Realistic number of hosts for a /64 subnet?

[Nick Hilliard]

Doug Barton wrote on 10/05/2019 05:27:
> It's been a while since I was configuring subnets, and last time I did 
> the guidance was always no more than 1,000 hosts per subnet/vlan. A lot 
> of that was IPv4 thinking regarding broadcast domains, but generally 
> speaking we kept to it for dual stacked networks, equating an IPv4 /22 
> with an IPv6 /64. (This was commonly in office environments where we 
> used a subnet per floor to accommodate all of the desktops, printers, 
> phones, tablets, etc.)
> 
> Is this still how people roll nowadays? Have switches and/or other 
> network gear advanced to the point where subnets larger than 1k hosts 
> are workable? In IPv4 or IPv6? I've done quite a bit of web searching, 
> and can't find anything newer than 2014 that has any kind of intelligent 
> discussion of this topic.

the question is less "how many can you fit?", but "how few can you get 
away with?" and "when things go wrong, how large can you afford your 
blast radius to be?"

If your goal is to connect lots of access devices on an enterprise 
network, then keep to the physical topology as much as you can, and 
segment at layer 3 where it is practical to do so.  As the NotPetya 
victim organisations found out, it's a good idea to restrict access 
between segments to the greatest extent possible (while still 
maintaining functionality).  RFC8273 has some really great ideas, but 
there's a good deal of overhead associated with configuring it, and I 
suspect that the loss of functionality (host neighbor discovery, etc) 
would made it unattractive to most corporate networks.

I'm sure 1000 hosts on a network will usually work fine, until someone 
does something dumb and takes down the entire segment, at which point 
you'll have 1000 people shouting at you.

Nick