v6 subnet size for DSL & leased line customers
jgreco at ns.sol.net
Fri Dec 21 14:48:35 UTC 2007
> > Why not a /48 for all? IPv6 address space is probably cheap enough that
> > even just the time cost of dealing with the occasional justification
> > for moving from a /56 to a /48 might be more expensive than just giving
> > everybody a /48 from the outset. Then there's the op-ex cost of
> > dealing with two end-site prefix lengths - not a big cost, but a
> > constant additional cost none the less.
> And let's not ignore the on-going cost of table-bloat. If you provide a
> /48 to everyone, in 5 years, those allocations may/may not look stupid. :)
> Right now, we might say "wow, 256 subnets for a single end-user...
> hogwash!" and in years to come, "wow, only 256 subnets... what were we
Well, what's the likelihood of the "only 256 subnets" problem?
Given that a "subnet" in the current model consists of a network that is
capable of swallowing the entire v4 Internet, and still being virtually
empty, it should be clear that *number of devices* will never be a serious
issue for any network, business or residential. You'll always be able to
get as many devices as you'd like connected to the Internet with v6. This
may ignore some /current/ practical issues that devices such as switches
may impose, but that doesn't make it any less true.
The question becomes, under what conditions would you need separate
"subnets". We have to remember that the answer to this question can be,
and probably should be, relatively different than it is under v4. Under
v4, subnet policies involved both network capacity and network number
availability. A small business with a /25 allocation might use a /26 and
a /27 for their office PC's, a /28 for a DMZ, and the last /28 for
miscellaneous stuff like a VPN concentrator, etc. The office PC /26 and
/27 would generally be on different switches, and the server would have
more than one gigE port to accomodate. To deal with higher bandwidth
users, you typically try to split up those users between the two networks.
Under a v6 model, it may be simpler and more convenient to have a single
PC network, with dual gigE LAG (or even 10G) to the switch(es). So I am
envisioning that separate networks primarily imposed due to numbering
reasons under v4 will most likely become single networks under v6.
The primary reasons I see for separate networks on v6 would include
firewall policy (DMZ, separate departmental networks, etc)...
And I'm having some trouble envisioning a residential end user that
honestly has a need for 256 networks with sufficiently differently
policies. Or that a firewall device can't reasonably deal with those
policies even on a single network, since you mainly need to protect
devices from external access.
I keep coming to the conclusion that an end-user can be made to work on
a /64, even though a /56 is probably a better choice. I can't find the
rationale from the end-user's side to allocate a /48. I can maybe see
it if you want to justify it from the provider's side, the cost of dealing
with multiple prefix sizes.
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the NANOG