From: John C Klensin [mailto:john-ietf(_at_)jck(_dot_)com]
Examples:
(1) Unless it was changed when I wasn't looking, there is a
rule in the IPv6 architecture that says that one cannot
subnet on a prefix longer than a /64. That rule appears to
be someone hostile to efficient use of address space at the
"small network with subnets" side of things. Has that rule
outlived its usefulness? If so, how do we go about changing
it before IPv6 is sufficiently widely deployed to make it
even more difficult and disruptive to do so?
Perhaps you could define the term subnet?
I don't see how such an architectural limitation can be enforced. There is no
way that the IETF can prevent an ISP issuing IPv6 customers a /128 if they
choose.
The situation we have is similar to that which Octavian found himself in the
aftermath of the assasination of Ceasar, he had authority but not power. It is
not a hopeless position, I have often found authority to provide more real
influence than formal decision making power. But understanding the difference
is critical if there is to be effective influence.
But I suggest that trying to use subnetting as the primary
and only tool to accomplish those functions is
architecturally just wrong, _especially_ for the types of
authorization-limitation cases you list. Wouldn't you rather
have mechanisms within your home network, possibly bound to
your switches, that could associate authorization property
lists with each user or device
and then enforce those properties?
I agree, encoding authorization data into the network address is not a good
strategy, another structural oddity is that we continue to view the Internet as
a network of hosts rather than a network of services.
(3) It may be worth remembering that subnetting was
introduced into the IPv4 architecture partially to deal with
routing isolation and efficiency for LANs based on 10Base10
and 10Base2 Ethernet --backbone-style networks at the LAN, or
groups of LANs, level. While some lazy few of us still have
some 10Base2 in our LANs, the move toward LAN segments based
on twisted-pair cabling and fanout switch arrangements
creates opportunities we didn't have when "segment" was a
physical property rather than a logical one. Is it time to
review and update the network architecture to reflect new
opportunities in the physical one, rather than assuming that
authorization is necessarily reflected in subnets?
Again, I agree, hence my request for a definition of subnet. It is a term that
has been thrown around with much abandon but looks very likely to mean
different things to different people at this point.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf