[arin-ppml] What is a subnet?

Leo Bicknell bicknell at ufp.org
Tue Jun 2 11:22:07 EDT 2009 

What is a subnet?

I've had this discussion with a number of folks because IPv6 makes
us look at subnets differently than we do in IPv4.  Many of the
folks who designed IPv6 have urged us to think in terms of the
number of subnets necessary, rather than the number of hosts.  This
relatively simple concept becomes quite complex when it interacts
with policy, or staff operational procedures.

Looking at the usual sources is only partially helpful, for instance
the Wikipedia page (http://en.wikipedia.org/wiki/Subnetwork) is
littered with references to IPv4, even though there are subnets in
multiple protocols.

What are some properties of a subnet?

  1 It is not necessary to go through a router to reach other hosts on
    the subnet.
  2 Limit the propagation of broadcast traffic.
  3 Can be routed independently.
  4 Can be referenced independently (e.g. for filtering).
  5 It is a method for diving a larger block of address space to serve
    the needs of multiple smaller locations.

Some of these overlap with the properties of a (V)LAN.  For instance
(V)LAN's can be used to limit broadcast traffic at layer 2, as
opposed to layer 3, which may then require a separate subnet as it
is a separate LAN.

For this discussion I'm concerned with the case where folks are
using /64 subnets.  Yes, I realize that isn't strictly required,
but it is the interesting case.  With 2^64 hosts per subnet it is
possible to put every computer in the world today in a single subnet.
There is effectively no limit to the number of hosts in a subnet.

This is partially good news.  I'm sure folks who've been short on
IP space before have dones something like putting the 10.2.3.128/28
subnet on the same virtual LAN as the 10.2.3.160/28 subnet because
10.2.3.0/25 and 10.2.3.144/28 were both already taken.  This is
sort of a degenerate case of property #5 that should not occur in
IPv6.

Some things stay the same.  Sometimes subnetting is done so a link
can be independently routed (property #3), for instance to take
advantage of redundant paths.  A site with two T1's to it needs a
subnet at the site so it can be routed down either link.

However, some questions actually get harder.  Subnets have long
been used to limit broadcast broadcast traffic (property #2).
There's a lot of lore to this, I've met folks who are quite comfortable
running 4096 hosts in a subnet, and other folks who believe more
than 256 is asking for trouble.  With IPv4, there are other pressures
like the need to divide a larger block in #5, or an outright lack
of address space to make gigantic subnets.  Not so in IPv6.  Want
to put 50,000 machines in a subnet, no problem if you have a /64.

How does this interact with policy?  Well, in IPv4 we rely on host
counts:

Hosts      Subnet Size
5          /29
43         /26
230        /24

But in IPv6, the table looks a lot different:

Hosts      Subnet Size
5          /64
43         /64
230        /64

Indeed, asking how many hosts someone has really makes no sense.
We'd like to make policy that says something like:

If you need 0-64 subnets you should get a /56.
If you need 65-32768 subnets you should get a /48
If you need ....

But that sort of policy will require ARIN staff to know how to
evaluate a "subnet".  Which of the properties above counts?  Which
of these "justifications" is acceptable?

    - I believe more than 256 hosts in a broadcast domain is a bad idea,
      and I'm a university with 40,000 hosts, so I justify 157 subnets.

    - Every department needs to be a subnet so I can filter them separately.

    - Each customer must have its own subnet so there is no broadcast
      traffic between customers.

    - Every floor of the building needs a subnet because that is how we
      have always done it and it's easy to manage.

    - I have three groups that need independent DNS management, so I
      need three subnets so I can delegate DNS to them?

Indeed, it's easy to see folks trying to game the system, taken to
its extreme: We put every host in its own VLAN for security reasons,
and have 40,000 hosts, so we need 40,000 subnets.

What's the work item here?  Well, if we're going to make policy
based on subnets as opposed to hosts then we need to have some
agreement as to what constitutes a subnet so staff can apply a
consistent interpretation.  Ideally in my mind a subnet is something
that would be defined in the NRPM in a way we can all agree with
so we can make policy that uses the term and everyone understands
it.

Rather than break apart my message bit by bit as we all often do in
replies, let me ask you to reply in a simpler way.  Answer one simple
question: What is an IPv6 subnet to you?

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20090602/7f12a40a/attachment.sig>

More information about the ARIN-PPML mailing list