From: John C Klensin [mailto:john-ietf@jck.com] Examples:
(1) Unless it was changed when I wasn't looking, there is a rule in the IPv6 architecture that says that one cannot subnet on a prefix longer than a /64. That rule appears to be someone hostile to efficient use of address space at the "small network with subnets" side of things. Has that rule outlived its usefulness? If so, how do we go about changing it before IPv6 is sufficiently widely deployed to make it even more difficult and disruptive to do so?
Perhaps you could define the term subnet? I don't see how such an architectural limitation can be enforced. There is no way that the IETF can prevent an ISP issuing IPv6 customers a /128 if they choose. The situation we have is similar to that which Octavian found himself in the aftermath of the assasination of Ceasar, he had authority but not power. It is not a hopeless position, I have often found authority to provide more real influence than formal decision making power. But understanding the difference is critical if there is to be effective influence.
But I suggest that trying to use subnetting as the primary and only tool to accomplish those functions is architecturally just wrong, _especially_ for the types of authorization-limitation cases you list. Wouldn't you rather have mechanisms within your home network, possibly bound to your switches, that could associate authorization property lists with each user or device and then enforce those properties?
I agree, encoding authorization data into the network address is not a good strategy, another structural oddity is that we continue to view the Internet as a network of hosts rather than a network of services.
(3) It may be worth remembering that subnetting was introduced into the IPv4 architecture partially to deal with routing isolation and efficiency for LANs based on 10Base10 and 10Base2 Ethernet --backbone-style networks at the LAN, or groups of LANs, level. While some lazy few of us still have some 10Base2 in our LANs, the move toward LAN segments based on twisted-pair cabling and fanout switch arrangements creates opportunities we didn't have when "segment" was a physical property rather than a logical one. Is it time to review and update the network architecture to reflect new opportunities in the physical one, rather than assuming that authorization is necessarily reflected in subnets?
Again, I agree, hence my request for a definition of subnet. It is a term that has been thrown around with much abandon but looks very likely to mean different things to different people at this point.