Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I find the insistence of using /64s everywhere for networks frustrating. Any network larger than a /112 seems crazy, that's already 65k IPs per subnet. A /104 for every normal end user (256 subnets per user), or a /80 for massive companies like Capital One (4 billion subnets) should be more than enough.


There is a really practical reason behind this, and it is called "routers". Due to longest prefix match, you'll end up wasting resources on the networking hardware. And you waste both precious and expensive TCAM and LPM latency for matching the prefixes. So routers do optimize for anything shorter than /64, and have special lookup memory for /64 and /128. But nothing in-between.


This still not justifies a /16 allocation


thankfully I replied to a comment speaking about a tangent (/64s) and not to its parent. /s

Snark aside, very much agreed, and I don't like that they got away with it. It's precisely with the mindset of "we'll have enough" that companies like ford have a /8 or the DoD has more /8s that we can count. And with this mindset we'll run out of IPv6 the same we ran out of IPv4.


That's fair enough, in which case ipv6 is really only a /76 (having more than 1000 hosts on a subnet isn't a great thing, even with no broadcast and arp and other traffic, and /76 allows 4000 on a /64)

Those fanboys going "we'll never run out of 2^128 IPs" are being disingenuous when about 2^59 of them have been burnt straight away (I'd guess most subnets have less than 30 devices)

2^64 subnets is a reasonable number, but when they are handed out like candy that number dwindles quickly. ARIN is allocating the equivalent of a /15 every year. That's fine if it's a constant allocation, there's 100,000 years worth, but if that rate grows, the space will be eaten in a matter of a few decades.


It's not being burnt, there are two useful things we're doing with the 64-bit network size:

* Sparse networks. 64 bits is too big to feasibly do a brute force scan on, which reduces how often servers get exploited by random network attacks. * SEND secures NDP by using those 64 bits for a public key

Reducing network sizes to 12 bits would destroy both advantages.


Having a ludicrously large address space is kinda the point of IPv6.

You're not ment to utilize every address assigned to you. Trying to do so will always lead you to situations where you messed up and need to renumerate.


It's not just about the number of devices. Stateless Address Autoconfiguration for example basically needs a /64 subnet.


because it was designed that way. "we need it because we need it".


Except you need at least a /64 for v6 to properly work.


You only need it for SLAAC, and only because SLAAC was made that way.


You only need it because that's how the protocol was designed.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: