During a conversation with colleagues it was mentioned how it was impossible to have a /31 subnet, they sound right don’t they?
We have been taught the lowest subnet range to use is /30, so lets examine this in more detail.
255.255.255.0 is a /24
254 usable ip addresses.
So why 254 addreses? You can’t use the first address and your can’t use the last adress.
.0 address is the network number.
.255 address is the broadcast address.
But what if we only had a point to point link? Does this link really need a broadcast address?
Normally in a point to point link we use a /30 (255.255.255.252), which gives a total of 4 addresses (minus the network number and broadcast number), which leaves 2 usable ip addresses left.
So the question is, can we use a /31 subnet?
/31 has two addresses, so in theory we could possibly use these…
Above is the diagram showing our simple lab setup, point to point link using /31 address.
Lets configure the above lab.
So we have just proved that yes you can have a /31 subnet for point to point wan links, *mind blown*
This could indeed save you a few addresses if your running low.
If we take a deeper look, no broadcast address (as expected I guess).
This could be an interesting security tweak if your wan links are being broadcast flooded. How do you flood broadcasts across a link with no broadcast address set.
Disclaimer: This is not true on all products. Some products will block you from setting /31 subnet, based on certain criteria. Also this /31 was just tested in simple lab, using /31 subnets on your live network may encounter unforseen problems.
Best practice is to use /30 subnets for wan to wan links.
After a bit of research it seems /31 address are indeed used in some real life networks for wan to wan links.
- Cellular backup WAN connections.
- Links that cant handle broadcast, like ATM, /31 address used.
- Some ISP fibre companies use /31 addresses.
Seems that this is not a new concept.
In fact we have a RFC for this very subject, written in December 2000 (how did we miss this!?)
Nothing like reading an exciting RFC to get the geek blood pumping!
But to summarise the key points in case your not a big fan of RFC’s:
- “lack of Internet addresses has driven a number of changes in address space usage ” – basically maximising our limited ipv4 addresses.
- “the loss of functionality of a directed broadcast may actually be seen as a beneficial side effect, as it slightly enhances the network’s resistance to a certain class of DoS Attacks [RFC2644, SMURF].” – aha I was right, can’t broadcast flood a link without a broadcast address!
- “The implementation has been tested by at least three ISPs with positive results (i.e., no problems have been found). Among the routing protocols tested successfully are OSPF, IS-IS, BGP and EIGRP.” – so more tested that I had imagined, interesting.
Overall I think I am almost a convert, /31 subnet addresses for improved security and conservation of addresses.
However on the flip side, its hard to argue against best practice, and having this extra address space in reserve does give you a bit more flexibilty in case of network growth/change in the future of ever expanding networks.
Lucky escape /30 you maintain your crown! 🙂