[ppml] IPv6 addresses really are scarce after all
Iljitsch van Beijnum
iljitsch at muada.com
Sat Aug 25 08:15:32 EDT 2007
[CCing this to ARIN PPML and RIPE address-policy, but Reply-To:
ietf at ietf.org, when replying, please pick just one list. Also, please
read Thomas' entire original message at http://www1.ietf.org/mail-
[You may want to skip ahead to my point about the HD ratio at the end.]
On 24-aug-2007, at 23:34, Thomas Narten wrote:
> The fact is, the /48 boundary is _NOT_ architectural,
True. However, this doesn't mean that /48 is completely arbitrary,
either. /64 for subnets is based on the availability of 64-bit unique
numbers in the form of MAC addresses that make it possible to have
stateless autoconfiguration where a system always has the same
address without the need for explicit coordination or configuration.
People often attribute the fact that IPv4 addresses didn't run out in
2005 as predicted in the early 1990s to NAT, but there is another
technique that is even more popular than NAT that also played in
important rule: ethernet switching. Back when IPv6 was designed, it
was common to have a substantial number of different subnets for
different purposes to avoid having unnecessary large "collision
domains". These days, you can easily throw hundreds, if not thousands
of systems in a single subnet without performance penalties so most
networks don't need all that many subnets. So the original goal of
providing something a number of subnets that is large enough for
99.9% of all IPv6 users arguably required a /48 (65536 subnets). With
2000::/3 given out for global unicast purposes, that allows 2^45 /
48s, which should be more than enough to give all inhabitants of the
planet their own /48 with a few to spare.
So a /48 is both big enough for pretty much everyone, and small
enough that we can give one to pretty much everyone. Last but not
least, it's very useful to have a standard size, because then, if you
go from one ISP to another, you're never in the situation where you
need to renumber into a smaller block of address space, which is
much, much harder than just replacing the first X bits of the address
(where X is presumably 48). This was especially true in the presence
of DNAME and bitlabels in the DNS. For those of you that don't know
about this, it's rather complex and now obsolete, but around the turn
of the century, this was a hot new mechanism to support easy
renumbering in the DNS. (Read about it here http://www.apress.com/
book/supplementDownload.html?bID=10026&sID=3120 but don't say I
didn't warn you.)
So /48 was certainly "a good idea at the time". If we were doing all
of this today, we could probably go a bit lower than 65536 subnets,
such as 4096, but not THAT much lower. For instance, 256 subnets (/
56) is still a very large number, so it assumes that people will be
subnetting, but I'm not confident that it's enough for 99.9% of all
future IPv6 users.
Another issue is what we give to people who aren't going to build a
network with subnets. The old recommendation was a /64 (= 1 subnet)
for users who don't need to subnet. But unlike with IPv4, where end-
users often get a single IP address and turn that into a subnet with
NAT, with IPv6 you pretty much always need TWO subnets, although one
of them can be shared. For instance, if I want to connect a bunch of
computers in my home to my DSL line with IPv6, I need a /64 on my
wifi network at home, but it's not really possible to use addresses
from that same /64 between my ADSL modem and the DSL concentrator at
the central office. As an ISP, I could set up one /64 to talk to all
the DSL modems connected to a central office and then delegate a /64
to each user, but this is problematic for technical reasons
(broadcasts/mulsticast vs NBMA) and control issues (which user does
traffic from an address in that shared /64 come from).
So if I were designing an ISP network, I would want to give at least
two /64s or a /63 to every customer. In practice, it's much easier to
go up a few bits and make it a /60, where I use one /64 for the SIP-
customer link and the customer gets to use the other 15 subnets
however they want. This way, I avoid getting support calls from
people who want to have an extra DMZ subnet or different subnets for
their wired and wireless networks.
Again, as an ISP, I wouldn't want to think about how many subnets
customers are going to use when they need more than that /60. Much
easier to simply sell them a business account and give them a /48.
Remember, every time a simple residential customer calls the support
number, that costs an ISP the entire profit for that customer for a
year. Avoiding support calls is one of the highest priorities for ISPs.
> What the appropriate size of an assignment for an end site should be
> is really more of an operational issue than architectural one. If a
> site gets too little, and needs to get more later (maybe at the cost
> of renumbering) that is an operational issue. And the idea that we can
> give out "enough" address space to a site so that it doesn't have to
> renumber (ever) is pretty silly.
That doesn't mean it's impossible to pick sizes that are worse than
others. And even though we have reverted back to simple use of the
DNS with IPv6 where having the same address block size when going
from ISP to ISP is less important, it's still beneficial to have as
few block sizes as possible to that people don't have to go from big
> The RIRs adopted the "/48 to everyone" in its initial stab at IPv6
> policy back in 2002. Even at that time, there was much screaming and
> gnashing of teeth from the operator community saying "wasteful",
> "excessive", "really stupid", etc.
The wastefulness occurred when the IPv6 address size was set to 128
bits. This means that every IPv6 packet has to carry 32 bytes of
address information. Now that we've eaten that cost, there is little
use in trying to _use_ fewer of those bits that we're paying for with
I can see how "/48 for everyone" could be considered too much
(although 35184 billion of those aren't going to be used up any time
soon) but can we at least retain "/48 for everyone who asks for one"?
> If I assign 4M /48's of IPv6 (one to each cable modem on my
> network), according to the HD-ratio I am justified to obtain
> something around a /20 of IPv6 addresses. In other words, I am
> justified in getting 268M /48's even though I am only using
> 4M of
> them. That would be enough for me to assign at least two for
> every household in the US (not just the 19M on my network).
Yes, this is a problem that the current policies, including the
unofficial ones (for instance that ARIN reserves a /29 when an ISP
gets a /32) don't address.
Suppose a large ISP that operates across the US or Europe gets that /
20. So how are they going to announce that, as a single /20? I don't
think so. They're going to deaggregate. And they can easily do that,
because their block is much larger than the minimum /32 block that
people are presumably going to be filtering on.
In the degenerative case, which we can already see in IPv4, ISPs
simply announce whatever they have as the smallest possible
announcement. So that ISP that needs 4 million /48s = 64 /32s but
gets a /20 = 4096 /32s COULD advertise 4096 prefixes because the RIRs
thought they would need to aggregate, while if the RIRs assumed that
they wouldn't aggregate, they would have gotten the space in the form
of a number of much smaller blocks and they would only have been able
to announce 100 or so /32s.
A much more appropriate policy would be to start with a certain
minimum allocation, and then whenever someone comes back for more,
give them a new block that is 2, 4 or 8 times as big as the previous
block until a certain maximum block size is reached. For aggregation
purposes, there is no benefit in having blocks larger than a /24,
because by the time that a significant portion of the the IPv6 space
ends up in the routing tables, having 2^24 routes won't be a problem.
> community feedback was that LIRs were smart enough to make reasonable
> assignments based on actual customer need.
The trouble is that even more so than at the IETF, the RIR community
as seen from the policy development process is whoever happens to
show up. This means only a small part of all stakeholders provide input.
> Surely, everyone will agree that
> giving a /56 to home sites is more than enough space for the foresable
If /48 is too much for home sites then /56 is too much as well.
More information about the ARIN-PPML