CURRENT_MEETING_REPORT_ Reported by Noel Chiappa SUBNETBOF Minutes Variable Width Subnet Masks BOF The Subnets BoF reviewed a number of problematical cases brought up by the use of variable width subnet masks (i.e., use of more than one subnet mask in any given IP network). These cases all relate to the allocation of various subnetted addresses to various physical networks which are part of an IP network. Consensus was reached on which configurations to allow and disallow. Before reviewing the specific points, it will be useful to include some terminology. Use of the subnet numbers ``A, B.1 and B.2'' means that A and B are differing values of a fixed part of the `rest' field, and that 1 and 2 are differing values of a different, lower, fixed part of the `rest' field. For instance (using an 8 bit rest field), with the two masks 11100000 and 11111100, `A' might be 001xxxxx, `B' might be 010xxxxx, `B.1' would be 010001xx and `B.2' would be 010010xx. With this terminology in hand, the specific cases can now be reviewed in detail. The first question addressed was whether or not to allow two subnets in the same part of a network's address space to be topologically separate. In other words, could subnets B.1 and B.2 be separated by subnet A? Looked at another way, if B.1 and B.2 are thought of as parts of a `subnet' B, can that subnet be partitioned? If allowed, this would represent a divergence with the basic Internet philosophy, in which an IP network is not allowed to be partitioned. The argument for allowing this is to get maximum use out of variable width masks. Variable width masks were added to the architecture to allow efficient use of address space. For example, if an enterprise, with a single IP network number, contains a single large LAN (with several thousand hosts), and a number of small LAN's (with tens of hosts), there is no single subnet mask that will efficiently use the address space of that network number. A wide mask, necessary to handle the single large LAN as a whole, will `waste' space when used on the small LAN's. A small mask will force the single large LAN to be trated as a collection of small LAN's, with consequent forwarding overhead. An alternative approach would be to use a separate network number for the large LAN, but this will increase the number of network numbers in the system as a whole, with consequent global costs. If the enterprise is only singly connected to the rest of the Internet, there is no benefit to the rest of the system of having more than one network number for the enterprise. Thus, only with use of varying width masks can efficient use be made of address space, both in the network and the Internet as a whole. The disadvantage to allowing this is that all the routers in a network 1 must know where every subnet is (and what its mask is). For example, suppose B.1 and B.2 are on different sides of A (connected by routers R1 and R2 respectively), and a router R is attached only to subnet A and some outside network. In the current state of affairs, R will only know the subnet mask for A, on which it has an interface. Now, when a incoming packet for B.1 arrives at router R, knowledge of the mask for A (and thus B) is not sufficient; router R needs to be able to distinguish B.1 and B.2 as separate destinations if it is to forward the packet to the correct next hop router, R1 or R2. It is thus seen that, to function in the general case, all routers in a subnetted network now need to know the mask for every subnet in the system. This is a substantial cost; however, it was felt that to make the restriction that all the small subnets in one piece of the network address space (i.e., B.1 .... B.N) must be contiguous worked against maximum utilization. Moreover, even this restriction does not necessarily remove the necessity for a router to know all the subnet masks in use in a given network. For example, if the router R above were connected to B.1, rather than A, it would still need the mask for A, unless it were for routing purposes to consider A as a large number of subnets of the same size as B.1. Finally, the routing protocols which support variable length subnet masks do provide the necessary information to routers to do the forwarding correctly. The consensus thus was that allowing this configuration was necessary. The next question to be addressed was whether all subnet masks must be contiguous and on the high end of the `rest' field (i.e., have the form 11...1100...00). One argument that was put forward was that non-contiguous masks allowed more flexibility in extending the subnet mask when it ran out. It was pointed out that easy extension could be provided for by allocating subnet number bits from the high end of the rest field, and host bits from the low end, with unused space in the middle. Whenever either field became too small, it could be extended, as long as unused bits remained. Additionally, some versions of the Patricia tree algorithm do not work with non-contiguous masks. While it was agreed that no good reason could be provided for not allowing other formats, no strong use could be seen for allowing them either, and in the interest of future flexibility the consensus was to not allow them. The third question to be address was whether `subset' subnets would be allowed; i.e., could a small subnet have the same leading bits as a larger subnet. For example, if one subnet is numbered B, could another subnet have the number B.1? Clearly, at a minimum, no hosts on subnet B could have a address which had B.1 as a prefix (i.e., addresses on subnets B.1 ... B.N which were in use could not appear on subnet B); this would leave routers unable to discover which subnet these hosts were on, unless each host was tracked separately. It was initially thought that this was the only problem, which could be handled by correct configuration, and the feeling was that this should 2 be allowed to optimize use of the address space. An additional cost would be that routers would have to do a `best match' routing lookup. I.e., even after finding a mask and address that match, the router would still have to look for further potential matches that are more `complete'. This cost exists now for routers that support host routes, however. However, it was pointed out that a host H attached to subnet B would think that hosts attached to subnet B.1 (which host H would need to reach through a router) were in fact directly reachable by host H. No general fix (i.e., one that worked on all network technologies, not just those which used ARP) could be discovered for this problem. In addition, the chances for misconfiguration (e.g., a host on subnet B that appears to be on subnet B.1) are manifold. Given these points, the consensus was that this configuration should not be allowed. Finally, ambiguous subnets were discussed briefly. This name refers to subnets masks (and numbers) which overlap in ways such that host addresses are not unambiguously on one network or another. For instance, consider two different subnets 5 and 6, with different subnet masks 5 and 6 (temporarily ignoring the fact that these are all 1's subnet numbers). Next, think of an address starting with 7; it matches the 5 address and mask, but also matches the 6 address and mask. Which one is better? Since this case was ruled out by the fact that non-contiguous masks will not allowed, it was not discussed in detail. However, if that restriction is relaxed in the future, this question will need to be revisited. Attendees Steve Alexander stevea@i88.isc.com Philip Almquist almquist@jessica.stanford.edu Nagaraj Arunkumar nak@3com.com Karl Auerbach karl@eng.sun.com Tom Benkart teb@saturn.acc.com Arthur Berggreen art@acc.com David Borman dab@cray.com Scott Brim swb@nr-tech.cit.cornell.edu Rob Coltun rcoltun@ni.umd.edu Ralph Droms droms@bucknell.edu Robert Elz kre@munnari.oz.au Dino Farinacci dino@cisco.com Dennis Ferguson dennis@canet.ca Karen Frisa karen.frisa@andrew.cmu.edu Jeffrey Honig jch@nr-tech.cit.cornell.edu Phani Jujjavarapu phani@cisco.com Douglas Kerr dougk@mtxinu.com Nik Langrind nik@shiva.com John Lekashman lekash@nas.nasa.gov Tony Li tli@cisco.com Bill Manning bmanning@rice.edu Matt Mathis mathis@psc.edu 3 Lars Poulsen lars@cmc.com Gershon Schatzberg 439-3582@mcimail.com Osamu Takada takada@sdl.hitachi.co.jp Walter Wimer walter.wimer@andrew.cmu.edu Robert Woodburn woody@cseic.saic.com Richard Woundy rwoundy@ibm.com 4