Domain: cidr-report.org
Stories and comments across the archive that link to cidr-report.org.
Comments · 14
-
Re:IPv6 is a failed technology
Since you consider yourself an expert, would you care to explain why you think that IPv6 is especially routable?
Sure. There are a lot of things that will make IPv6 easier to route:
- - Simplified packet processing: there are a variety of features in the IPv6 packet header that simplifies processing by routers. Included here are:
- - Fixed header size: unlike IPv4, IPv6 has a fixed packet size of 40 octets, whereas IPv4 packets can vary between 20 and 60 octets,
- - Lack of header checksum: IPv6 has no header checksum (thus removing the need to either compute or verify the checksum). This is actually pretty big, as each router hop needs to recompute the checksum as the TTL value is decremented in order to remain valid,
- - TTL replaced by Hop Limit: this one is a bit complex. In IPv4, Time-to-Live is specified in the header as the total number of seconds the packet should be routed before it is dropped. This is tricky to compute, so even in IPv4 many nodes simply decrement it by one regardless of how long it has taken to process. In IPv6, this is changed to be a straight hop count; the value in the header basically specifies how many times a packet can hit a router before it is dropped.
- - Gets rid of unused fields: IPv6 gets rid of a lot of header fields present in IPv4, such as the IHL, DSCP, ECN, and everything related to fragmentation.
- - Lack of fragmentation: IPv6 packets can't be fragmented. Routers don't have to fragment or defragment packets. This can also mean fewer overall packets, and also means the router doesn't have to parse or generate a pile of fragmentation fields and information from the packets being sent/received.
- - Traffic Class header field: IPv6 has a field that can be used to differentiate services, and can be used for QoS, allowing the router to more easily prioritize and arrange traffic.
- - Flow labelling: IPv6 has a header field for flow labelling, that can be used to do things such as ensure stable routes for packets, such that packets aren't received out-of-order at a destination. This is intended to make streaming data (such as video) more stable, and can replace custom heuristic algorithms at the router layer with something much simpler,
- - Jumbogram support: IPv6 packets can be up to (2**32)-1 octets in size (1 byte less than 4GB). While not practical today on the public internet, bigger packets can mean fewer (albeit bigger) packets that need routing,
- - CIDR and smarter address allocation: CIDR was invented for IPv4 of course, however IPv4 didn't use CIDR until ten years after Flag Day. Pre-CIDR address allocations were ad-hoc; address blocks were classful (A, B, C). Many of these classful allocations still exist, however because of they way they were assigned, it was (and is) difficult to aggregate these routes. IPv6 came about long after these lessons were learned the hard way, and thus the IANA is being much smarter about what addresses are allocated where in order to better aggregate routes. Thus, a given
/32 will be doled out only to a single RIR, who can break it up into smaller units to LIR's, to eventually be broken into /48, /64, and /56's for destination routers. IPv4 also works this way, but with the much bigger address space (and the lack of legacy pre-CIDR allocations), and with smarter allocation policies in place, route aggregation will make the possible mess that is the current state of the IPv4 routing tables significantly saner. From a processing perspective, this means that next hop lookups should be significantly quicker and easier. IPv4 currently has over 610000 prefixes; way more than should be needed. This is partly due to, as addresses have run out, large CIDR blocks being broken up into smaller blocks
- - Simplified packet processing: there are a variety of features in the IPv6 packet header that simplifies processing by routers. Included here are:
-
Re:Locator/Identifier Separation Protocol (LISP)Thanks for replying to my post instead of keeping the non-brilliance of my ideas to yourself. My biggest concern when writing that post was that I was talking to myself. I'll attempt to address your concerns one by one.
No one router has a "full table" of all the routes. The routing protocols and the engineers work to make sure the tables are as close to lean as possible.
Just about all ISPs and backbone carriers carry full tables and many large organisations do as well for multihoming purposes. Global BGP tables are currently around 513,191 routes and this is what facilitated the issues mentioned in the article. One ISP made a mistake and started advertising more specific prefixes for blocks that were already summarized and this pushed the number of global routes beyond the limits of some older hardware. I would suggest reading about the Default Free Zone.
Your offered solution isn't necessary.
LISP is not something that I invented, it's something the IETF is working on to solve a perceived problem.(RFC6830) Some IETF contributors came to the conclusion the Internet routing system was not scaling well with the "explosive growth of new sites" and multihoming that many organisations now do. Problem Statement From all indications, the growth of the Internet does not appear to be slowing down, but accelerating. It seems like a prudent choice to evaluate different ideas as possible solutions to the issue of Internet scalability.
Your bitcoinesque solution for IPv6 allocation would make things worse.
It seemed like a technical solution to avoid the politics of Internet governance. I admit it wasn't well thought out, however I am curious how it would make things worse by allowing a small block of IPv6 addresses to be allocated in a decentralized way and adding cryptographic integrity along the way.
Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
I should have been more specific; I was suggesting originating advertisements would be signed as opposed to transient advertisements.
Routers that speak BGP are on the ISP and backbone level,
Medium to large organisations also use BGP to advertise their address space to their ISP(s).
and are physically secured.
Originating BGP route advertisement signing is not intended to supplant physical security measures.
Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it.
None of this would really be necessary for a home user as their ISP would be doing all of this on their behalf.
To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
To announce rogue routes, one only needs an ISP that doesn't filter incoming BGP advertisements properly. It seems apparent as the Internet grows there will be more and more BGP peerings and as a consequence of that not all of them will be competent or aboveboard with their implementations.
The Resource Public Key Infrastructure (RPKI) is a step in the right direction, however seems to be mainly for preventing mis-configurations from causing outages. Someone with malicious intent need only use AS path prepending to bypass this protection. -
Re:I disagree
Sorry that scenario doesn't fly:
http://www.cidr-report.org/cgi...
Netflix has peerings with:
AS2828 XO-AS15 - XO Communications,US (Tier 1)
AS55095 AS-NFLXCORP - Netflix Inc,US
AS3257 TINET-BACKBONE Tinet SpA,DE (Tier 1)
AS4436 AS-GTT-4436 - nLayer Communications, Inc.,US
AS3356 LEVEL3 - Level 3 Communications, Inc.,US (Tier 1)
AS16397 ALOG SOLUCOES DE TECNOLOGIA EM INFORMATICA S.A.,BR
AS26592 ALOG SOLUCOES DE TECNOLOGIA EM INFORMATICA S.A.,BR (Tier 2 - Has large footprint in latin america).
AS1299 TELIANET TeliaSonera International Carrier,SE (Tier 2 - Apparently the largest fiber providers in Europe).
AS174 COGENT-174 - Cogent Communications,US (Tier 1)So no this isn't a case of exclusive peering, Level 3 being such a large provider just happens to be the best connection between Verizon and Netflix.
Secondly, that whole thing of 'Level3 to Verizon: "Ok, that will be $X"' has no bearing on a peering agreement, the statement would have been more like "The link between us is congested, want to upgrade the link?" each side upgrades their switch (if neccesary) and they connect the cable / fiber (given that they are in the same location we are talking about a multimode fiber patch at the high end).
-
Re:So, a drop of spam-traffic?
For a couple of hours?
For a day. They found a new upstream now, though, Unitedlayer, Inc., who obviously didn't pay any attention to the news (or just decided to ignore it):
http://cidr-report.org/cgi-bin/as-report?as=AS27595
27595 INTERCAGE - InterCage, Inc.
Adjacency: 1 Upstream: 1 Downstream: 0
Upstream Adjacent AS list
AS23342 UNITEDLAYER - Unitedlayer, Inc. -
Addresses
The attack was launched with source addresses in AS 11393. Not that source addresses mean anything in a synflood. FiberConnexion is a suspected front for MD (and if they aren't they need to drop these shlubs realquicklike).
http://www.cidr-report.org/cgi-bin/as-report?as=AS11393 -
Net Blocks Withdrawn?
According to every single one of the cidr-reports referenced by that spamhaus article, all the blocks of IPs were "withdrawn" Example: http://cidr-report.org/cgi-bin/as-report?as=AS42811
-
Re:We're not ready for IPv6 yet.
Anyway, I think it'll still be a very searchable space - there are a relatively small number of ISPs and the way most give out addresses is not going to be random.
I'm sure there will be sites doing the following sort of stuff for IPv6:
http://www.cidr-report.org/cgi-bin/as-report?as=AS 12222
http://www.ripe.net/whois?searchtext=AS3292&form_t ype=simple
Also is the common method of ipv6 autoconfig random? Or is it based on the MAC? If it is based on the MAC then that narrows things down even more.
Basically if the advantages of IPv6 are used then everyone gets to be a "peer", that probably means that people running such servers will want to make it easy for others to find their servers (or zombies ;) ).
If "users" don't get to run their own servers, then it sounds a bit like NAT + IPv4 ;). -
Re:don't get Congress involved please!
I love how they're saying that the content providers are "serving these applications at no cost." Ha!
Let's look at YouTube. A representative recently mentioned that they are pushing ~20Gbps. It looks like they buy transit from Cogent and Level(3) (CIDR-report on YouTube). Level(3) is supposed to be pretty expensive. While Cogent is said to be one of the cheapest per mbps, I doubt paying for 20 Gbps amounts to "no cost." -
Re:Telstra
Yes I was going on old information they are still raking 10th overall down from first a few months ago. http://www.cidr-report.org/aggr.html but it looks like they have removed everything smalled than a
/24 from there announcements. I wouldent call there act cleaned up but it's significantly improved. -
Re:TelstraOh, yeah... I can read too...
If you go down to the Aggregation Summary, and click on the link for 30217 AS1221 ASN-TELSTRA Telstra Pty Ltd you would notice that their 30k advertisements include:
Current: 30217
Withdrawn: 29289
Aggregated: 205
Reduction: 29084
Leaving Announces of: 1133Which is a 96.25% reduction on their previous announce list!
Not that I think they're good for anything, but complaining after they've cleaned up their act is kinda childish, don't you think?
-
Re:TelstraOh, yeah... I can read too...
If you go down to the Aggregation Summary, and click on the link for 30217 AS1221 ASN-TELSTRA Telstra Pty Ltd you would notice that their 30k advertisements include:
Current: 30217
Withdrawn: 29289
Aggregated: 205
Reduction: 29084
Leaving Announces of: 1133Which is a 96.25% reduction on their previous announce list!
Not that I think they're good for anything, but complaining after they've cleaned up their act is kinda childish, don't you think?
-
Telstra
Testra has been the worse offender routing table bloat in the world. Those guys are either clueless or trying to avoid having any backbone while appearing to be one. Telstra's CIRD report these guys are advertising just shy of 30k prefixes and a lot of those are
/32 prefixes aka one IP address. Somebody needs to track down whoever calls themselves the network architect, engineer or admin and shoot them then show them how to advertise a prefix.
Oh yea BTW all those entra entries into the global routing table make it harder for every other router running BGP. -
portable IPv6 effect on route summarization?
Has any thought been given to how IPv6 is going to effect route summarization? Under IP4 user ip's are suballocated by ISP's to users, the ISP's themselves are supposed to announce one aggregate route for all their users. If everyone gets an IPv6 block assigned directly from the numbering authority the internet routing table is going to be staggeringly enormous. Check out the CIDR Report which details current aggregation effeciency losses under IPv4.
-
I submitted this...
a couple of weeks ago. Not this particular article, but a little write-up with some nice links (rejected, of course).
Links:
In your face hijacking
Current list of possible bogus bgp routes
Oh, well.