleaner-2 | +---------------------+--------------------+ | ip_address | 192.0.2.150 | +---------------------+--------------------+ | mac_address | 00:00:5E:00:53:75 | +---------------------+--------------------+ | manufacturer | Roborock | +---------------------+--------------------+ | network_category | IoT | +---------------------+--------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+--------------------+ | trust_level | Restricted | Savich Expires 6 December 2026 [Page 34] Internet-Draft Residential Net Map June 2026 +---------------------+--------------------+ | exposure_level | Remote Access | +---------------------+--------------------+ | notes | Robotic vacuum | +---------------------+--------------------+ Table 11 B.12. Guest Phone +=====================+====================+ | Field | Value | +=====================+====================+ | hostname | guest-phone-1 | +---------------------+--------------------+ | ip_address | 192.0.2.230 | +---------------------+--------------------+ | mac_address | 00:00:5E:00:53:76 | +---------------------+--------------------+ | manufacturer | Unknown | +---------------------+--------------------+ | network_category | Guest | +---------------------+--------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+--------------------+ | trust_level | Guest | +---------------------+--------------------+ | exposure_level | Local Shared | +---------------------+--------------------+ | notes | Visitor device | +---------------------+--------------------+ Table 12 B.13. Unknown Device +=====================+====================+ | Field | Value | +=====================+====================+ | hostname | unknown-1 | +---------------------+--------------------+ | ip_address | 192.0.2.245 | +---------------------+--------------------+ | mac_address | 00:00:5E:00:53:77 | +---------------------+--------------------+ | manufacturer | Unknown | +---------------------+--------------------+ | network_category | Unknown | Savich Expires 6 December 2026 [Page 35] Internet-Draft Residential Net Map June 2026 +---------------------+--------------------+ | addressing_priority | Dynamic Acceptable | +---------------------+--------------------+ | trust_level | Unknown | +---------------------+--------------------+ | exposure_level | Unknown | +---------------------+--------------------+ | notes | Needs review | +---------------------+--------------------+ Table 13 Appendix C. CSV Representation A comma-separated values representation MAY use the following header. It is shown across multiple lines for readability. hostname, ip_address, mac_address, manufacturer, network_category, addressing_priority, trust_level, exposure_level, notes Example records are shown below with one field per line. A CSV implementation would place each record on a single row. Savich Expires 6 December 2026 [Page 36] Internet-Draft Residential Net Map June 2026 hostname: router-1 ip_address: 192.0.2.1 mac_address: 00:00:5E:00:53:01 manufacturer: Example Router Vendor network_category: Management addressing_priority: Static Required trust_level: Management exposure_level: Remote Access notes: Primary gateway hostname: camera-1 ip_address: 192.0.2.64 mac_address: 00:00:5E:00:53:64 manufacturer: Hikvision network_category: Surveillance addressing_priority: Reservation Recommended trust_level: Restricted exposure_level: Internal Only notes: IP camera hostname: ev-charger-1 ip_address: 192.0.2.138 mac_address: 00:00:5E:00:53:72 manufacturer: Tesla network_category: IoT addressing_priority: Reservation Recommended trust_level: Restricted exposure_level: Remote Access notes: EV charging equipment Appendix D. JSON Representation A JSON representation MAY use one object per mapped device. The following field names are defined: The following fields are defined, in canonical order. hostname: String. Human-readable hostname, device hostname, or administrator-assigned label. ip_address: String. Assigned IPv4 address. mac_address: String. Link-layer address used for identification or DHCP reservation. manufacturer: String. Device manufacturer or vendor. Savich Expires 6 December 2026 [Page 37] Internet-Draft Residential Net Map June 2026 network_category: String. Logical network category or zone. addressing_priority: String. Addressing stability expectation. trust_level: String. Expected trust posture. exposure_level: String. Expected reachability posture. notes: String. Freeform operational notes. The network_category field SHOULD use one of the following values: * Management, * Main, * Guest, * IoT, * Surveillance, or * Unknown. The addressing_priority field SHOULD use one of the following values: * Static Required, * Reservation Recommended, or * Dynamic Acceptable. The trust_level field SHOULD use one of the following values: * Management, * Trusted, * Restricted, * Guest, or * Unknown. The exposure_level field SHOULD use one of the following values: * Internal Only, Savich Expires 6 December 2026 [Page 38] Internet-Draft Residential Net Map June 2026 * Local Shared, * Remote Access, * Internet Exposed, or * Unknown. Example: { "hostname": "camera-1", "ip_address": "192.0.2.64", "mac_address": "00:00:5E:00:53:64", "manufacturer": "Hikvision", "network_category": "Surveillance", "addressing_priority": "Reservation Recommended", "trust_level": "Restricted", "exposure_level": "Internal Only", "notes": "IP camera" } Author's Address Melisa K. Savich Email: hello@melisasavich.com Savich Expires 6 December 2026 [Page 39]