Path: utzoo!attcan!uunet!cs.utexas.edu!csd4.csd.uwm.edu!mailrus!uflorida!haven!decuac!shlump.nac.dec.com!decwrl!mogul
From: mogul@decwrl.dec.com (Jeffrey Mogul)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Naive questions about subnets & domains
Message-ID: <164@jove.dec.com>
Date: 14 Aug 89 23:41:10 GMT
References: <1072@adobe.UUCP>
Organization: DEC Western Research
Lines: 58

In article <1072@adobe.UUCP> shore@adobe.COM (Andrew Shore) writes:
>[Adobe is] NOT currently a "connected network" -- we
>aren't on the Internet for IP traffic.
>
>We may soon have private IP connections to some of our remote offices 
>(e.g., Boston and Amsterdam) through various leased services.
>
>Subnet question:  Is it best for me to give each remote office a subnet
>of my class B net, or get them there own (class C) network number?
>I ask this because it is my impression that subnet topology should
>ideally be invisible wrt. external routing decisions, and if we ever DO
>connect up to the Internet (especially if we connect in more than one
>location), then some very strange things could get routed through Adobe.
>Another way to phrase this question is: was it the intention of the subnet
>scheme that subnets must be geographically close or only topologically "close" 
>for routing purposes?  If they must be topologically close, am I better off
>	1) using subnets for remote networks and limiting my connections
>	   in the future
>or	2) getting distinct network numbers to leave me flexibility in the
>	   future

The most basic rule of subnetting is that, if you go with option #1,
the subnets must be connected to each other via a path that doesn't
ever leave your class B network.  If you cannot arrange internal links
between the home office and the branch offices, then you are not really
allowed to use option #1.

If you can use option #1, there are two potential problems:
    (a) Except for sites with hand-crafted routes into your network, it
    will nearly impossible to say "use gateway X between the Internet
    and the home office, but use gateway Y between the Internet and the
    Amsterdam office."  This means that there may be some packets that
    go around the world when they only need to travel a few miles.  For
    example, if your primary Internet gateway is in California, and a
    customer in Amsterdam tries to send a packet to the Amsterdam office,
    the packet will flow via California.
    
    This is sad, but nothing is perfect.  You could hope that this doesn't
    happen too often (how many Europeans run IP, after all?); in cases
    where it is important, your customers could install hand-crafted
    routes to your externally-visible Amsterdam host(s).

    (b) Nasty people in Amsterdam, if they know that Adobe is paying
    for an internal IP link between their city and California, could
    try to save money on their own phone bills by routing their
    packets through your network.  This should not happen with normal
    routing protocols; anyway, it is a simple matter to provide access
    control mechanisms in your routers to deny forwarding of such
    "transit" packets.

If you use option #2, then neither of these two problems exists.
On the other hand, the size of the Internet routing tables is
growing at a frightening rate, and I'm sure people would rather that
you kept the number of networks as low as possible.  Although
option #2 may be better for some specific situations, for the
community as a whole, the fewer networks the better.

-Jeff