Doug Barton wrote on 10/05/2019 05:27:
It's been a while since I was configuring subnets, and last time I did
the guidance was always no more than 1,000 hosts per subnet/vlan. A lot
of that was IPv4 thinking regarding broadcast domains, but generally
speaking we kept to it for dual stacked networks, equating an IPv4 /22
with an IPv6 /64. (This was commonly in office environments where we
used a subnet per floor to accommodate all of the desktops, printers,
phones, tablets, etc.)
Is this still how people roll nowadays? Have switches and/or other
network gear advanced to the point where subnets larger than 1k hosts
are workable? In IPv4 or IPv6? I've done quite a bit of web searching,
and can't find anything newer than 2014 that has any kind of intelligent
discussion of this topic.
the question is less "how many can you fit?", but "how few can you get
away with?" and "when things go wrong, how large can you afford your
blast radius to be?"
If your goal is to connect lots of access devices on an enterprise
network, then keep to the physical topology as much as you can, and
segment at layer 3 where it is practical to do so. As the NotPetya
victim organisations found out, it's a good idea to restrict access
between segments to the greatest extent possible (while still
maintaining functionality). RFC8273 has some really great ideas, but
there's a good deal of overhead associated with configuring it, and I
suspect that the loss of functionality (host neighbor discovery, etc)
would made it unattractive to most corporate networks.
I'm sure 1000 hosts on a network will usually work fine, until someone
does something dumb and takes down the entire segment, at which point
you'll have 1000 people shouting at you.
Nick
