Roeland M.J. Meyer wrote:
Lets look at this further. If we assume that only domain-name holders will manage their DNS entries and make them manage their individual users and hosts, the there'll be at least two hosts per domain (one server and one workstation). For a clean sub-net (/31), this burns four IP addresses (assuming a 1:1 domain/sub-net relation) for two hosts. That's also one busy server because there's no room for a router or anything else. It's not exactly efficient either.
Let's skip the intermediate example and go straight to a /29, because a /30 isn't much better (6 ip addresses and four hosts, not much room there either). Now we have room for a router, file-server, print-server, web-server, and four workstations. This is a small office. I actually see the sense in ARIN not SWIPing smaller than a /29. This is the smallest unit that makes sense. Arranged differently, using NAT, one could have up to 7 workstations and one production server in the Internet and any number of servers/routers in the intra-net (I actually don't see need for more than 30 of these. That would be a very data-intensive company). This should cover most small businesses. The trick is in finding out how many servers and workstations have to have internet visibility and how many are only there for infrastructure (intra-net).
Most small businesses don't want to deal with the details of managing a name server, much less a file server. They just want stuff that works and want someone else to take care of that for them. Of course there are plenty of exceptions, but as the Internet is expanding from those who get online first to those who are getting online later or even last, the attitudes we find are very different. Even among many technically inclined people, they want someone else to do the dirty work. I think only a handful of our customers do their own DNS. And then I think it is because their network integrator just set it up that way. But we are moving into that market territory (network integration) and will probably be doing the DNS for the vast majority of our customers (we are now, anyway). Our customers are also becoming more security conscious. That doesn't mean they want to run their own firewall; they still want us to do so. But it does mean they are well prepared, and in our experience very happy, to keep the Internet at "arms length" in the office. Home offices, small offices, and even up to some medium sized corporations are interested primarily in these few things: 1. E-mail access 2. Web surfing access 3. An online web site One server with 2 ethernet NIC cards can serve a small office easily. It can be the POP/IMAP mail server for the LAN, and it can be the web proxy server to allow them to surf the web. Some customers actually want to disallow web access and that can certainly be easily accomodated. A few do want some other stuff, like an FTP server (for example printing companies receiving large documents from their customers, and engineering tooling companies receiving CAD files for very complex machine parts). Although not a regular demand, even these things can be accomodated on just one server. Only a couple customers actually want to run their own web site from their own connection. Otherwise, their web sites are usually run either by us or some outside web hosting provider. If they do want to run their own web site, we can make the site appear at the IP address of their firewall server whether it is actually served there or on another server in their LAN. Most of these customers use 64K or 128K dedicated ISDN. We usually set them up with a Pipeline 50 or 75 auto-dialing to one of our Ascend Maxes. This is done using an unnumbered link. The max has one IP address on our LAN, and the address of the remote router is the address it has on the crossover "LAN". This uses exactly TWO addresses, one for the router and one for the server. This fits a /30 exactly. So we assign our space in units of /30 for these customers. A few customers are starting to use NAT in the router itself. This can be configured so that you can still run servers, and even do so on different machines. NAT can be configured to translate to different IP addresses based on the port number. We only have a couple of these customers right now, but this looks to be a somewhat popular approach. Those that do not have any servers at all can get their IP from the dialup pool. Those that do have one or more servers need a static IP, and they get ONE ... so it's a /32. Only if they have more than one server that needs to be reached on the same port would we need to give them more space than that. I'm also working on packaging a Linux box that runs off a CDROM, using hard disk space only for storage, such as mail spool, which will be able to dial in using ISDN (I may be looking at Frac-T1 or Frame Relay for this next) and do all the above mentioned services, and maybe even IP masquerading on top of that, all with a single static IP address ... again just a /32. I have a few /30 and /32 customers now. And I expect the ratio by customer count to not only increase, but to overtake the number of customers with larger networks. Thus I expect to eventually have a substantial number of /30 and /32 "networks" to SWIP to ARIN. Perhaps this is not the appropriate way for ARIN to actually handle it. A /32 is not usually even thought of as a network, but maybe we need to re-think our ways. If the number of /30 and /32 SWIPs to ARIN would overwhelm their database, then I would refer to that as the very justification, based on the numbers, to do so. If there are that many /30 and /32 assignments, then they do need to be considered when ARIN is evaluating new allocations of network space. They need to be considered not just for the volume of usage, but also for the effort to keep the space usage at minimal and efficient levels. Those who do more /30's and /32's, IMHO, do justify more space when they do reach then end of what they have (which hopefully won't be as soon). What if an ISP dealt exclusively in just customers that wanted these server based connections? Would an ISP with 2000 /30's be able to come to ARIN and ask for more space because their /19 was nearly full?
We've now cut down our worst-case scenario, by a factor of eight, to 536,870,912 sub-nets. Even if we assume 2048B per RDBMS entry that comes out to 1,099,511,627,776 (1.1TB). Hmmm, that's a bit out-there, but do-able for Oracle. The disk system (15 cascaded RAID5 sub-systems at 100GB each) should cost about $150KUS at today's prices. However, notice that this is a worst-case maximum use scenario. We are nowhere near there yet. Kim should have a better idea, but the real numbers should be one quarter of that, present utilization, allowing for pre-assigned ip-blocks, and the swamp.
Notice something else, I just talked my-self out of SWIPing anything less than a /29 and backed into the probable reason ARIN doesn't SWIP anything less that a /29. Kim; this is NOT an obvious line of reasoning, but is probably what your analysts went through. You'd catch a LOT less flack if y'all published these things.
Perhaps a better solution is a distributed SWIP database. Perhaps a SWIP record can be added to DNS to indicate the name of the server to query for detail information by network. It would then co-exist along side the PTR records. Appropriate SWIP lookup clients would resolve for SWIP data in the in-addr.arpa space and then query that server (or servers) for the real data about the network in question. IPv6 will probably force the issue, anyway, since it opens the door to what will at least today be a nearly infinite address space. Try putting that on few terabytes of Oracle. -- -- *-----------------------------* Phil Howard KA9WGN * -- -- | Inturnet, Inc. | Director of Internet Services | -- -- | Business Internet Solutions | eng at intur.net | -- -- *-----------------------------* philh at intur.net * --