Google Deploys IPv6 For Internal Network

itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

Supported

[inglorion_on_the_net]

"'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."

I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

Re:Supported

[Chuckstar]

I don't think they meant "we shouldn't hold the vendors accountable if the equipment doesn't work right".

I think they meant "we shouldn't expect that just because the vendor says it works, that it does".

Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.

Re:Supported

[jimicus]

I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.

Indeed, but it's the same with all commodity technology - you find various implementations, not all of which work properly.

The same was true 10 or 15 years ago with booting from CD. Same was true 5-6 years ago with PXE. Same's true with CIDR - I've come across equipment like printers that can't handle the idea - you have to give them a class A, B or C subnet mask. Same with STP (spanning tree) - I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work. Only a couple of weeks ago I met a server BIOS providing software RAID (yeuch) that needed the drives set to RAID in the BIOS for it to work. But if power to the server was lost, that specific BIOS setting would go. Every other BIOS setting would be just fine and you'd get no error at bootup; you'd just find your disks magically appeared differently on boot.

If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.

Re:Supported

[jimicus]

If you mean that the managed switch dies when you connect an unmanaged switch with NO loop: then you have an extremely crappy managed switch. This use case has nothing to do with STP.

That's exactly what I mean; disable STP and it all starts to magically work.

This was a Dell switch, which probably explains rather a lot - rumour has it that particular model is a rebadged Allied Telesyn. Mind you, if Dell were to write to me informing me the sky was blue I'd stick my head out of the window.

Re:IPv6

assignment of smaller blocks may have extended the life of IPv4 addresses however, there are physically not enough addresses for the devices we currently have. While, there may be enough at the moment, there wont be soon.

What is IPv4; 4.3 billion addresses. There are over 6 billion people on earth and many people in the western world have numerous devices. My household of 2 has 8 devices that are nearly always online. (Computers, Phones, Top-set Boxes, printers, etc....) This number does not take into account either one of our work sites which probably add another 1-2 addresses to that number.

And no, NAT is not a solution.

Re:IPv6

[AliasMarlowe]

Something no one would need if proper assignment of IP ranges had been done.

No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.

Re:IPv6

[Mr.+Underbridge]

Right, if decades ago the inventors of the internet had realized that it would scale from 10s of users to billions. I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did. To criticize them is preposterous.

Re:The fine article is wrong

[KiloByte]

Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.

Try this: 2⁸⁰ -> 280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.

Re:IPv6

[SuricouRaven]

2^32 - 2^24 - 2^16 - 2^20 - 2^16 - 2^28 = 4008574976. That's if you put them all on one giant flat network from hell, and so didn't use any for network or broadcast addresses. Yes, 2^16 in there twice - don't forget APIPA. The 2^28 is reserved for multicast.

Re:IPv6

[vlm]

I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did.

Not really. Don't forget there is a HUGE difference between the old classfull and VLSM/CIDR/classless numbering. That gain is the whole point of spending all that effort implementing netmasks. There really were not that many possible classfull lans compared to the number of minicomputer owning businesses in the world, etc.

For the post-92ish noobs, a really simple one line explanation is the netmask used to be stored inside the address itself, so for example if the first octet was 0 to 127, that meant that LAN had to be a (presumably giant bridged) /8, first octet 128-191 meant the netmask had to be a /16, not defaulted or was a pretty good guess, but operationally "had to be".

The early years of VLSM were pretty entertaining, old timers lecturing us how a LAN addressing scheme like 1.2.3.0/24 was "impossible" and so forth.

Without VLSM we would have to have done the ipv6 conversion years before the dotcom boom, rather than a decade or so after. Not entirely sure if we'd all be better off now, or not.

Re:Business as usual?

[tgd]

And while the current versions of most OSes support IPv6, they do not do so by default.

What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.

Windows 7 actually defaults to it being turned on, but will generally not do anything with it if it doesn't get an IPV6 DHCP address. But some MS technology (like the Win7 HomeGroup support, and DirectAccess) work via IPV6. Odds are there are a TON of people using IPV6 on their home network and just don't know it.

It took Google 4 years...

[s7uar7]

Just think how long it would take companies without access to virtually unlimited funds and brain power. It's no wonder everyone is reluctant to make the move.

Re:IPv6

[Ihmhi]

Oh man, what I would have given to be there for that conversation.

"How many addresses do you figure we need?"

"Couple billion I guess."

"But what if we need more?"

"Dude, okay, let's just say one per person. 4 and a half billion or so. Now everyone on the world can have one."

"But what if, you know, there ends up being a few more people than that in the future?"

"Jesus Christ man, it's not like 3 billion extra people are gonna pop up out of nowhere in the next 30 years!"

Re:Vendors

[Lennie]

Because the hardware that can handle large amounts of small packets fast when you install your own software ('firmware'), does not exist AFAIK. Atleast not the type which will also be supported by (multiple) vendors (no1 wants to be stuck on, locked into, one vendor). designing not-massproduced ASICS isn't cheap. It would be like Google designing their own CPU's for their servers.

The closest things are:

- NetFPGA (some people at Google worked on that project I believe) / LibreRouter - which use FPGA's to handle packets, you tell it how to do that.

- projects like Netmap, handle packets in userspace so you don't have to push packets through the kernel on normal PC-hardware, making it faster: http://www.youtube.com/watch?v=SPtoXNW9yEQ

The best chance currently to be useful in 'doing your own thing' is probalby:

- OpenFlow, which basically is an API standard which multiple vendors would support to describe what the hardware in a switch should be doing, a programming language almost. Some demo's:
http://www.youtube.com/user/stanfordopenflow

Which can allow for lots of tricks, like 'software defined networking'

Re:IPv6

[Lennie]

Remember the mini-computer didn't even exists then.

So a computer was a large machine which took up a room.

And it was just an experiment, the experiment never ended.

If you want to know more about what the original creators thought, you should look up talks by Vint Cerf:
http://www.youtube.com/results?search_query=vint+cerf+ipv4+ipv6+depletion

For example this video:
http://www.youtube.com/watch?v=LcXCieD5YKE

Re:IPv6

[allo]

you see, the good thing is not the NAT, but the firewall dropping packets from outside, again. As always, the people say the security comes from NAT, and really mean the requirement of having a firewall which drops packets coming in, because there is no mapping to which internal ip they should be routed.

Re:IPv6

[tyler_larson]

Decades ago, the engineers did in fact consider 128 bit addresses, but in the end they went with 32 specifically because v4 was not considered a "production" version. There's a link on the wikipedia page for ipv6 to a video with vint cerf explaining exactly that.

Re:IPv4.1

[kasperd]

My octets go to 257.

That's not how IPv4.1 works. Check the facts.

Re:What's the point?

[zootie]

IPv6 is very popular in Asia, and you have a large number of Eastern languages sites that are only reachable on IPv6 (some only have IPv4 for western visitors if their content applies).

And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.

The limiting factor is going to be the home routers. But as more ISPs begin offering the option (maybe bundled with a "higher performance tier" that will tie in with net neutrality), we'll likely see home routers advertising IPv6 support as if it was a new type of faster wireless. Albeit, it might take years.

Re:IPv6

Of course sometimes its still necessary, avoiding that just isn't as flexible.

SIP/H323 are a good example as the media has to be sent in a separate RTP connection. If it's not immediately obvious why that's the case RTP has to be sent as UDP to avoid latency/loss making a call unusable which TCP would. SIP can use TCP and H323 always does, so you can't send the media in the same connection.

Plus a lot of telecom environments don't have the same server handling the media as the signalling. One such use case is sometimes you get the phones to bypass the server and talk directly. That means less latency and less bandwidth used at the server, but it is only possible where end-to-end connectivity between the phones is is possible and NAT almost always breaks that.

Re:Business as usual?

[viperidaenz]

The easy solution is to replace all your hardware with Apple products. It's what Steve would have wanted

Re:IPv6

[Pi1grim]

NAT killed one of the basic principles of the internet and you're trying to make it look like a good thing.

Re:IPv6

[Tim+the+Gecko]

I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.

The announcement - http://www.nro.net/news/ipv4-free-pool-depleted - was made when IANA, the central authority, ran out of addresses to give to the five regional internet registries. These regional registries will run out at different speeds. Geoff Huston's graph is very useful to see how fast this will happen - http://www.potaroo.net/tools/ipv4/plotend.png