v6 subnet size for DSL & leased line customers

Once upon a time, Florian Weimer <fw@deneb.enyo.de> said:
> >> Right now, we might say "wow, 256 subnets for a single end-user...
> >> hogwash!" and in years to come, "wow, only 256 subnets... what were we
> >> thinking!?"
> >
> > Well, what's the likelihood of the "only 256 subnets" problem?
> There's a tendency to move away from (simulated) shared media networks.
> "One host per subnet" might become the norm.

So each host will end up with a /64?

That's a risk. It is more like "each host might end up with a /64."

Now, the thing here is, there's nothing wrong with one host per subnet.
There's just something wrong with blowing a /64 per subnet in an
environment where you have one host per subnet, and a limited amount of
bits above /64 (you essentially have /unlimited/ addresses within the
/64, but an ISP may be paying for space, etc).

Now, understand, I /like/ the idea of /64 networks in general, but I do
have concerns about where the principle breaks down. If we're agreed to
contemplate IPv6 as being a 64-bit address space, and then allocating
space on that basis, I would suggest that some significant similarities
to IPv4 appear. In particular, a NAT gateway for IPv4 translates fairly
well into a subnet-on-a-/64 in IPv6.

That is interesting, but it may not actually reduce the confusion as to
how to proceed.

How exactly are end-users expected to manage this? Having a subnet for
the kitchen appliances and a subnet for the home theater, both of which
can talk to the subnet for the home computer(s), but not to each other,
will be far beyond the abilities of the average home user.

Well, this gets back to what I was saying before.

At a certain point, Joe Sixpack might become sophisticated enough to have
an electrician come in and run an ethernet cable from the jack on the
fridge to his home router. He might also be sophisticated enough to pay
$ElectronicsStore installation dep't to run an ethernet cable from the
jack on the home theater equipment to the home router. I believe that
this may in fact have come to pass ...

Now the question is, "what should happen next."

The L3 option is that the home router presents a separate /64 on each
port, and offers some firewalling capabilities. I hinted before that I
might not be thrilled with this, due to ISP commonly controlling CPE, but
that can be addressed by making the router separate.

There's a trivial L2 option as well. You can simply devise a L2 switch
that implements filtering policies. Despite all the cries of "that's
not how we do it in v4!" and "we can't change the paradigm," the reality
is that this /could/ be perfectly fine. As a matter of fact, for Joe
Sixpack, it almost certainly /is/ fine.

Joe Sixpack's policy is going to read just like what you wrote above.
"subnet for appliances," "subnet for computer," "subnet for theater,"
with the appliances and theater only being able to talk to computer.
He's not going to care if it's an actual subnet or just a logical blob.
This is easy to do at L2 or L3. We're more /used/ to doing it at L3,
but it's certainly workable at L2, and the interface to do so doesn't
necessarily even need to look any different, because Joe Sixpack does
not care about the underlying network topology and strategy.

I would absolutely like to see DHCP PD be usable for environments where
multiple prefixes are available and allowed, but I believe we're going
to also be needing to look at bridging.

There's /going/ to be some crummy ISP somewhere that only allocates end
users a /64, or there's /going/ to be a business with a network that will
refuse DHCP PD, and as a result there /will/ be a market for devices that
have the ability to cope.

... JG