Thus spake "Jeroen Massar" <jeroen@unfix.org>
Stephen Sprunk wrote:
First of all, there's disagreement about the definition of "site",
The general definition of a site that I find appropriate is and
works pretty well as a rule of thumb:
"A site is defined by it having a single administrative domain".
That's a good rule of thumb; I'm curious how close it is to what ARIN staff uses when evaluating requests, though. Or if staff let the requestor define "site" themselves since policy doesn't.
As such, if you have for example an NREN, most likely every
University will have their own Networking Department, with their
own administrators of that network. As such, every university is
a site.
That's reasonable, if for no other reason than the number of universities is manageable and there's no doubt they're independently managed -- follow the money. However, I'd argue that NREN is an LIR and the universities are their customers.
When the University is very large, it will have multiple
administrative portions, eg generally Computer Science will
have their own folks managing the network.
That can be handled by subdividing the /48 that goes to the U.
When you have a large company, the company is also split
over several administrative sites, in some cases you might
have a single administrative group covering several sites
though, this allows you to provide them with a single /48 as
they are one group they will know how to properly divide that
address space up.
In my experience, there tends to be one corporate IT group that handles stuff like connectivity to other orgs, and several subordinate IT groups that manage their part of the network. That can be handled with chopping up their /48.
In the case of the rare (typically multinational) org where the groups run independent networks that talk BGP to each other and/or have their own uplinks, it'd be fair for ARIN to consider each group a separate site or even org if requested. Ditto if a single org had multiple separate networks but only one IT group (e.g. hosters).
It comes sort of close to an AS actually, except that an AS
tends to cover a lot of sites.
An end-user AS tends to cover a lot of locations. By definition, it describes an area with a single coherent routing policy and administrator.
An ISP AS may cover a lot of sites because leaf sites are part of their upstream's AS as far as routing is concerned.
If you have 40k sites, then a /32 is a perfect fit for you. There
are not too many organizations that come close to that though,
making /32's excellent for most organizations, except the very
small ones. These can request a /48, or something upto a /40
for that purpose.
Let's take our canonical example of McDonald's. Does each store (let's assume they're all company-owned, not franchisees, for a moment) really count as a "site"? It's definitely a location, but if there's a single IT group that manages all 100k or so of them, I'd argue they're all one "site", certainly one org, and not an LIR. Give each store a /60 (to make rDNS easy and allow for growth), and McD's as a whole would get a /40 or so (to allow for internal aggregation).
However, as I noted, some folks would consider McD's an LIR and want to give them a /30 or shorter. I think that's wrong, but policy doesn't clearly say either way. Looking at WHOIS doesn't help much, since many obvious end-user orgs like Cisco got LIR allocations back when there was no end-user PIv6 policy; who knows what they'd be told today if they applied with the same rationale. (Though presumably they wouldn't try since assignments are far cheaper to renew)
S
Stephen Sprunk "Those people who think they know everything
CCIE #3723 are a great annoyance to those of us who do."
K5SSS --Isaac Asimov
And if no one is going to honor a /48 then why bother to give them out?
I guess that a different way of authentication, eg using