The IPv4 Internet Hiccups

New submitter pla writes: Due to a new set of routes published yesterday, the internet has effectively undergone a schism. All routers with a TCAM allocation of 512k (or less), in particular Cisco Catalyst 6500 and 7600's, have started randomly forgetting portions of the internet. 'Cisco also warned its customers in May that this BGP problem was coming and that, in particular, a number of routers and networking products would be affected. There are workarounds, and, of course the equipment could have been replaced. But, in all too many cases this was not done. ... Unfortunately, we can expect more hiccups on the Internet as ISPs continue to deal with the BGP problem." Is it time to switch to all IPv6 yet?

hmmmmm

Surely 512k ought to be enough for any router?

Re:hmmmmm

Goddammit! It's 640k you insensitive clod.

Yes, Please

[jfdavis668]

We changed all our systems over time to handle this great IPv6 change, and haven't used IPv6 yet. Our service provider doesn't even offer it. Come on, some of us are more than ready. We will probably have failures, because it hasn't been truly tested, but we are far more ready than we were for Y2K.

Re:Yes, Please

[CastrTroy]

And home users aren't even close to getting on board. Most people's PCs and other devices will handle IPV6 just fine. Many new home routers are ready but a lot of people haven't bought a router in years, and their old one can't handle IPV6. And at least where I am, there aren't any home ISPs who even have IPV6 on the roadmap.

Re:Yes, Please

[NotDrWho]

Many new home routers are ready but a lot of people haven't bought a router in years

So? Most people hadn't bought a broadband router at all 15 years ago. Most people hadn't bought a wireless router 10 years ago. People don't buy until you give them an incentive. And until you man up and tell people "Look, you have a year to buy an IPv6 router or get one from your ISP, or we're cutting you off" no one has any incentive to get off their fat asses and do what needs to be done to move us ahead.

If we had continued to keep the automobile speed limit at 10 mph year-after-year because a few lazy old farts refused to give up their goddamned horses and buggies, we'd still be driving around today at 10 mph.

Re:Yes, Please

[BitZtream]

WiFi routers get replaced fairly regularly because the cheap ones most people buy have some crappy component in them that starts to degrade over time until their wifi becomes really crappy to use.

Unless you pay a lot for quality gear, or you get lucky, 5 years is a long time for a consumer/home user WAP to last. If you see a Dlink or Linksys WAP thats 5 years old and still works well, you're indeed lucky.

Re:Yes, Please

[Bing+Tsher+E]

Most people don't need to drive more than 10 mph in their driveway. And most people don't need router technology in their home that's newer than 10 years old.

It's the dilemma of the marketers. Cisco says 'buy new stuff.' News at seven.

Re:Yes, Please

[BitZtream]

If we had continued to keep the automobile speed limit at 10 mph year-after-year because a few lazy old farts refused to give up their goddamned horses and buggies, we'd still be driving around today at 10 mph.

19 mph, because no one pulls you over for doing 9 over, but 10? You're in the pen!

Re:Yes, Please

This has little to do with IPv6. In fact there is only 256k available by default if you switch. I suggest the BOFH change the default password on their router while they are changing the default TCAM.
The way I figure it, we have a good chance of bypassing IPv6 alltogether if we put a little more work into RDAM and stuff all networking into private application layers. Nobody wants to visit your blog anyway.
I call it my Software as a Sucker model.

Re:Yes, Please

I have native IPv6 at home since several years. I just had to toggle a button on my ISP (Free in France) account page.
Last time I used a packet sniffer (for unrelated geeky reason) a part of traffic actually was IPv6.

Re:Yes, Please

[Russ1642]

Home routers fail after a few years anyway so most home users are probably IPV6 ready.

Re:Yes, Please

[dbIII]

Many new home routers are ready but a lot of people haven't bought a router in years

When they or their kids discover bittorrent or Facebook jumps the shark in the number of connections per page even more than it has they'll find that the net just will not behave as nicely for them anymore with their old router that wasn't designed to be hit that hard. When they get their new cheap and nasty bottom of the range Chinese device they'll find it can both vastly outperform their old thing and later it will handle IPv6 for them.

And at least where I am, there aren't any home ISPs who even have IPV6 on the roadmap.

The US still has a few addresses floating about but Asia had a smaller pool to play with so the people that make your stuff are already using it on IPv6. Even in the US phones are getting on IPv6 so since everyone wants their site to actually work on an iPhone the content hassles are being worked out before the US home consumers arrive.

Re: Yes, Please

[jd2112]

Home users are on IPv6 because it has been enabled by default since at least Windows Vista. That doesn't mean that their internet connection can handle it as the providers are more interested in finding new ways of throttling traffic and extorting money out of service providers to bother with making improvements to their networks that most customers won't notice and haven't asked for.

Re:Yes, Please

[Lord+Crc]

My ISP supports IPv6, my router supposedly supports IPv6 (Asus RT-N66U), I can see the router getting an IPv6 address from my ISP, I can see my PC getting an IPv6 address from my router yet when I test it out on the various "do I have IPv6" pages it's failing.

After spending a couple of hours mucking around I gave up. I'll deal with it when it matters. Hopefully it's less painful then.

Re:Yes, Please

[Scutter]

That's been my exact experience. IPv6 is supposed to be dead simple (compared to IPv4) for home users. I am definitely not a home user and I still can't get it working with my ISP.

Re:Yes, Please

[arth1]

And most people don't need router technology in their home that's newer than 10 years old.

Once their OS is told that www.google.com has internet address 2607:f8b0:4009:805::1010, they sure do.
Or once their ISP switches to IPv6.

What's sad is that slashdot.org does not have an AAAA address.
News for whom?
Stuff that what?

Re:Yes, Please

[Dishevel]

My home router is a computer that can not run the apps I want anymore and a few nice network cards.

Re:Yes, Please

[Ichijo]

If we had continued to keep the automobile speed limit at 10 mph year-after-year because a few lazy old farts refused to give up their goddamned horses and buggies, we'd still be driving around today at 10 mph.

And there would be much less carnage on the streets.

I hope that in 10-20 years when driverless cars have proliferated, that the safety of our streets will be back up to where it was a century ago.

Re:Yes, Please

There's no need to cut people off at the ISP level. Offer dual stack ipv4/ipv6, and when their favorite website suddenly decides that supporting ipv4 isn't worth its time anymore (perhaps they can't find anyone who still knows how to handle ipv4 subnetting...), they'll throw a big fit, and someone will point out that they're using a 30 year old home all in one gateway/router/access point, and that it might be worth dropping $15 or so to remedy the situation.

Nobody except the extreme zealots has called for anyone being cut off for still being on ipv4. Hell, part of what makes moving over to ipv6 remotely reasonable is the option to use dual stack so nobody has to immediately move over or risk segmenting massive portions of the Internet.

And given the ongoing security concerns that come with ipv6, it should absolutely stay that way. The place where pressure needs to be isn't on the home users to move over, but on the ISP's to give the option to those who are ready to get on the ipv6 network and serve as the pioneers/guinea pigs so that we can stop talking about how things haven't been tested well enough yet. We do the same thing with operating system versions...systems less concerned with constant stability use the newer testing versions (Debian Sid/Unstable, Fedora, Ubuntu (non-LTS), Slackware-Current...), while those who just can't take the risk of moving over until they really just can't do without the new features are kept back on stable platforms. The attitude that we should be cutting off ipv4 to speed up migration may as well be saying that we should cut off OpenBSD because it doesn't support new feature x.

Choice is good.

Re:Yes, Please

Even now most people haven't bought one, but just use the one supplied by their ISP for 'free' (or rather built into the cost of the contract).

Re:Yes, Please

[BradMajors]

And home users aren't even close to getting on board. Most people's PCs and other devices will handle IPV6 just fine.

No. While most new routers have some ipv6 capability, most new routers are not "ipv6 ready". It is lack of complete ipv6 support in routers that is preventing widespread adoption.

Re:Yes, Please

[djsmiley]

Of course Wifi router is the only thing at home that needs support for ipv6 right?

Hell, DS's don't even support WPA ffs.

Re:Yes, Please

Actually their computer will know they don't have a IPv6 route to the world, since the router hasn't advertised one.

This means that their DNS resolver will know to only return IPv4 routes since IPv6 routes aren't usable. Thus no problem.

Or their browser will know to retry IPv4 addresses if IPv6 ones fail. Slightly slower connection but still works. Customer complains 'slow' to ISP, ISP tells them they need to update router.

Re:Yes, Please

[westlake]

If we had continued to keep the automobile speed limit at 10 mph year-after-year because a few lazy old farts refused to give up their goddamned horses and buggies, we'd still be driving around today at 10 mph.

Bad car analogy time.

The problem wasn't the horse and buggy.

The problem was the expense of paving roads, replacing bridges and so on.

The problem was that the funding, construction and maintenance of roads and bridges was considered a local responsibility ---- down to the township level or below.

The "last mile" problem in its primal form.

It was never so politically simple as drawing a line between A and B and saying that this what we need to do.

Re:Yes, Please

[stderr_dk]

My ISP supports IPv6, my router supposedly supports IPv6 (Asus RT-N66U), I can see the router getting an IPv6 address from my ISP, I can see my PC getting an IPv6 address from my router yet when I test it out on the various "do I have IPv6" pages it's failing.

After spending a couple of hours mucking around I gave up. I'll deal with it when it matters. Hopefully it's less painful then.

Quick question: Are those IPv6 addresses in the fe80::/10 range? Is so, they're link-local.

If not, would you mind sharing them or at least their routing prefix?

Re:Yes, Please

slashdot.org does not have an AAAA address.

First slashdot would have to upgrade from b class news.

Re:Yes, Please

[arth1]

This means that their DNS resolver will know to only return IPv4 routes since IPv6 routes aren't usable. Thus no problem.

That depends. The "filter AAAA on ipv4" option is quite new in bind 9, and probably not available on the majority of DNS installations out there.
My guess is that a majority of ISPs will gladly send IPv4 clients the AAAA records. Which, in my opinion, is a good thing. Just because the query goes through IPv4 doesn't necessarily mean a client doesn't have IPv6.

Re:Yes, Please

[Bengie]

Don't worry, that 10 year old router won't be able to support the 100mb+ speeds of more current ISPs. When they speed test and get 15mb and wonder why, they will eventually purchase a new router that will support IPv6.

Re:Yes, Please

[mjwalshe]

you know back than there was a huge number of horse related accidents - horse riding is a very dangerous sport (not to mention the health hazards of horse poop)

Re:Yes, Please

[orgelspieler]

I think porn is the obvious solution here. Just get the major porn sites to require IPv6, and the problem will solve itself.

Re:Yes, Please

[gbjbaanb]

then maybe that's it - when the option comes to upgrade to a superfast fibre connection, you should be getting a IPv6 capable router at the same time. Generally the cheapass routers given away with home broadband can't even do fibre speeds, let alone have the fibre connections.

I'd have thought its an opportunity for ISPs to sell more stuff "upgrade to the new internet, faster and more reliable etc", but no - they still drag their heels and don't offer IPv6 at all. Mine is *still* doing a trial, going on for 2 years now.

Re:Yes, Please

[davester666]

if that happened, IPv6 would be made illegal in the US, with an exception for law enforcement and gov't officials.

Re:Yes, Please

[bill_mcgonigle]

We changed all our systems over time to handle this great IPv6 change, and haven't used IPv6 yet

You might have, but many of those systems still set to default to 512K routes also don't have IPv6 in ASIC, only in software on the anemic CPU. This will improve, but today shows us that not everybody is running the latest gear.

(not that IPv6 fixes this problem, but to the larger question)

Re:Yes, Please

[GNious]

Too far, man!
Get pr0n site to offer their HD streams for free on IPv6 (for still for-pay on IPv4), and there'll be a steady stream of calls to ISPs for information on how to get IPv6 ...

(This assumes there is an interest in HD Pornography - no idea)

Re:Yes, Please

[Lord+Crc]

Here's from my router:

                    IPv6 Connection Type: Native with DHCP-PD
                            WAN IPv6 Address: 2a02:fe0:c400:1:95d2:656f:...
                            WAN IPv6 Gateway: fe80::219:2fff:fee6:73d9
                            LAN IPv6 Address: 2a02:fe0:c411:a960:da50:e6ff:.../84

My PC gets a fe80 address, but I can ping the "LAN IPv6" address above.

Re:Yes, Please

[surd1618]

I think a better car analogy would be, "Look, freeways just came into existence, but you need a faster car than your model T."

Re:Yes, Please

[kasperd]

This has little to do with IPv6. In fact there is only 256k available by default if you switch.

So what if you can only have half as many entries on IPv6? Due to IPv6 being designed for an HD-ratio in the 80-90% range rather than the 95%+ needed with IPv4, there is much less address space fragmentation. The result is that on average each AS only has one fifth the number of IPv6 routes compared to IPv4. So those 256k IPv6 routes are going to last longer, even if the entire world switched to IPv6 next month.

Re:Yes, Please

[orgelspieler]

Maybe not?

Is it time to switch to all IPv6 yet?

Well, if you pay for the cost, otherwise it will be much easier to just patch the problems and keep on going.
That way we will have access to more mature technology when we do make the switch. Also, it is unfeasible to switch it all at once.
Gradual switching when needed is preferable.

Re:Is it time to switch to all IPv6 yet?

[marka63]

How much more gradual do you want? I've been running dual stack for over a decade with a tunnel back to HE. At this stage most of your equipment runs fine with IPv6.

Re:Is it time to switch to all IPv6 yet?

[Bengie]

In many cases, the "work around" is to use software routing instead of hardware routing. In the cases of the Cisco routers linked above, their TCAM can be re-partitioned, then restarted. But with the rate of IPv4 route fragmentation, it will only buy so much time. The fix is to use IPv6 or get newer hardware with a larger TCAM.

Re:Is it time to switch to all IPv6 yet?

[NotDrWho]

Well, if you pay for the cost, otherwise it will be much easier to just patch the problems and keep on going.

Yeah, in the same sense that it's easier for a Calcutta slum to keep running recycled appliance cording as power lines rather than adopt modern electrical standards. At a certain point, putting another shitty patch on an ad-hoc fucking mess has to give way to some kind of organized system, even if it means some short-term pain. We can't have piss and shit running down the street because some of the neighbors don't want to put up with the hassle and cost of building a modern sewer system.

Re:Is it time to switch to all IPv6 yet?

[Bing+Tsher+E]

Everything is a patch. Everything is an update. There's no such thing as 'rip everything out and reinstall.'

Well, there is, but it failed the several times it was tried in the 20th century.

Get used to the maintenance cycles. It's really all we've got.

Re:Is it time to switch to all IPv6 yet?

[DigiShaman]

Just shove all cellular devices to IPv6 first and then re-allocate the IPv4 pool previously occupied (if possible). The mobile device community is the fastest changing industry. It should be trivial to either update the OS/apps or replace the phones. Well, at least relative to home and business machines (PC/Servers).

Not ready for v6 yet

[oodaloop]

There's still plenty of time to postpone that. Not until the last /2 is sold will I start to worry. And can't we start using a few 127.x.x.x? Do we really need 16 million addresses for testing?

/sarcasm

Re:Not ready for v6 yet

[BitZtream]

Some of us need a lot of self reflection :/

Re:Not ready for v6 yet

[VGPowerlord]

If it weren't for the stupidity of OS and IP stack authors, we'd be able to use the 240.0.0.0 - 255.255.255.254 addresses.

However, most of them refuse to route to those addresses because they're "Reserved for Future use."

Apparently no one stopped to think that blocking routing to those addresses would stop them from being used in the future because people insist on using older technology.

Re:Not ready for v6 yet

Yes, so long as I get the money that's saved as a result - because NAT and all the headaches that network admins and software programmers go through to cope with insufficient address space in v4 are far more costly than just deploying v6 is.

Re:Not ready for v6 yet

Yes, adding another 16 /8s when we burn through one every few months would have solved the problem once and for all.
... are you in management by chance?

IPv6

IPv6 will only make this worse, with more routes to be kept in a local routing table and more stuff cached in the TCAM tables.
The solution is the one Cisco gave them: buy a router that can accomodate more entries in that particular table. I'm sure they explored this option vs paying SLA penalties to whomever requests it.

I thought you overpaid for Cisco stuff

just to avoid problems like this.

Re:I thought you overpaid for Cisco stuff

should have taken the red pill, err i mean bought Huawei

Re:I thought you overpaid for Cisco stuff

[Minwee]

This is exactly the kind of problem that makes you glad you overpaid for name brand hardware.

Which of these two answers to the question "Why did our network fall over and sink into the swamp yesterday?" would you like to give?

"Um, it's because I recommended saving a bit of money on buying off-brand routers that couldn't handle everything. I'll go clean out my desk."

or...

"It's not my fault! We bought [insert name brand here] because they were supposed to be better. Round up the rest of the management team and we'll have a conference call with [vendor] this afternoon and get them to explain how they failed us."

Re:I thought you overpaid for Cisco stuff

After which the [vendor] will tell you that they're **you** failed because **you** didn't allocate more memory for IPv4 routes. [vendor] will tell management how they had foreseen this problem in 2006 and how they warned customers in advance.

As opposed to "Well, we bought cheap noname switched back then because the head of IT cut the budget by 20%. They're not built to keep up with the growth of the Internet. No big deal, we'll just buy new switches. You should have Internet back within a week. How much can we spend this time?"

Re:I thought you overpaid for Cisco stuff

[Minwee]

After which the [vendor] will tell you that they're **you** failed because **you** didn't allocate more memory for IPv4 routes. [vendor] will tell management how they had foreseen this problem in 2006 and how they warned customers in advance.

I wish [vendor representative] luck in pursuing other interests outside of [vendor]. You pay enterprise suppliers the insanely big bucks to be diplomatic enough to not tell the truth about just who screwed things up. Given the choice between calling the customer an idiot and having the customer continue buying expensive toys with a lot of zeroes in their prices it is usually preferable to just say something about how you will look into how the warning wasn't delivered to the right people, and then shut up and never speak of it again.

"we bought cheap noname switched back then because the head of IT cut the budget by 20%."

Deflecting blame to the department head may make you feel better but it's a dangerous move. When life hands you a bucket full of... let's just say "waste products" you can hand it to someone else, empty it out the window and trust that nobody is on the sidewalk or carry it to the dumpster yourself. Throwing it directly upwards shows a distinct misunderstanding of how gravity works.

Obsolete?

[The+New+Guy+2.0]

We seem to have a bunch of things failing somewhat on the same day... is Cisco effectively saying "We're taking back what you have... please pay more!"?

Re:Betteridge

[NotDrWho]

You're right. It was time 10 years ago. Now it's way PAST time.

Not really to do with "BGP" or "IPv4" as such...

[cardpuncher]

This isn't really to do with BGP or IPv4 as such, it's an inherent problem in the way "The Internet" regards addresses.

You might be able to get some efficiencies in IPv6 by incorporating formerly-unrelated address allocations under a single prefix. But that doesn't solve the problem of a continuously growing network, increasingly complex (and commercially controversial) peering arrangements, the fact that IPv6 addresses are actually larger and the fact that you're going to have to support IPv4 anyway in parallel with any IPv6 transition (I don't personally believe it will ever happen, but that's a different story).

You could, however, get rather more efficiency in core routing tables if network addresses only had a very transient existence and were related to the source/destination route to be employed (eg: look up a domain name, do some route pre-computation, allocate some addressing tokens that make sense to the routers on the path, recalculate the route periodically or in response to packet loss). That's not IPv6, though. IPv6 has the same order of dependence on every router knowing about every destination network as IPv4 does (give or take the slightly greater prefixing efficiency).

TL;DR - The Internet is getting bigger. Buy more kit.

Re:Betteridge

DAMMIT

OK, let me try that again:

Is it time to... stick with IPv4 instead of switching us all to IPv6?

IPv6 would make the problem worse

It uses 128 bit addresses instead of 32 bit addresses. And it does not officially support subnetting or hierarchical routing, although somewhere in the flood of IPv6 RFCs (there are dozens and dozens, most of which are at least partly deprecated) there might be some specification for somethat like that which is being ignored.

Re:IPv6 would make the problem worse

[Eravnrekaree]

Isnt subnetting more a software implementation DHCP, and BGP thing in the router, enter a net mask address and network address into the router config and then the router can analyse the addresses to determine if they are local or not. It seems, if IPV6 does not provide an equivalent for DHCP's getting the net mask then we are screwed. But net masks are not something you find in the IP packets headers themselves.

Re:IPv6 would make the problem worse

[Dagger2]

v6 makes things better, because it uses 128-bit addresses rather than 32-bit addresses. See RFCs 1715 and 3194 for the details.

Yes, there's a small linear factor of extra memory required for v6 routes vs v4 routes, but that's irrelevant compared to the route count reduction that comes from a lower HD ratio.

Re:IPv6 would make the problem worse

[devman]

In addition to the other points brought up by other posters. Routing decisions occur only on the first 64 bits of an IPv6 address. There is no need to store the entire address.

Re:IPv6 would make the problem worse

[Paul+Jakma]

There's no good reason to think there'll be a significant improvement in HD with IPv6, or significantly fewer prefixes advertised.

The issue is orthogonal to IPv6, it's fundamentally about how Internet routing is organised today. No hierarchy, and all prefixes must have global visibility. Hierarchical routing of the 90s has a bit of a bad name, and support for aggregation in BGP has been deprecated. However, there are things like topographical-landmark routing, which improve on the deficiencies of hierarchical routing. These would allow the Internet to grow without routing tables everywhere having to grow in direct proportion. Instead, routing tables wouldn't grow much at all, even as the Internet grew, in relative terms.

Re:IPv6 would make the problem worse

[BitZtream]

but that's irrelevant compared to the route count reduction that comes from a lower HD ratio.

Only if you assume you can reduce routes because there are so many people with diverse blocks in their network, which isn't the case so much.

The route count is much more a result of multihoming and portable address space, which means larger prefixes aren't going to help at all. At no point in my career would my provider having a larger prefix helped reduce the routing table as I have always had either portable address space, which is a direct allocation from a NIC rather than an ISP, or been multi homed which means at best I get the addresses from ONE of the peers and announce it out to another peer, but in that case traffic gets all screwed up if the upstream provider which allocated me the non-portable space aggregates it since aggregated addresses aren't preferred over non-aggregated address space.

I.E. larger upstream prefixes don't really help at all.

Re:IPv6 would make the problem worse

The route count is much more a result of multihoming and portable address space

Really? I see ISPs that have dozens and dozens of IPv4 blocks assigned to them, and 1 IPv6.

Let's look at AT&T's AS2686, owners of 32.0.0.0/8. They advertise about 225 IPv4 prefixes that have AT&T in its name. They also advertise 1 IPv6 /32 prefix with AT&T in its name (+2 non AT&T IPv6 prefixes).

Let's look at NTT Communications (out of Japan) AS4713. They advertise 165 IPv4 prefixes and 4 IPv6. Over 100 IPv4 prefixes are for most likely used by NTT itself and all 4 IPv6 seem to be used by them too.

So, it seems to me that many entities could reduce their usage of multiple prefixes for the same AS to just 1. IPv6 removes address space pressures that require ISPs to get more than 1 prefix.

Re:IPv6 would make the problem worse

[rekoil]

While in practice most admins configure /64s as subnets, there's nothing preventing netblocks that are smaller than /64. I have /127 point-to-point subnets on my network, and /96s going to server racks. You need a /64 in order to do RA, however, but you can use DHCPv6 instead on smaller subnets.

Re:IPv6 would make the problem worse

[kasperd]

There's no good reason to think there'll be a significant improvement in HD with IPv6, or significantly fewer prefixes advertised.

You'd need more than 10^12 internet users to push the IPv6 HD ratio up to the same ridiculous level that we have on IPv4 (for those bits that matter to backbone routing). Dagger2 is right, the HD ratio does have a measurable impact on number of advertised prefixes. The average number of adverstised prefixes per AS is five times higher on IPv4 than on IPv6.

Re:IPv6 would make the problem worse

[kasperd]

While in practice most admins configure /64s as subnets, there's nothing preventing netblocks that are smaller than /64.

But those are never advertised through BGP between AS. For backbone connections between AS 48 bits is sufficient. Within your own AS, you can use a hierarchical structure, which due to its hierarchical structure can be routed more efficiently.

To summarize - for the foreseeable future I guess 200k entries matching on the first 64 bits will be plenty for backbone routers. And 10k entries matching on all 128 bits will be plenty for edge routers.

Re:IPv6 would make the problem worse

[Paul+Jakma]

IPv4 has been around a lot longer, and has had a lot more real use and legacy concerns. Even if you got that 5× fold reduction in routing table sizes by switching everyone over to IPv6, then:

1. You won't *keep* that nice clean space. The same processes that led to IPv4 fragmentation, ex space, will start to affect IPv6: Mergers; ASes eventually running out of bits in their prefix, given enough time (and remember, we're talking routable bits - that's only 16 in a /48, a lot but not impossible to exhaust either, a /56 would be even easier to exhaust) and neighbouring prefixes no longer being available to allocate.

2. Say 1 is wrong, and v6 stays clean. Ok, you've got a 5 fold linear reduction compared to IPv4. However it still doesn't fix the problem that current Internet routing leads to O(N) routing tables at each AS in terms of number of entries (O(NlogN) in terms of total size), where N is the size of the Internet and N keeps growing at a fast rate - even if measured in # of ASes rather than # of prefixes. Certainly supra-linear, potentially exponential Internet growth to date, and we've still got much of Africa, China and India still to become rich enough to start using address space like we do in the developed world. That 5x linear reduction is, ultimately, a barely noticeable blip in the face of continued supra-linear, perhaps exponential growth of the Internet.

IPv6 doesn't fix routing table growth problems, at least not in terms of providing a mode change in how routing table sizes grow with respect to the overall network, because IPv6 does not fundamentally do anything to change how routing is done, in a way that could slow the mode of routing table growth.

Re:IPv6 would make the problem worse

[kasperd]

You won't *keep* that nice clean space. The same processes that led to IPv4 fragmentation, ex space, will start to affect IPv6

With address shortage being the main reason for fragmentation, that doesn't sound so likely.

Mergers

This will not exactly lead to growth in number of announcements, but it won't lead to a reduction either. Giving incentives to renumber after a merger may help a bit. At least there should be enough addresses that the company can pick which of the two blocks it want to renumber into, and that block can be extended as needed.

ASes eventually running out of bits in their prefix

Bits are set aside to allow them to grow - for now at least.

that's only 16 in a /48, a lot but not impossible to exhaust either, a /56 would be even easier to exhaust

Doesn't all the RIRs hand out addresses in /32 or shorter blocks?

Ok, you've got a 5 fold linear reduction compared to IPv4. However it still doesn't fix the problem that current Internet routing leads to O(N) routing tables at each AS

That is true. This problem is going to get even worse if we want end user sites to have access to dual homing. Fixing this is going to require some fundamental change to how routing is done.

But if IPv6 gets deployed soon, the reduction in routing table size should buy us some time, that can be used to come up with a more scalable solution, which will allow every site to be dual homed. But of course things will have to break if ISPs will keep waiting for breakage to happen before they start deploying scalable solutions.

That 5x linear reduction is, ultimately, a barely noticeable blip

If the tables grow with each generation of hardware, a 5x reduction can last a while. Not forever, but long enough that a long term solution can be deployed, if ISPs want to.

IPv6 doesn't fix routing table growth problems

Not permanently, but IPv6 can help now, and IPv4 can be expected to get worse if allocations gets split and traded. And throwing bigger hardware at the problem may help with this one issue regarding IPv4, but there are other problems with IPv4.

Re:IPv6 would make the problem worse

[Paul+Jakma]

Well, let's agree to disagree to on point 1. I do agree with you though, IPv6 will be less fragmented than IPv4, though I do also think there are processes besides de-aggregation in the face of address space pressures that cause fragmentation, and I think IPv6 will face those pressures too. IPv6 needs to be seriously used first, and it may also require time.

Next, IPv6 addresses are of course 4 times larger than IPv4 addresses. Even if your IPv6 routing table has 5 times fewer entries, you're not getting a 5 times saving in memory. You're only getting a 5/4 times saving or tables that are 80% of the IPv4 - nowhere near as dramatic.

I'd contend 2 is the real underlying problem. Routing tables growing with the size of the network, in terms of # of entries - even if not at all fragmented. In terms of overall size, it's O(NlogN), however given we're using a fixed-length address label, that logN factor makes itself known in quite big jumps, as illustrated in the previous paragraph. That 20% saving will be eaten extremely quickly if the Internet keeps growing at super-linear pace. Given so much of the world's population isn't yet online, there's every reason to think the Internet still has plenty left to grow. Even in the developed world, there's no reason to think the amount of address space used per person will not grow dramatically. The amount of network enabled devices each of us own just keeps growing. The "Internet of Things" is the current buzzword, looking at network-enabling many small devices. Granted, that won't directly increase pressure on routable bits where a site upgrades to v6 from an existing v4 connection, e.g. a person's home, however there are surely many use-cases that involve new distinct locations coming online (e.g. cars?).

IPv6 is just neutral on the routing scalability question. Reduced fragmentation seems a trivial saving, at least to me.

Worse, it is possible that IPv6 is actually too small to be able to solve routing scalability.

Re:IPv6 would make the problem worse

[kasperd]

Next, IPv6 addresses are of course 4 times larger than IPv4 addresses. Even if your IPv6 routing table has 5 times fewer entries, you're not getting a 5 times saving in memory. You're only getting a 5/4 times saving or tables that are 80% of the IPv4 - nowhere near as dramatic.

In IPv4 all 32 bits are used for routing, though on the backbone you tend to only accept /24s. In IPv6 the first 64 bits are used for routing, though on the backbone you tend to only accept /48s.

Either way, you only need twice as many bits in the CAM to handle an IPv6 route compared to IPv4. So what you call a 20% saving is more like a 60% saving. The picture is a bit more complicated, because two CAM entries at half the size is not the same as one of the full size. So you may have to decide at design time, how you are going to use that CAM.

Routing tables growing with the size of the network, in terms of # of entries - even if not at all fragmented.

I'd love to take part in solving that problem. Any realistic solution is going to start with a migration to IPv6. And I don't see how we could expect the solution to be deployed any faster, so if we start now, we could probably have it in production by 2040.

it is possible that IPv6 is actually too small to be able to solve routing scalability.

That algorithm has a major drawback. The address of a node depends on which links are up and which are not. You'd have to renumber your networks and update DNS, every time a link changing somewhere cause your address to change. If we assume that issue can be fixed, it doesn't really imply that addresses would have to be larger.

The algorithm in the paper assigns two identifications to each node. The first one could very well be the IPv6 address assigned to the node. The second address is computed based on the first address and structure of the network. However their routing looks awfully similar to source routing. So really the solution might just be to make source routing work.

I can think of a couple of other reasons to consider IPv6 addresses to be too short. That paper isn't one.

Teredo and 6to4 are two "automatic" tunnel protocols. Both embed IPv4 addresses inside IPv6 addresses. Due to the use of NAT, Teredo needs to embed two IPv4 addresses and a port number inside the IPv6 address. That doesn't leave room for a site-level-aggregator or host part. If you wanted one unified protocol which could replace both Teredo and 6to4, you'd need at least 192 bits in the IPv6 address.

After IPv6 showed up, people realized that it is sometimes convenient to embed cryptographic information inside the IP address. That was unthinkable with IPv4. With IPv6 it is doable, but you have to chose cryptographic primitives that are not exactly state of the art, due to 128 bits being a bit short for cryptographic values, and not all of them even being available for that purpose.

Re:IPv6 would make the problem worse

[Paul+Jakma]

Ah, yes, of course, for the CAMs (or any other relevant longest-match index) you need to only store 64 bits at worst. Still, it's not the 5 fold saving.

The Cowen algorithm: Her original paper encodes landmark output ports in the label. That's not practical because of updating. However, with some added restrictions and at the cost of a slight amount of generality (e.g. not being able to work for every posssible graph, like pure star/hub-spoke graphs), you can eliminate that and have the addresses just be (landmark,node). You can do this by having nodes not build local clusters that are overly large, and so you can allow landmarks to also maintain local cluster routing tables - eliminating the output-port hack.

The (landmark,node) association need not change too often. Outages of links in the region between landmark and destination can be dealt with as they are today with routing - the scheme has full shortest-path routing in a region around each node. No need for the label to change. Outages that affect the path between the source and the landmark also similarly are dealt with like normal routing today. The one issue would be if there is a complete loss of a local cluster shortest-path route from the landmark to the destination. Then packets would disappear.

The end-node can at least be informed of this quite quickly, through the local cluster routing protocol (which can be a slightly modified BGP). Which is better than BGP today. Dealing with such issues of landmark redundancy, i.e., having associations with multiple landmarks, are perhaps better solved at a layer above the network layer. The theory shows that it is impossible to have both sub-linear routing tables AND full, global, shortest-path routing for /everyone/. If super-linear routing state is a problem you want to have solved, you have to give up something else.

Practice suggests that those who require redundancy at scale already seek to do so above the network layer. I.e. it is already good practice to locate redundant services on different prefixes precisely to guard against routing fsck-ups and failures. That suggests multi-homing in the "global prefix for one prefix" sense is not something that you should make too many other compromises for in any new routing architecture. Even with IPv4 which does do multi-homing for all to all, BGP multi-homing is not reliable enough to rely on. So it's probably better solved at the transport layer or higher, mediated at end nodes, and not complicate or compromise routing for it, as networks will still go and implement higher-layer redundancy anyway.

Indeed, by providing 2-way signalling in the routing layer, we can make the higher-layer redundancy solutions much better. Today if you advertise a prefix, you have no idea who has and has not received it, beyond your immediate neighbours. Even for your immediate neighbours, you still don't know if they have accepted the route. You can't really improve this in a routing system where all prefixes have global visibility, the communication and state costs would likely be unacceptable. However, in a Cowen Landmark routing scheme, we could at least provide an advertising node knowledge of which landmark nodes have working local cluster connectivity back to it. That's made possible because the scope is restricted, no longer global.

Note that the routing isn't source routing. Just because the address contains (landmark,node) doesn't mean the packet goes via the landmark. As a packet gets near to a landmark it may hit a node that already has the destination in its local cluster routing region, and so the packet goes shortest-path from there to the destination - potentially skipping the landmark. It's more two-stage routing, but each stage is shortest-path, per-hop routing. The 1st stage is routing the packet towards the landmark, the 2nd is when it hits a node with the destination in its local cluster (which, in the worst case, is the landmark).

On address sizes, that's a very interesting point about Teredo and 6to4. Ye

just ask carriers.

[nimbius]

googling verizon, comcast, and time warner it seems like their original pledge in 2012 to start rolling out ipv6 has quietly halted. most of their sites simply say "check back" while others imply certain undisclosed service areas may be exposed to both 4 and 6. forums are another story, with most customers and techs confirming the support exists, but either modems arent enabled to receive ipv6 due to bugs, or the support is broken in all-in-one devices in the case of DSL.

speaking from a linux neckbeard standpoint, i dont care. ive had competent functional v6 support for almost a decade and in many cases implemented it for pay. In my experience the problems associated with implementing v6 are related to companies angry about any downtime at all, or vendor specific appliances that just cant for some reason or another. they either lied about their ipv6 support, only partially support routing IPv6, or have egregious bugs in their implementation that cause stability problems in the rest of the network. Hosting providers have done an excellent job of supporting it from what ive seen, and most (with the exception of godaddy) are very generous in their IP offerings (i get 30 with ramnode.)

Re:just ask carriers.

[Geordish]

Comcast are actually doing very well in this arena. http://corporate.comcast.com/c... Their rollout plans are quite aggressive. John Brzozowski who works at Comcast gave an excellent presentation around 6 month ago in the UK about how they are rolling it out on their network. https://www.youtube.com/watch?...

Re:just ask carriers.

I'm on Comcast in the DC area and I seem to get IPv6 just fine with a Motorola Modem and an Airport Extreme.

Re:just ask carriers.

Comcast here in the Silicon Valley supports IPV6. I don't recall any fanfare about it when it hit my area (probably because unlike "doubling speeds", it's not very sexy and 99+% of their customers in most areas would have no idea what IPV6 is) so I have no idea when it became available (I've had Comcast for over ten years, so obviously it became active after I was subscribing).

Re:just ask carriers.

I have Comcast and have had an IPv6 address from them for over a year now. I hate Comcast for many reasons, but lack of IPv6 ain't one of them.

Re:just ask carriers.

Except the part where they deliberately don't upgrade their end of the backbone interconnects, so they can make bandwidth a false scarcity.

Re:just ask carriers.

TW is also rolling out. I have had an ipv6 address for about a year and a half now. They gave me a /64 for my 5 or so devices on my consumer line.

Most of the issues I have had with ipv6 have been my local router. ASUS has finally got it a point where it is stable and can run for more than 2 days without crashing my router (9 months so far without a reboot). With both Comcast and TW having good portions of their networks on IPV6 the bugs are getting worked out at a fairly good clip now. 2-3 years ago I would have said dont bother. Now though, it is not so bad.

from a linux neckbeard standpoint, i dont care.
Ah but you do. You wrote your tirade...

Also a side note. Please use upper lower case. It makes it difficult to read and detracts from your point.

Re:just ask carriers.

[Geordish]

Comcast are terrible in a lot of ways, I was only defending their aggressive IPv6 roll-out.

Re:just ask carriers.

[evilviper]

googling verizon, comcast, and time warner it seems like their original pledge in 2012 to start rolling out ipv6 has quietly halted.

Comcast needed IPv6 internally, so they have rolled it out, even if you can't get it. Others have replied saying they've got IPv6 from them, as well.

Verizon offers LTE service, which is ALL IPv6. They've got 6to4, of course, but you can natively access any IPv6 services via your LTE phone.

Re:just ask carriers.

[Just+Some+Guy]

I have Comcast, and have native IPv6 over my home-grade Internet connection. I can ping6 www.google.com from my autoconfigured laptop without problems.

I don't doubt that they're slow rolling it out everywhere, because when has Comcast ever been in a great hurry to upgrade their network? But here, at least, it works as advertised.

Re:just ask carriers.

1) I can confirm that where I am there is IPv6 from Comcast. BUT, it's DHCPv6 based. So don't expect and ICMP IPv6 router and prefix advertisements. You need a new modern device that will support this, which also includes a really big ass prefix that gets assigned to you (I think a /60 ! )

2) The way I read your statement is as if you're saying that LTE is natively IPv6. Perhaps you're saying that verizon has a V6 LTE offering. More likely their offering is "DSB" Aka "Dual Stack Bearer" which means you get an IPv4 and an IPv6 address. Still its nice that carriers are offering V6 - but I want to clarify that LTE support IP4, IPv6, and DSB (and so does UMTS/HSDPA/HSUPA/HSPA - but maybe not Verizon's crusty legacy CDMA network).

Re:just ask carriers.

[evilviper]

Verizon LTE is absolutely not dual-stack. You get no IPv4 address. Yes, LTE is capable of IPv4, but wireless carriers know they need more address space for the proliferation of devices, instead of their sad NAT, and I expect the others are not stupid, and are doing the same.

Re:just ask carriers.

[Sanians]

Just to add a "me too," I also have IPv6 support with Time Warner, which kind of surprises me as I live in the middle of nowhere and so I expected I'd be one of the last to see it.

Supposedly Time Warner is up to 10% deployment now, still behind Comcast's 30%, but no longer drastically far behind as they were in the past. http://www.worldipv6launch.org/measurements/ I think they were only at 7% the month before, but unfortunately that web site doesn't seem to keep the old data around.

It was quite hard to find that I even had IPv6. Time Warner's people don't even know what IPv6 is, so they can't tell you if you have it. My modem's status page has a line that says "Modem's IP Mode -- IPv4 Only" which for months made me think I didn't have it, but it turns out that that's irrelevant. Even after I discovered that IPv6 was there by using tcpdump and seeing IPv6 packets, it still took me all day to get Linux to recognize it and use it.

For some retarded reason, Linux doesn't accept IPv6 router advertisements when it is configured to route IPv6 packets. I still haven't figured out why anyone thought that it shouldn't. Doesn't a router need to know where to send its packets, and thus, it needs to accept router advertisements? Since I had been using a Hurricane Electric tunnel, and my computer had been routing IPv6 packets for the rest of the LAN, it was configured to be a router, and so it ignored my native IPv6. I eventually discovered there is a setting to make it accept router advertisements while also routing packets, but why it doesn't by default is a real mystery.

Pretty much everything I've done with IPv6 has been like that. The support is kind of there, but since it hasn't seen widespread use, the bugs haven't been worked out. Like router firmwares, even the open source ones, they may claim to support IPv6 but in reality it's just glued on and barely makes an appearance in the UI and where it does it often doesn't work correctly, like you can click on an IPv6 address that's a link to set up a static DHCP lease, but the page you're taken to to set it up has a text input field with a max length that doesn't permit the address to fit, and indeed even if it did it wouldn't work anyway.

The only thing I found that really works well is using pfSense, but even it has a few issues, like its inability to use DHCPv6 on your LAN if you obtained your IPv6 address via DHCPv6 (which you almost certainly did, as that's just how ISPs distribute addresses, even when they're static).

Anyway, while the ISPs have been dragging their feet on IPv6 for a long time, I don't think the router, application, and OS support is as great as everyone thinks. Seems more like it's just easy to pretend that it is since there's no IPv6 for anyone to use them with to know any differently. Indeed, it's likely part of the problem. If you're adding IPv6 support to something, the best you can do is test that it works with your specific IPv6 configuration, and so you'll know it works great with a Hurricane electric tunnel, but it isn't until someone tries to use it with native IPv6 that you'll figure out stuff like that routers need to accept router advertisements too.

Re:just ask carriers.

[Dagger2]

/60 is actually pretty small; RFC 6177 basically says you should be getting /56 or bigger.

Though it's certainly better than the one /64 that far too many ISPs are doing (or the "no routed space whatsoever, on-link only" that way too many datacenters do...).

Re:just ask carriers.

[kasperd]

Nice to see somebody knowing what they are talking about. I am wondering if those allocating only a /60 to each customer does so due to using 6rd. If 6rd is being deployed on top of fragmented IPv4 address space, it becomes impractical to give each customer more than a /60.

I assume we agree, that taking the /60 you can get is better than staying on IPv4-only while you wait for a provider to offer a /56 or /48.

Re:just ask carriers.

[Dagger2]

Comcast's is native. AT&T's deployment is 6rd, where a /60 is justifiable, but all Comcast needed to do was write "56" in their config files rather than "60"...

A /60 is definitely better than nothing, yeah, and probably enough for 90% of people these days. But that's not what we should be targeting. We should be targeting "enough for pretty much everybody", and "for the foreseeable future" -- including for any new, fun things that become possible because of easily-available address space.

Re:just ask carriers.

[kasperd]

all Comcast needed to do was write "56" in their config files rather than "60"...

One has got to wonder if that's how it happened. Did some admin arbitrarily decide to write 60 in a configuration file, where he could/should have written 56, and then that was how it was going to be? Or did a lot of bean counters get together and decide on a policy (possibly not even based on real data), and then admins had to implement it like that without asking questions.

But that's not what we should be targeting. We should be targeting "enough for pretty much everybody", and "for the foreseeable future" -- including for any new, fun things that become possible because of easily-available address space.

Even in many areas where there is tough competition among ISPs, it is hard to find even one trying to capture those customers, who want IPv6. That's how bad it looks today. And that's why I would happily take a /60. Hopefully once IPv6 is the norm (which it likely will be before the end of the decade), the ISPs will start competing on prefix lengths as well.

I can't yet imagine what I would use more than a /60 for. But if I get a /60, I might soon come up with ideas on how to use a /56. All it takes to get that competition among ISPs started is two people independently of each other coming up with something really cool you can do to put your entire /60 to use.

Re:just ask carriers.

[Dagger2]

They're giving /56 to business customers... I can only assume they sat down and worked out what allocation sizes would be reasonable, then deliberately picked the next size down, because we couldn't possibly have good service from an ISP.

I can't yet imagine what I would use more than a /60 for.

I've got a router here that supports two guest wifi networks, so that's 3 /64s already. Throw in one or two people using VMs with routed networks and maybe a son that went and plugged a second router in behind the first (which is generally dumb, but it ought to work) and suddenly you're looking at half of that /60 gone, and you've already had to throw away aggregation and nice rDNS sub-delegation to get it.

And that's just the stuff people are using today. I have no imagination, so I have no idea what we might get in the future if we actually had the infrastructure to support it.

Re:just ask carriers.

[kasperd]

because we couldn't possibly have good service from an ISP.

Don't most ISPs sell good service at a premium? I think that was the entire point with having poor service in the first place. The only other reason I could imagine would be to drive customers to the competitors, and that doesn't seem to make sense from a business point of view.

I have no imagination, so I have no idea what we might get in the future if we actually had the infrastructure to support it.

I can come up with a couple of additional usages for some /64s. One /64 could be used to harden your recursive DNS resolver against poisoning. The 16 bit transaction ID in DNS is way too small. The entropy you can get from randomizing port numbers help a lot. But you will still only get a total of 32 bits of entropy that way. Some have gone to great lengths to squeeze extra entropy into a DNS request, for example by mixing lower case and upper case in the domain. But that doesn't give a lot of bits. If you allocate a /64 to the recursive DNS resolver, you can put 64 bits of entropy into the client IP, which instantly gives you more than a doubling of entropy almost for free.

A modern OS is a multi user system, imagine if each user could get their own IP address. You could allow users to use privileged port numbers on their own IP address, and all port numbers on their IP address would be protected from usage by other users. You could do this by responding to neighbor discovery for as many IPs in your link prefix as you have users on the node. But a more secure and more efficient approach would be to route a prefix to each node.

Re:just ask carriers.

[Dagger2]

The odd thing is that they don't. Want a bigger allocation on Comcast? I guess you could buy Comcast Business, but that's inappropriate for residential use (it's a business account, after all)... and even that only gets you a /56. If you want more than that, I don't think you even have the option to pay for it. More v4 addresses? 95% of ISPs won't give you that, regardless of how much you're willing to spend. (Of course exhaustion is beginning to justify this, but these are the same ISPs that claim they "have enough v4 addresses to not need v6", so presumably they have enough.) Some ISPs will sell you a static IP, but not many. rDNS? Snort.

Ipv6 to ipv4 interoperability is only way

[Eravnrekaree]

The fact is, TCP v6 was defective by design, because of what it does not have, and that is a mechanism for a long transition period between ipv4 and ipv6. If we had such transition period, ipv6 would now be widespread. The transition period means that ipv4 and ipv6 networks can communicate with each other. Making Ipv6 talk send packets to an ipv4 network is easy: give the ipv4 address block a subset of the ipv6 address block. The more complex but entirely doable part is ipv4->ipv6. Since ipv6 is larger address space than ipv4, ipv4 cannot directly see a lot of ipv6 addresses. The answer lies in the DNS system. When a user on an ipv4 network askes for the IP address associated with a DNS address which only has an ipv6 address associated with it, somewhere upstream, an upstream router and DNS server will conspire to 1) give the user (ipv4 peer) a fake IPv4 address for a DNS address 2) give the information on the ipv6 to fake ipv4 mapping to the router 3) which the router uses NAT to rewrite the packets headed out from from the fake ipv4 destination address to the real ipv6 destination address. Ipv6 packets headed in would be rewritten to ipv4 replacing the ipv6 source address with the fake ipv4 source address. Each ipv4 peer should be able to re-use the same block of ipv4 fake addresses, the mappings can be done on a per ipv4 peer (user) basis. Using this, its also possible to give ipv4 clients direct access to ipv6, using an .ipv6 DNS TLD, which can be used in the form .ipv6. You could even write an HTTP and other application protocol proxy that would automatically rewrite all ipv6 addresses in HTML with ipv6 TLD addresses. This makes ipv6 a upstream ISP thing rather than something that affects things on the users end, greatly simplifying things.ISPs as a complementary measure could also offer 6over4 gateways as well, and then over time transition to allowing raw ipv6 over their networks, a transition which can be gradual.

Re:Ipv6 to ipv4 interoperability is only way

[angryfeet]

Yeah, I think 127.x.x.x would be good for temporary IPv6 mappings.

Re:Ipv6 to ipv4 interoperability is only way

So you propose changes which would require a massive rollout of updates to equipment and infrastructure/protocol changes. Correct me if I am wrong but if we could manage to do that would we already be switched over to ipv6?

Re:Ipv6 to ipv4 interoperability is only way

[AndroSyn]

First of all, paragraphs are your friend.

Second of all, the solution you described already exists.
https://en.wikipedia.org/wiki/...

On that same page, there are a bunch of other solutions as well, this has already been thought of :)

Re:Ipv6 to ipv4 interoperability is only way

Yup, unless some sort of usable interoperability between IPv6 and IPv4 is thought up and rolled out, the transition will take a very long time. In fact, it might never even happen, and we'll just end up with two separate Internets!

The problem as stated is that IPv6 is NOT an upgrade to IPv4. Saying that it is would be like saying Windows is an upgrade for Solaris, or Linux is an upgrade for VMS. They are completely different things with no commonality at all.

This transition will be no different than moving from IPv4 to IPX/SPX or from Windows to VMS - You can't keep *anything* from IPv4, everything has to go.
The problem is, there is too much embedded infrastructure to just rip out all the old stuff and replace it, and a lot of old things don't have an IPv6-capable replacement.

This is the gigantic elephant in the room that is still being ignored, and until it is dealt with, people can harp on about address exhaustion as much as they like, but this transition will not happen; You will just have two incompatible networks running side by side.

Re:Ipv6 to ipv4 interoperability is only way

[oodaloop]

Can't figure out if you were going Insightful or Funny.

Re:Ipv6 to ipv4 interoperability is only way

The elephant is being ignored because it is not there. IPv6 provides the interoperabillity you ask for. I have no idea where you heard that FUD.

Re:Ipv6 to ipv4 interoperability is only way

[rev0lt]

I have no idea where you got that information. Check http://www.tcpipguide.com/free...

Re:Ipv6 to ipv4 interoperability is only way

[Eravnrekaree]

Theoritically, any block of Ipv4 addresses outside of the local subnet could be used, if an ipv4 address is used as a fake address, and then the user asks DNS address which happens to resolve to a real IPv4 address with the same number, then, the same NAT trick could be used with a mapping between created between another temporary local ipv4 address to the real internet ipv4 address which was already being used locally as a fake ipv4 number. Though, I would only recommend that be used as a fallback if 127.x.x.x is used up. A small part of the of RFC 1918 addreses could also be allocated for the pool of fake ipv4 address, such as maybe 172.20 and 172.21, giving a pool of 131072 ipv4 addresses, plenty for most use cases. I doubt most people will have that many TCP connections at once. Since 127 is not used for local networks, it is the best choice however as the first choice. Again, 127 is so large, i doubt most users would ever exhaust it, especially if the fake ipv4 mappings are timed out after a period of maybe 1 -7 days or so.

Re:Ipv6 to ipv4 interoperability is only way

[marka63]

Until there is sufficient IPv6 penetration that continuing to run IPv4 becomes pointless. If you turn on IPv6 on home networks over half the incoming traffic will be IPv6 traffic. Globally IPv6 is 4-6% IP traffic depending upon where you measure it. IP has replaced many networking protocols in the past. IPv6 will replace IPv4. The writing is already on the wall.

Many networks today are IPv6 only internally with protocol translation to talk to the legacy IPv4 Internet.

Other are dual stack translated to IPv6 only then translated back to dual stack on the Internet.

With IPv4 you are only going to get less and less functionality now that many ISP's are getting to the stage of having to deploy CGNAT. As a home user having a publicly reachable address will become a thing of the past.

Re:Ipv6 to ipv4 interoperability is only way

[Eravnrekaree]

My solution is the one that would actually allow ISPs to gradually upgrade things over time rther than to replace everything at once, by allowing the interoperation. Its a lot easier if the changes are concentrated at the ISP end rather than effect subscribers as well. Its true that over time as due to the turnover of ipv4 older routers, that ISPs could gradually replace the subcribers routers with newer models. It would also be possible even for ISPs to collect older routers, flash them with new firmware, and put them back out, in the process of customer turnover cancellations and signups. The whole point is the solution i describe gives ISPs a transitiion period.

Re:Ipv6 to ipv4 interoperability is only way

[WaffleMonster]

The fact is, TCP v6 was defective by design, because of what it does not have, and that is a mechanism for a long transition period between ipv4 and ipv6. If we had such transition period, ipv6 would now be widespread. The transition period means that ipv4 and ipv6 networks can communicate with each other.

It's 2014 ... can we all just take a breath and realize there is simply NO solution to the pigeonhole problem that does not resemble CGN?

The only operationally viable solution for IPv6 deployment in a production environment (e.g. solution with minimal breakage) is dual stack with IPv4 CGN as needed.

The more complex but entirely doable part is ipv4->ipv6. Since ipv6 is larger address space than ipv4, ipv4 cannot directly see a lot of ipv6 addresses. The answer lies in the DNS system. When a user on an ipv4 network askes for the IP address associated with a DNS address which only has an ipv6 address associated with it, somewhere upstream, an upstream router and DNS server will conspire to 1) give the user (ipv4 peer) a fake IPv4 address for a DNS address 2) give the information on the ipv6 to fake ipv4 mapping to the router 3) which the router uses NAT to rewrite the packets headed out from from the fake ipv4 destination address to the real ipv6 destination address.

While your deploying NAT-PT and fielding calls from angry customers burned by IP literals embedded in web sites and protocols your competitors are just deploying IPv6 dual stack and calling it a day.

You could even write an HTTP and other application protocol proxy that would automatically rewrite all ipv6 addresses in HTML with ipv6 TLD addresses.

As https deployment continues to increase suggesting solutions applicable only to http sites is not operationally viable to say nothing of added systems and operational costs of deploying proxy servers to facilitate more hackery.

ISPs as a complementary measure could also offer 6over4 gateways as well, and then over time transition to allowing raw ipv6 over their networks, a transition which can be gradual.

Or just deploy IPv6. The complexity and cost at scale of these hacks are worse than dual stack deployment.

Re:Ipv6 to ipv4 interoperability is only way

[Bengie]

Your "solution" is a bunch of horrible hacks that don't even work with DNSSEC. Essentially you have "NAT" functioning at the DHCP+router+DNS level, all conspiring to mangle packets in concert.

Re:Ipv6 to ipv4 interoperability is only way

[Bengie]

IPv6 traffic is growing 300% every year and IPv4 traffic is only growing 50% every year. Give it a few more years. Once the tipping point is reached, IPv6 will become center stage.

Re:Ipv6 to ipv4 interoperability is only way

[Bengie]

Opps, meant 3x faster than IPv4, which is about 150%, not 300%.

Re:Ipv6 to ipv4 interoperability is only way

[Dagger2]

Your solution is to a problem that doesn't exist. v6 already supports a gradual rollout and transition period: all you have to do is roll it out without disabling your existing v4.

Re:Ipv6 to ipv4 interoperability is only way

[kasperd]

I have a fully working system similar to what you describe.

Theoritically, any block of Ipv4 addresses outside of the local subnet could be used

Squatting on global unicast space would not be a good idea at this time. You still want to be able to communicate with existing IPv4 backbone. Once the IPv4 backbone is ready to be deprecated, such a system could start reusing global unicast space.

Until then, RFC 1918 addresses do work just fine for the purpose. RFC 6598 addresses might be better, I haven't tested yet. Addresses from the reserved class E address space won't work well for this purpose. I tested and found that it works with some systems, but other systems refuse to communicate with peers on class E addresses.

a pool of 131072 ipv4 addresses, plenty for most use cases.

Depends on how large a network you deploy it to. For a single broadband connection, that size is plenty. But I don't think it would be sufficient, if you want to cover an entire ISP. If you can find me a network that want to deploy it, I'll tell you how far that pool size scales.

I doubt most people will have that many TCP connections at once.

In the end, the number of TCP connections won't even matter.

Since 127 is not used for local networks, it is the best choice however as the first choice.

127.0.0.0/8 has special meaning in practically every IPv4 stack. Trying to redefine that won't work well.

Re:Ipv6 to ipv4 interoperability is only way

[kasperd]

Your "solution" is a bunch of horrible hacks that don't even work with DNSSEC.

That didn't stop DNS64+NAT64 deployments. DNSSEC is not widely deployed, which is why IPv6 transition mechanisms that are incompatible with DNSSEC would still be usable. DNSSEC also hasn't solved the amplification attacks problem yet. I'd love to see DNSSEC deployed, but I am personally not going to put much effort into DNSSEC until the day I no longer have to worry about IPv4.

Essentially you have "NAT" functioning at the DHCP+router+DNS level, all conspiring to mangle packets in concert.

Turns out it still works better than carrier grade NAT.

Re:IPv6

You have no idea what you are talking about. Two words: prefix aggregation.

Oh, that explains things.

[eddy]

Probably why I couldn't reach NeoGAF for most of yesterday, unless I went through tor. Which I did, because I'm a man and I have my needs.

And how does IPv6 solve this issue?

[Sycraft-fu]

This is a real question: Do you know what IPv6 does instead of BGP? Because as far as I know, IPv6 is still using BGP, and that is what this is a problem with. In fact I can only see IPv6 making things worse in that regard because tons more address space means that more AS assignments would be easy to do.

So if it really does offer a solution, please enlighten me I'd be very interested. If this is just an example of trying to use a problem to push a favoured agenda, then please knock it off.

Re:And how does IPv6 solve this issue?

Because the IPv6 address space is in theory large enough that aggregation is supposed to work correctly.

(Unfortunately all goes a bit down the toilet when everyone want's their own small chunk of PI address space, but it was originally intended that the aggregation would work more spoothly than in ipv4)

Re:And how does IPv6 solve this issue?

So spooth you can eat it with a spoon ;)

Re:And how does IPv6 solve this issue?

[Vegard]

Address space is large enough unless we do something seriously fucked up. The IPv6 adress space has enough Ip-adresses that every atom of the surface of the earth can have 40.000 adresses.

Or, to divide it up a bit:

A "local network" will probably get a /64. This is *enough*, trust me, it's so much addresses that it can comtain the entire ipv4 address space - SQUARED. Noone will ever need more adresses than that in a local network.
A typical "end site" (a company, or even maybe a home user) would probably get a /48, or 65536 local networks. Again, *enough*.
An ISP would very often have one or perhaps several /32s. That means it can have 2^16 = 65536 "customers" who each have enough ip-adresses.

However, there are recommendations to limit the assignments for "home" users to /56. This makes for only 256 local networks in your home.

So if an ISP has a /32, we can imagine the following example:
Half of it, that is a /49, is allocated in /48 networks, allowing for 32768 corporate customers.
The other half of it is allocated in /56s, allowing for 32768*256 = 196608 home users.

Currently, one /3 is allocated to global unicast adress space. This gives space for 2^(32-3)=2^29 = roughly 534 million ISP allocations. Or, in another word, approximately one ISP per 10th of todays inhabitants in the world.

There are several /3s not yet allocated.

I guess there is enough.

Re:And how does IPv6 solve this issue?

[pla]

Yes IPv6 still uses BGP, but in a way that favors greatly reduced fragmentation.

Take a look at BellSouth's list of announced prefixes for a pretty egregious example of this - Notice anything "funny" about it? They could reduce that list of almost 3000 down to under a hundred.

Re:And how does IPv6 solve this issue?

[marka63]

Multiple address, source address routing and multi path TCP will address lots of the reasons people want PI addresses today. IPv6 has enough addresses to make that mix of technologies a viable solution space. IPv4 is too resource constrained to make that a viable solution.

Re:And how does IPv6 solve this issue?

Indeed. What the fuck's wrong with them?

Starbucks (and probably numerous others) do the same thing:
http://bgp.he.net/AS62566

Re:And how does IPv6 solve this issue?

[kasperd]

In fact I can only see IPv6 making things worse in that regard because tons more address space means that more AS assignments would be easy to do.

In reality it works the other way around.

With IPv4 there is a shortage of addresses, so ISPs haven't been getting extremely large blocks. They have been getting blocks just large enough to get by for another year, then they could get another block. Renumbering from multiple smaller blocks into a larger block isn't an option for IPv4, because there isn't enough available address space to shift things around.

With IPv6 an ISP can get a single block, which is large enough for years to come. And the address space around it is being kept free by the RIR, such that should the ISP need more space, their existing block can simply be made larger.

This means an ISP that have 20 different IPv4 blocks announced individually could support the same number of customers with a single IPv6 block. On average each AS announcing IPv4 space announce five times as many IPv4 prefixes as the number of IPv6 prefixes announced by those prefixes announcing IPv6 space.

This is all due to the HD-ratio of IPv4 having been pushed way above the reasonable threshold. IPv6 is designed to work with an HD-ratio of only 80-90%.

Re:Betteridge

[BitZtream]

Except that this has nothing to do with IPv6. IPv6 will do nothing to resolve this problem and will in fact make it worse because the problem itself is due to a router not having enough RAM and nothing about IPv6 results in less RAM usage.

Sure, we should get on the IPv6 bandwagon, well, except it sucks right now and can lead to some annoying connectivity issues when sites are misconfigured, or setup IPv6 and then forget about it so you're trying to connect to an IPv6 address thats no longer used because no one bothered to update DNS ... or their IPv6 connection is through one of their shitty over saturated links.

My ISP does IPv6, as does all my equipment. I had to disable it so that the rest of my family doesn't wonder why random sites don't work on their PC but work fine on their phone and while I can't remember the ones off to the top of my head, there are some big ones that regularly fuck up. Hell, even Google's IPv6 connectivity is shoddy at times.

Re:IPv6

[EvilJoker]

Why would that be different than with IPv4? Prefix aggregation, AKA route summary, AKA Supernetting, has been available for a very long time. Unless IPv6 addresses are being handed out in a way that's much more conducive to this, it won't really change anything. This guy agrees (#4)

Further, since IPv6 is a longer address, fewer can be stored. Per Cisco, the Catalyst 6500 can handle 1M IPv4 addresses, OR 512K IPv6 addresses (but not both simultaneously)

(Yes, I know the Catalyst is a switch, not a router, and the summary is bollocks for confusing the two. It was, however, the first mention of it I found)

Re:IPv6

[Dagger2]

Unless IPv6 addresses are being handed out in a way that's much more conducive to this, it won't really change anything

Which they are, as a direct result of v6 being so huge. See RFCs 1715 and 3194 for discussion on this.

Obviously in the long run we'll end up with a higher absolute count of routes in v6 (because supporting more people was the other reason for it) but the route count will scale far better than a network that has to be run at a ridiculously high HD-ratio because it's too small.

Re:IPv6

Unless IPv6 addresses are being handed out in a way that's much more conducive to this... etc

They are, that's the whole point. You get your prefix from your upstream and they won't route anythhing else. If you change providers you change prefix, and IPv6 has specific provisions to facilitate that.

Re:Betteridge

One of the design goals of IPv6 was to reduce the size of the global routing table. That's why there are so many more addresses in IPv6 than there are ever going to be devices. Each provider gets so much address space that nobody needs to come back for more. That means there's no address space fragmentation due to address scarcity, like there is with IPv4, where providers usually have dozens or hundreds of separate allocations which can't be aggregated and must all be entered into the global routing table. IPv6 addresses are four times as long as IPv4 addresses, but there are far more than four times as many routing table entries per ASN with IPv4 than with IPv6

Re:Betteridge

It's Betteridge's Law of Headlines and it doesn't apply: The question isn't in the headline.

Re:IPv6

Obviously you don't either.

Implementing IPv6 will not mean that IPv4 disappears by magic. It will stick with us for a long long time. So no, although aggregation is already happening, it will not solve the resource problems we have with routers.

Lack of incentives...?

[beh]

To some degree obviously, there is a lack of incentives for ISPs to change - if they still have enough addresses for themselves, then switching to IPv6 is only costs, not benefits.

Maybe some of the larger sites, like youtube, facebook, wikipedia should have a meeting to discuss the switch-over and then start shaping IPv4 traffic - just reduce capacity on IPv4 by 5% every month and see how long it will be, before ISPs will lose customers if they DON'T switch to IPv6...

Re:Lack of incentives...?

[macromorgan]

ISPs have no competition, but Youtube, Facebook and Wikipedia do. The only thing those sites would do is shoot themselves in the foot while trying to force an immovable object to bend to their will. Lobbying the FCC on the other hand, that could actually affect change. It would be in the best interest of everyone (excluding short term investors in the various ISPs), with networking equipment manufacturers poised to win the biggest. I think it's all moot though, as Comcast is reportedly very far into their IPv6 rollout, as is Time Warner Cable (I have full dual stack at home with my TWC service). AT&T reportedly has rolled theirs out too, but some customers have experienced issues as the MTU setting is different on IPv6 as it is for IPv4. I also know first hand that Verizon Wireless runs dual stack over their LTE network. At this point, I think it's really just getting the proper equipment in the hands of customers that is the hindrance.

Re:Lack of incentives...?

Wikipedia has competition? From whom?

Re: Lack of incentives...?

I think Facebook and YouTube have enough clout.

Re:Lack of incentives...?

[Dishevel]

Lobbying the FCC on the other hand, that could actually affect change. It would be in the best interest of everyone (excluding short term investors in the various ISPs), with networking equipment manufacturers poised to win the biggest

You know I was just talking with the wife last night about how of all the government agencies the FCC has always listened to the people and done the right thing,

The only truth there is the really surprising one. A /.er with a wife.

Re:Lack of incentives...?

[arth1]

The only truth there is the really surprising one. A /.er with a wife.

Wives are like PCs. If you need one, you need several. And you can always hack someone else's to use.

Re:Lack of incentives...?

[Bengie]

New IP rules are going into affect where you must PROVE every year that you need your IP addresses, otherwise they will be forcefully reclaimed. Transfer of IP address will now be charged $5 per address. They're going to start ramping up IPv4 costs to encourage ISPs to switch.

Imagine if your business suddenly lost internet connectivity because your IP blocks have been reclaimed. You're going to be down until you can find an alternative solution. Enjoy.

Re:Lack of incentives...?

[kasperd]

Imagine if your business suddenly lost internet connectivity because your IP blocks have been reclaimed.

Who is going to configure their backbone routers to reject announcements from parties who got their addresses reclaimed for such reason? I don't see an incentive to reject those announcements, hence the reclaiming won't have any immediate effect.

Re:IPv6

[Geordish]

Why would that be different than with IPv4? Prefix aggregation, AKA route summary, AKA Supernetting, has been available for a very long time. Unless IPv6 addresses are being handed out in a way that's much more conducive to this, it won't really change anything. This guy agrees (#4)

He is kinda correct, but the RIR's have come up with addressing plans to deal with this.
My info comes from the RIPE region, as its the region I'm in.

Every ISP gets assigned a /29 minimum. This is 2^35 networks (assuming you are using a /64 per network as recommended). If you prove you need more than a /29, fine, you can have it.

The next 3 bits are then reserved for future use. You use up your initial /29? Fine, increase your subnet mask to /28 and carry on. This doubles you address space. Carry on until you are at a /26. That is a LOT of room for growth.

In the IPv4 world this isn't possible. You get your allocation. You run out. You get another etc. Verizon are currently announcing 1,446 IPv4 prefixes from AS701, compared to the 12 IPv6 prefixes. Of the 12 IPv6 prefixes 5 of them are the one prefix they have deaggagated, the rest are customers with PI space.

You have a point about the near term, but long term once IPv4 has died a death (10+ years) the routing table will shrink again.

No transition period?

[dbIII]

No transition period? We are about fifteen years into that transition period, and it has sucked immensely with things like the requirement of man in the middle stuff like Skype just to get VoIP to work on an internet infested with NAT.

Re:Betteridge

[devman]

Also routing only occurs on the first 64-bits of an IPv6 address, the router doesn't need to store the host last 64-bits of an IPv6 address.

Re: IPv6

[jrumney]

In the early days IPv4 addresses were handed out in a way that kept routing tables simple, but some time about 10 or 15 years ago we started to run out of blocks that were in the right range, so started allocating them all over the place. It will take us several lifetimes to get to that stage with IPv6.

Re:Betteridge

[Bengie]

Core routers only use the first 48bits as that's the smallest block that is routable on the Internet. Which is why IPv4's /24 vs IPv6's /48 explains the routers supporting 1024K IPv4 routes or 512K IPv6 routes or a 512K/256K split. Exactly 2x difference. But IPv6 has sparse allocations resulting in about an effective 10x reduction in the number of routes.

IPv6 won't fix this problem

[Paul+Jakma]

This particular problem is due to the way routing on the Internet works, where generally every router must hold routes for every prefix announced on the Internet. That system doesn't change with IPv6. Now, there might be fewer IPv6 prefixes at this time than IPv4, but intrinsically there's nothing about IPv6 that addresses the problem that all prefixes must have global visibility.

To fix this kind of problem requires changing how routing is done.

Re:IPv6 won't fix this problem

[JesseMcDonald]

Now, there might be fewer IPv6 prefixes at this time than IPv4, but intrinsically there's nothing about IPv6 that addresses the problem that all prefixes must have global visibility. ... To fix this kind of problem requires changing how routing is done.

IPv6 is intended to change how routing is done. The larger addresses make it easier to allocate prefixes hierarchically, as opposed to the smaller blocks which must be joined together for IPv4. For example, top-level prefixes could be naively assigned by combining 8 bits of latitude with 10 bits of longitude to create 256k /18s each covering approximately 800 square miles. Each /18 would have room to allocate each of up to ~1 billion customers a /48 prefix composed of 64k /64 subnets, each having 2**64 unique addresses. The resulting routing tables should be highly compressible; for example, there would probably be a single preferred route from a given location for all packets destined for a particular country or state. Only the closer destinations would need individual routes.

Re:IPv6 won't fix this problem

[Paul+Jakma]

See my reply to your sibling comment. Yes, people looked at geographical assignment and routing. No, this wasn't ever rolled out for IPv6.

Geographical routing could have worked well in some contexts, e.g. in regulated Internet connectivity markets, where some monopoly carrier controls end-access and is required to provide whole-sale access to other, virtual ISPs. This is the case in at least several European markets, where the monopoly carrier is the former state telco (Ireland, UK). With geographical routing my packets to another host on, say, the same telephone exchange as mine, could have take a direct route. Sadly in at least both those markets, the monopoly carrier instead encapsulates packets and delivers them to the virtual ISPs and the virtual ISPs have to exchange the packets - meaning packets to my next-door neighbour might have to go hundreds of miles to my virtual ISP, then a further distance to a large Internet exchange, then back to their virtual ISP, then hundreds of miles back to my neighbour. The packets in the flow to my geographical neighbour pass by each other in the same switch near us both, while taking a detour hundreds of miles. Very inefficient.

Generally though, geographical routing would have been very very hard to make work. It is simply not in most ISP or network operators' self-interests.

Possibly better would be using topographical-landmarks (i.e. nodes or ASes important because of some property of their place in the network - not geographical) and using those to implement a hierarchy, while still giving routing flexibility to not have to strictly follow hierarchies. E.g. some scheme based on Lenore Cowen's compact routing work. The issue there is in making it practical.

Re:IPv6 won't fix this problem

[Paul+Jakma]

People looked into geographical routing for IPv6. It never went anywhere though. Today, IPv6 address assignment and routing works pretty much like IPv4.

Re:IPv6 won't fix this problem

[raxx7]

While BGP routers need to know route for every prefix, they can then can compress the routing table, by merging prefixes which have the same routing.
The problem is that the IPv4 address space is too fragmented to allow much compression.

IPv6 address allocations should allow for less fragmentation and better compression.

Re:IPv6 won't fix this problem

[Paul+Jakma]

This isn't a huge win. It can provide only a constant improvement. Further, if IPv4 was fragmented, then it'd compress better than IPv6 - there would be more IPv4 prefixes going to the same destination.

Re:IPv6 won't fix this problem

[kasperd]

Further, if IPv4 was fragmented

IPv4 is fragmented.

then it'd compress better than IPv6 - there would be more IPv4 prefixes going to the same destination.

IPv4 prefixes going to the same destination only compress well, if they are neighboring prefixes. If no two neighboring prefixes go to the same destination, then it doesn't matter how many prefixes go to the same destination, it still won't compress at all.

Re:IPv6 won't fix this problem

[Paul+Jakma]

If IPv4 is fragmented it's primarily because of "short-sighted" initial allocations, the tight space of IPv4, growth and time. I.e. some network got a prefix covering X space, ended up needing more space eventually. Enough time had passed that it was no longer possible to get a prefix covering their original space and new space. So now one AS has is using 2 non-contiguous prefixes for its network, that it has to advertise. Both prefixes go to the "same" place, as far as Internet routing is concerned.

This problem is less acute in IPv6, because it's been around for far less time and the address space is much bigger, so the pressures of compaction and growth aren't there like in IPv4. So, on this factor, we should expect IPv4 to compress more than IPv6.

The other kind of routing table compaction is due to serendipitous next-hop sharing for ranges of prefixes. E.g., prefixes for European networks are more likely to assigned by RIPE, so if you're "far" away from Europe in network terms, then there's a better chance that there'll be a number of adjacent prefixes for European networks that will share nexthops and can be compressed, etc. Personally, I don't see why there'd be any huge difference between IPv6 and IPv4. IPv4 does have legacy allocations, pre-RIR, where there might not be these prefix-range to network topology correlations, so perhaps it'd compress ever so slightly less than IPv6.

Still though, my understanding of the theory behind this is that this type of compression can only give linear savings in number of routing table entries. Which means it can't ever "fix" the problem, in terms of fundamentally changing the mode of growth of routing tables in response to network growth. To "fix" this problem, you need routing tables that grow more slowly than linearly, with respect to the size of the network. To the best of my knowledge of the theory, this is impossible with any form of guaranteed-shortest-path routing.

Re:IPv6 won't fix this problem

[kasperd]

If IPv4 is fragmented it's primarily because of "short-sighted" initial allocations

Those allocations should be the least fragmented ones around, so blaming those allocations for fragmentation is a bit of a stretch. As far as short-sighted goes, it is not clear to me that IP stacks at the time would have supported doing the allocations differently. Moreover, two decades ago it was clear that IPv4 wasn't viable as a long term solution. Should we really blame problems we have no on decisions made back then? I'd say if any decisions were to be blamed, it would be those causing IPv6 deployments to get postponed.

The other kind of routing table compaction is due to serendipitous next-hop sharing for ranges of prefixes. E.g., prefixes for European networks are more likely to assigned by RIPE, so if you're "far" away from Europe in network terms, then there's a better chance that there'll be a number of adjacent prefixes for European networks that will share nexthops and can be compressed, etc.

It is true, that this approach should reduce the number of table entries you need to put in the CAM. But at the same time, since the efficiency of this depends on where you are, the expected outcome would be that failures would be much more spread out over time and not happen all at once. Is this sort of compression widespread, and if it is, then why the simultaneous failures? Is this a matter of the rate of failures being tied to the rate at which the number of announcements grows? If so it wasn't one particular announcement that pushed the Internet over the limit, but rather that as 15k new announcements made it around the world about 2.5k of them happened to push one AS over the limit.

To "fix" this problem, you need routing tables that grow more slowly than linearly, with respect to the size of the network. To the best of my knowledge of the theory, this is impossible with any form of guaranteed-shortest-path routing.

Maybe more work needs to go into the principle of keeping the intelligence at the end-points rather than in the core. Maybe source routing is the way to go, we just need to figure out how to make it secure and not require prohibitively large packet headers.

Re:IPv6 won't fix this problem

[Paul+Jakma]

I don't know if there are vendors who use this kind of compression to save CAM memory to be honest. On the one hand it saves memory, on the other it adds complexity.

On the last point, yes, be good to see more work on this.

Re:IPv6 won't fix this problem

[kasperd]

On the one hand it saves memory, on the other it adds complexity.

At least it would be complexity in software. That's better than complexity in hardware. If that additional complexity would be the only way to keep some already deployed hardware functioning, it might be worth it.

Re:IPv6 won't fix this problem

[Paul+Jakma]

Well, not just software costs. You may have to update the CAM more often. E.g. a change of nexthop for one prefix might demand that a compressed CAM entry has to be split up into several entries. Alternatively, it might mean several CAM entries can be consolidated into one. Next, you don't know how often that will happen - a prefix that just got compressed might get split quickly, and vice versa, or it might go back and forth a lot. So you could be doing a lot more updates to the CAM than otherwise. Whether that matters, I really don't know. :)

Re:IPv6 won't fix this problem

[kasperd]

a prefix that just got compressed might get split quickly, and vice versa

There is no need to combine the routes, if there is still free entries in the CAM. Once the CAM is full and another entry need to be inserted, the pair which has been a candidate for combining for the longest time can then be updated. That algorithm would keep the number of updates down.

However as the number of routes approach the limit of what can be handled, even with combination of routes, the frequency of updates needing to combine and split entries will go up. It may be they are already doing this, some sources say the problem did cause reduced performance, which would be consistent with such behavior.

Re:Betteridge

[BitZtream]

That doesn't solve the problem, it mitigates ONE aspect of the problem.

It will effect large ISPs with large numbers of IPs, which are few and far between.

It does nothing to resolve the actual problem of router table growth which is caused by the number of networks, multihoming and address portability.

Multihoming and address portability make what you've said irrelevant, and thats where the growth comes from.

Re:Betteridge

[DickBreath]

The Mayans had predicted that we would run out of IPv4 addresses in 2012 -- and they were right.

SDN

[TheSync]

With SDN, an infinite number of prefixes can be stored on the SDN controller, and the Internet router only needs to load prefixes into the router TCAM when there is actually a flow needed for that prefix.

Re:SDN

Sounds CPU intensive and slow.

Re:SDN

[adri]

There was and likely is some hardware that does it.

It's also easily DoSed.

We found this out in the 90s and early 2000's where people would .. well, try doing internet routing with Sup-1's.

Re:SDN

[bill_mcgonigle]

Sounds CPU intensive and slow.

No, it's CPU-intensive and fast. If you control the whole network (see Google, et. al.). CPU is not the bottleneck in 2014.

But the very last thing we want is central control of the Internet. We may wish to have SDN's outside each peering point, but that's the ISP's business, not the Internet's architecture's.

See, we can want one thing in one place and something else entirely in a different place. One-size-fits-all solutions don't attempt to address the requirements of each situation.

Re:SDN

[TheSync]

The question is what is the typical "working set" of Internet prefixes for Internet routers at any time? Is it 100% of the Internet? Is it 50%? Is it 10%? I suspect it is something like 10% (but don't have any numbers).

When an unmatched prefix is seen by the router, it sends the packet to the SDN controller for inspection, the SDN controller sets up the flows for that prefix on the router TCAM. It is like a cache, and only needs to happen once per flow. SDN flow setups take on the order of 1ms.

BTW, tell me that BGP doesn't have problems?

There already is an SDN-enabled Internet Exchange Point.

SDN-based routing systems would be even easier to defend against DDoS because of the ability for SDN controllers to rapidly set up firewall rules on the Internet router (which might actually be a switch, or a fabric of switches, or a set of distributed switches).

We're the part that got dropped

[Phat_Tony]

We lost probably $30k in lost sales, and employees unable to do their jobs yesterday. Liquid web is going to lose a ton of customers over this. I don't know if it was their "fault," or if it was the top tier providers in their area they contract with. But as I understand it, if we had been with anyone really big who had us colocated in facilities way far away from each other, this would have been extremely unlikely.

Re:We're the part that got dropped

if we had been with anyone really big who had us colocated in facilities way far away from each other, this would have been extremely unlikely.

so, if *your own* it guys had done their job and convinced the bean counters that geographic separation and redundancy was needed for your servers and server space.. you wouldn't have lost the 30k in sales and had a period of time where your workers were unable to do their jobs... but instead you're going to blame your colo space provider for the outage when you know the problem is *not their fault* -- oooooookay, then.

IPv6 will never happen

It's more likely a completely new/different Internet will be designed before IPv6 is ever widely adopted. It's just too difficult to use compared to IPv4. It has too many features that add complexity when trying secure networks. Plus the addresses are long and annoying to configure, etc.

IPv6 is to IPv4 as DVD-DL is to DVD.

Re:Betteridge

You can talk all you want about what should and shouldn't be irrelevant, but at the end of the day the IPv6 routing tables take up less space in memory. Maybe you haven't noticed because you're too busy disabling things,blaming configuration problems on the underlying protocol.

Are the sites you want to visit ready?

[Marrow]

If they can't hear/speak IPv6, then the Internet is going to feel like a very big empty room. Everyone needs to change to the new protocol. Everywhere. And IPv4 still has to work. Everywhere.

Re:Are the sites you want to visit ready?

[jfdavis668]

I don't want to visit sites. Our users visit our site. IPv6 can be tunneled through IPv4, if the ISPs support it. IPv4 can be tunneled through IPv6. You can start the conversion in many places, and support the rest until the transition is done.

Stop doing CIDR!

And the problem goes away. The size of the routing tables is growing so much because every Tom, Dick, and Harry small business customer wants their own /29 block and certain ISPs like to serve those up using CIDR (are you lisetning to me, Comcast and Verizon?). This unnecessarily EXPLODES the size of the routing tables that everyone has to deal with.

Re:Stop doing CIDR!

[BaronM]

OK, I've done BGP before, and I've never heard of anything smaller than a /24 being globally advertised -- most common router configurations won't even accept anything smaller.

That said, how is any network of any size supposed to protect itself again ISP outages other than multihoming? It clutters the routing table, but there is no other solution.

Re:Stop doing CIDR!

You're absolutely right. The parent was clueless. You can login to any public route view and see that there are no prefixes that small. I do believe I've seen a /25 before, but never a /29. Mom and pop shops who can't afford their own address space also can't afford their own ASN.

Re:Stop doing CIDR!

[JesseMcDonald]

That said, how is any network of any size supposed to protect itself again ISP outages other than multihoming?

The logical place to deal with this issue would be higher up in the stack, like with SCTP's multihoming support. Rather than advertising multiple routes to the same IP address, you let the other endpoint know that you can be reached at multiple IP addresses. If one ISP has an outage, you transparently switch the traffic over to another address.

Unfortunately, this requires updating applications to use different protocols; there is no backward-compatible way to retrofit this form of multihoming into TCP or UDP.

Re:Stop doing CIDR!

Multi-homing clutters the BGP-derived table, but that table doesn't need to be used as-is. Pick 1 route for hardware routing, deal with failures in software. Don't store redundant routes in HW. Yes, that requires an extra step in BGP parsing, but it's not hugely complicated anyway. Checking for an existign alternative route is pretty much instant (O(1)) on these machines since the routes are stored in TCAM - content addressable memory.

Re:Stop doing CIDR!

[kasperd]

Mom and pop shops who can't afford their own address space also can't afford their own ASN.

What would break if you multihomed your own address space without having your own ASN? Each of the ISPs you connect to have an ASN, which can be used to announce your address space.

Re:Betteridge

[slashmydots]

It's TCAM, not RAM, which is A LOT faster than RAM. That's why it's a problem that it's over 512k. Most routers have more than 0.5MB of RAM.

Re:Betteridge

[The+New+Guy+2.0]

Was there a 10 year warranty on that? Seems like to fail all at once now is a sign of something intentionally wrong.

Is IPv6 "perfect" or will there be an IPv8?

[swb]

Given the time between IPv6 design and the eventual global adoption of it and abandonment of IPv4, will the broader adoption of IPv6 reveal problems addressed in a future revision?

I'll admit to being willfully ignorant of IPv6 other than seeing it as enormously more complicated than IPv4, trying to solve too many problems at once. I sometimes wonder if maybe IPv6 didn't appear so complicated and different that adoption might have been increased.

Couldn't they just have added a couple of extra bytes to IPv4 to come up with something that worked like IPv4? I also wonder about an addressing scheme like IPX, where a single network address covers an entire broadcast domain and node addresses are MAC addresses plus the network address. IPX network addresses were only 8 bytes, maybe that wouldn't be future proof enough (4.2 billion networks). I'm not talking about IPX as a protocol, just the system for addressing.

The advantage is relative simplicity (no need for DHCP, network addresses are discovered and the rest is built-in), broadcast domains can scale arbitrarily large without needing to renumber -- sure you can start out every network with a /16, but often they don't and there are complications in organizations just arbitrarily shifting masks past /24, such as running into other networks in the local routing domain.

Since node addresses are locally determined, ISPs would need to only assign a network address which would allow for basically unlimited public network addresses to each subscriber.

Re:Is IPv6 "perfect" or will there be an IPv8?

You just described ipv6. If you add 2 bytes why not 12 more? :) an ipv6 is 16 bytes.
http://ipv6now.com.au/RFC.php

The routes get way simpler as they created a space for ~20 bits of ISPs. Then they can route just that. Instead of 1 isp having 40 different segments they have 1.

Part of the issue here is they overflowed the memory because of segmentation of the internet. IPV4 is scarce and people are starting to sell off discordant chunks of ips.

The advantage is relative simplicity
https://www.ietf.org/rfc/rfc3315.txt
https://www.ietf.org/rfc/rfc6791.txt

DHCP does not just do IPs. It does a bunch of other things too. Like auto config of proxy servers.

Re:Is IPv6 "perfect" or will there be an IPv8?

[Shimbo]

I'll admit to being willfully ignorant of IPv6 other than seeing it as enormously more complicated than IPv4

I think seeing it as way more complicated is a mistake. They took IPv4, fixed a few problems, and unfortunately introduced a few others. Sure, they could have done a little less.

Couldn't they just have added a couple of extra bytes to IPv4 to come up with something that worked like IPv4?

That fairly much describes IPv4; the other proposals floating around were far more radical.

node addresses are MAC addresses plus the network address

This is covered by RFC 2462 - IPv6 Stateless Address Autoconfiguration. However, privacy concerns have made this go out of fashion.

Re:Is IPv6 "perfect" or will there be an IPv8?

[Bengie]

IPv6 is vastly simpler, just different. I know a few datacenter admins and they all say IPv6 is a god-send to organizing and managing their networks. I grew up with these folks and they're quite smart from my perspective, so I trust their judgement. My one relative, who also runs a datacenter, was asked to come as a guest speaker for a conference, where he talked about designing a distributed datacenter storage system for high reliability and performance for R&D type workloads. He wants to do away with IPv4 in his multi-petabyte logical size storage network. And his 30gb/s uplink to Level 3... MMmmmmm..... Directly peered with almost every Tier 1 and many other networks. Level 3, HE, Sprint, AT&T, Verizon, NetworkLayer, Rackspace, Comcast, Charter. Fun place to work. Not only directly connected to these places, but also directly connects to 4 different IXs.

Re:Is IPv6 "perfect" or will there be an IPv8?

[kasperd]

I'll admit to being willfully ignorant of IPv6 other than seeing it as enormously more complicated than IPv4

IPv6 is slightly simpler than IPv4. Some areas got slightly simplified, other areas are just slightly different. Starting from no knowledge in the field, you can learn IPv6 just as fast as you can learn IPv4.

All the complexity people are talking about comes from not deploying IPv6. Had IPv6 been deployed soon enough to avoid NAT and tunnels, it would all have been very simple.

Tunnels are complicated. And many of the people needing IPv6 are currently forced to use tunnels, because ISPs have decided to postpone deployment of IPV6 beyond the reasonable. As if this wasn't bad enough, the presence of NAT makes tunnels even more complicated. Moreover looking at tunnels like 6to4 and Teredo, one notice that there isn't even enough bits in the IPv6 address to make a unified tunnel protocol that could work in place of both 6to4 and Teredo. The reason Teredo was designed in the first place was due to NAT getting in the way of 6to4.

The tunnel technology closest to native IPv6 is probably 6rd. It tuns out fragmentation of IPv4 address space (caused by shortage of IPv4 addresses) makes 6rd deployments more problematic.

There are also some people who have spent so much brain capacity on grasping NAT, that they don't have room left over for anything new.

All of this could have been avoided, if people had deployed native dual stack instead of NAT. And everything would have been simple and cheaper, because it would have been completed before the network grew so big.

trying to solve too many problems at once.

It doesn't. It increase the size of the addresses and fix a few other small design mistakes in the original IPv4 protocol, that's it.

I sometimes wonder if maybe IPv6 didn't appear so complicated and different that adoption might have been increased.

It only appear complicated to those who want an excuse not to deploy it.

Couldn't they just have added a couple of extra bytes to IPv4 to come up with something that worked like IPv4?

How many you add doesn't change the complexity. Adding a couple and later finding out you didn't add enough and have to do the entire thing over again would have been an utter failure.

The bits need to be split into a network part and a host part. Having the boundary between those two parts moving around is complicated, having the boundary in fixed position in the address, is simpler. In IPv4 the part about where the boundary was got more and more complicated over time. In IPv6 each part was designed to be large enough so the boundary could be fixed.

Calculations showed 45 bits should be sufficient for the part before the boundary and 49 should be sufficient after. For simplicity both numbers got rounded up to a power of two, that's how we ended up with 64 + 64.

If you look at the IPv4 and IPv6 headers, you'll see that other than the increase in address size, a few fields got removed because they hadn't been a good idea in the first place. This reduced the size of those other fields from 12 bytes to 8 bytes. A few fields got renamed because the name they had originally been assigned didn't match reality anymore.

Those people who consider IPv6 to be complicated don't even remember all of those fields in the IPv4 header, so the changes wouldn't be a big deal to them. Personally I can remember the IPv6 header fields well enough to be able to write out a valid IPv6 packet by hand, but I can't remember the IPv4 header fields.

I also wonder about an addressing scheme like IPX, where a single network address covers an entire broadcast domain and node addresses are MAC addresses plus the network address.

This would be a slightly larger change than the actual difference between IPv4 an

There are new routers that don't work

[Chibi+Merrow]

I actually bought a new router within the last year. A "nice" Buffalo model with DD-WRT built in. Only to find out DD-WRT doesn't support native IPv6 (which my old, faulty NetGear did, go figure). They just support Toredo or other tunneled IPv6 solutions.

Man, was I disappointed.

Not from what I've seen

[Sycraft-fu]

Not the fact that wifi routers degrade, you are totally right about that, but that people will replace them. I'm amazed at how shitty someone's Internet can be and they have an "Oh well, whatever," attitude about it.

A good example near and dear to me is my parents. They moved in to their current place about 7 years ago and got a cheapass Linksys router to handle their NAT and WiFi. It has been giving them enough grief for me to hear about it for at least 3 years. They are not poor, a new router is not a big deal, yet they didn't get one. So I got tired of it, and also had an easy solution: When they were visiting me this June I upgraded my WAP to a new 802.11ac one and gave them my old one, which was working great.

They still haven't installed it. It's not like they don't have time, mom is retired and dad is semi-retired, it's not like it is hard, it is much simpler to set up than their old model and they can always call me. They just haven't bothered. Their router acts up, they go reset it, and don't bother to replace it.

Another somewhat related example would be a friend of mine. He's a young guy, under 30, and quite technically savvy. He's complained to me that the Internet at his house is not meeting advertised speeds, going quite well below it. Strange, since we are both on the same ISP, and live only a couple miles from each other and my experience has been that they always are right around max. I inquire a bit more and find out he still has a DOCSIS 2 modem. Ahh ok, well that is probably the issue. Though his connection is of a speed that a single DOCSIS channel can handle (25mbps), that modem has one one channel to choose from and it could well be too loaded down by other people on the segment. So my recommendation was to get a DOCSIS 3 modem. An 8x4 modem that is compatible can be had for like $80. That should solve any speed issues since now there's a bunch of channels to choose from, and will be compatible when they bump the speeds in the future.

He didn't want to spend the money, and so just complains occasionally about the speed.

For whatever reason, there are more than a few people who will just use old, failing, technology and bitch about it rather than fix the issue.

Re:Not from what I've seen

The vast majority of the time I've had the exact opposite experience, people were more than willing to replace their router even though none of them had problems with routers degrading (not counting the couple that just flat out broke). Quite a few people I know with wireless internet issues turned out to just be a neighbor getting a router set to the same channel. I would tell them it is an easy fix or even set it to a different channel for them, but they end up just buying a new router because someone at the store told them their current router had worn out. I don't think they even made much use of their connections anyway, because they would get the new routers sometimes even after they were getting full speed on their connection after the channel change.

Re:Not from what I've seen

[UnknownSoldier]

The enemy of better is "good enough". :-/

One thing that might help your buddy is to give him incentive. Is he still renting his DOCSIS 2 modem? Comcast and other ISPs charge ~$7/month for a cable modem rental! If he paid ~$70 and bought a DOCSIS 3 modem outright after ~7 months he would be saving money since he would no longer be being nickeled and dimed for the router rental.

You can find a list of DOCSIS 3 supported modems here ... make sure to check "[x] Latest (DOCSIS 3.0) Devices"
http://mydeviceinfo.comcast.ne...

I picked up the MOTOROLA SB6121 SURFboard Cable Modem RJ-45 from NewEgg for ~$69.99
http://www.newegg.com/Product/...

Re:Not from what I've seen

[jazzdude00021]

He didn't want to spend the money, and so just complains occasionally about the speed.

For whatever reason, there are more than a few people who will just use old, failing, technology and bitch about it rather than fix the issue.

What do you mean I have to upgrade my Windows XP??? I like my windows the way it is thank you! But hey, can you come fix it for me because it's a little slow???

Re:Not from what I've seen

Because wifi is binary - you either have it or you don't. Nothing else matters.

Hmm, the example on that page is interesting

[Marrow]

So the "compressed IPv6 address" has the low order bits used to reflect an IPv4 address. But I thought the low order bits were going to be MAC address bits in IPv6? The two seem inconsistent.

Re:Betteridge

[hcs_$reboot]

"Is it time to switch to all IPv6 yet?"

No.

Sure. When most people will have adopted IPv6, we'll have a lot more IPv4 available!

Re:Hmm, the example on that page is interesting

[rev0lt]

I have no experience whatsoever with ipv6, but try to google "ipv6 ipv4 interoperability" and you will find lots of info about it.

Not an IPv6 problem but a network prefix problem

[userw014]

This isn't a reason for migrating to IPv6 (although new routers with more TCAM - Ternary Content Addressable Memory) would also likely make implementing IPv6 easier.

The problem is the large number of networks that are being advertised, coupled with the number of locations that want a full BGP feed because their networks are multiply homed. Migrating to IPv6 will allow some reduction of network tables - if only because organizations with a single location that currently have multiple IPv4 networks can be allocated a single IPv6 network (and that might have a knock-on effect for organizations that are multiply homed.) It will work with organizations that are willing to tie themselves to a single ISP.

(Yes, I know that IPv6 builds in automatic address provisioning, intended to make deployment easier - but I still think that renumbering your network will be enough of a problem that there will continue to be ISP lock-in enough to encourage large organizations to get their own network numbers outside of an ISP's range.)

okay.

From the book, "Road Accidents: Prevent or Punish?"

The British road engineer J. J. Leeming, compared the statistics for fatality rates in Great Britain, for transport-related incidents both before and after the introduction of the motor vehicle, for journeys, including those once by water that now are undertaken by motor vehicle: For the period 1863–1870 there were: 470 fatalities per million of population (76 on railways, 143 on roads, 251 on water); for the period 1891–1900 the corresponding figures were: 348 (63, 107, 178); for the period 1931–1938: 403 (22, 311, 70) and for the year 1963: 325 (10, 278, 37). Leeming concluded that the data showed that "travel accidents may even have been more frequent a century ago than they are now, at least for men".

Re:okay.

[Ichijo]

For the period 1863-1870 there were...143 [fatalities per million of population] on roads... for the period 1891-1900 the corresponding [figure was] 107... for the period 1931-1938...311... and for the year 1963... 278

So the roads are twice as dangerous now as they were before the introduction of the motor vehicle. And no doubt it would be even worse if children didn't find ways to entertain themselves indoors because the streets are not as safe as they used to be.

Re:okay.

Yes, and population total in 1900 was 76 million compared with 1963 which was ~190 million people. So our population almost tripled and the accidents doubled.
Gotta provide source of course!

Nope, streets were most definitely not safer then. There is also the reality that most incidents were not even reported in those earlier years.

Re:Betteridge

[DigiShaman]

No. When Facebook goes offline, it will be the end of the world; and I love happy endings!

Re:Betteridge

It's 512k routes not 512kB

Re:Betteridge

[adri]

Except people can, have and will deaggregate IPv6 space to do Traffic Engineering.

Locator/Identifier Separation Protocol (LISP)

[xiux]

I noticed no one had mentioned LISP. I don't completely understand it, but I'll add my two cents anyway.

LISP is supposed to help with routing table exaustion and keep the global routing tables lean. It does this with a distributed database to basically map out endpoints and create tunnels around the internet. This is so no one router on the internet needs to have a full table.

In the short term for backwards compatibility, endpoints will be identified with IPv4 or IPv6 addresses, but it seems to work with any unique ID, like a serial number or GPS coordinate.

Locator/Identifier Separation Protocol (LISP)

My additional two cents...
I realize I'm risking any credibility I might have by mentioning anything related to bitcoin, but I think it's an interesting idea worth stating. Although I don't have any interest in using bitcoins as a currency, I think the underlying technology is interesting and could be useful in other applications.

The idea is for organisations to "mine" for their IPv6 allocation. They can then use their "wallet" to sign their BGP advertisements so that their peers can be certain (for various values of certain) they own that prefix. This also has the effect of decentralizing the allocation of resources, and considering the vastness of the address space of IPv6, it would be a waste of time for anyone to attempt to mine all of it and hoard it.

Re:Locator/Identifier Separation Protocol (LISP)

[statemachine]

No one router has a "full table" of all the routes. The routing protocols and the engineers work to make sure the tables are as close to lean as possible.

Your offered solution isn't necessary.

Your bitcoinesque solution for IPv6 allocation would make things worse. Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.

Routers that speak BGP are on the ISP and backbone level, and are physically secured. Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it. To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.

Re:Locator/Identifier Separation Protocol (LISP)

[xiux]

Thanks for replying to my post instead of keeping the non-brilliance of my ideas to yourself. My biggest concern when writing that post was that I was talking to myself. I'll attempt to address your concerns one by one.

No one router has a "full table" of all the routes. The routing protocols and the engineers work to make sure the tables are as close to lean as possible.

Just about all ISPs and backbone carriers carry full tables and many large organisations do as well for multihoming purposes. Global BGP tables are currently around 513,191 routes and this is what facilitated the issues mentioned in the article. One ISP made a mistake and started advertising more specific prefixes for blocks that were already summarized and this pushed the number of global routes beyond the limits of some older hardware. I would suggest reading about the Default Free Zone.

Your offered solution isn't necessary.

LISP is not something that I invented, it's something the IETF is working on to solve a perceived problem.(RFC6830) Some IETF contributors came to the conclusion the Internet routing system was not scaling well with the "explosive growth of new sites" and multihoming that many organisations now do. Problem Statement From all indications, the growth of the Internet does not appear to be slowing down, but accelerating. It seems like a prudent choice to evaluate different ideas as possible solutions to the issue of Internet scalability.

Your bitcoinesque solution for IPv6 allocation would make things worse.

It seemed like a technical solution to avoid the politics of Internet governance. I admit it wasn't well thought out, however I am curious how it would make things worse by allowing a small block of IPv6 addresses to be allocated in a decentralized way and adding cryptographic integrity along the way.

Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.

I should have been more specific; I was suggesting originating advertisements would be signed as opposed to transient advertisements.

Routers that speak BGP are on the ISP and backbone level,

Medium to large organisations also use BGP to advertise their address space to their ISP(s).

and are physically secured.

Originating BGP route advertisement signing is not intended to supplant physical security measures.

Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it.

None of this would really be necessary for a home user as their ISP would be doing all of this on their behalf.

To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.

To announce rogue routes, one only needs an ISP that doesn't filter incoming BGP advertisements properly. It seems apparent as the Internet grows there will be more and more BGP peerings and as a consequence of that not all of them will be competent or aboveboard with their implementations.

The Resource Public Key Infrastructure (RPKI) is a step in the right direction, however seems to be mainly for preventing mis-configurations from causing outages. Someone with malicious intent need only use AS path prepending to bypass this protection.

Re:Locator/Identifier Separation Protocol (LISP)

[statemachine]

Thanks for replying to my post instead of keeping the non-brilliance of my ideas to yourself. My biggest concern when writing that post was that I was talking to myself. I'll attempt to address your concerns one by one.

You're... welcome?

Just about all ISPs and backbone carriers carry full tables and many large organisations do as well for multihoming purposes.

Then I misunderstood you. I thought you were repeating what others have said earlier, claiming each router carries a complete copy of all the routes on the Internet, which of course isn't true.

Now that we have that cleared up, I'll snip out parts I don't need to reply to.

Your bitcoinesque solution for IPv6 allocation would make things worse.

It seemed like a technical solution to avoid the politics of Internet governance. I admit it wasn't well thought out, however I am curious how it would make things worse by allowing a small block of IPv6 addresses to be allocated in a decentralized way and adding cryptographic integrity along the way.

Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.

I should have been more specific; I was suggesting originating advertisements would be signed as opposed to transient advertisements.

You are asking for DomainKeys but with routes. That is too computationally expensive right now and would require too many lookups and time. Perhaps somewhere down the line when the big iron routers catch up with CPU resources vs line speed.

Routers that speak BGP are on the ISP and backbone level,

Medium to large organisations also use BGP to advertise their address space to their ISP(s).

Not to your home router.

and are physically secured.

Originating BGP route advertisement signing is not intended to supplant physical security measures.

I'm aware of the difference between remote access, console access, and physical access, and hardware vs software.

Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it.

None of this would really be necessary for a home user as their ISP would be doing all of this on their behalf.

That's what I just said...

To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.

To announce rogue routes, one only needs an ISP that doesn't filter incoming BGP advertisements properly. It seems apparent as the Internet grows there will be more and more BGP peerings and as a consequence of that not all of them will be competent or aboveboard with their implementations.

You're just restating what I said. I guess I wasn't clear, but I'm also assuming a best practice (or as near as possible) implementation, because there's no use talking about security if people are going to leave the front door open, right? It's not even a discussion at that point.

The Resource Public Key Infrastructure (RPKI) is a step in the right direction, however seems to be mainly for preventing mis-configurations from causing outages. Someone with malicious intent need only use AS path prepending to bypass this protection.

Again, anyone with access to the routers can do this right now. Any organization that doesn't shut its front door can have this happen. This can be solved through best practices. This isn't e-mail. Even if you got people on board for this, it would take a protocol revision AND all new hardware for everyone. It's not going to happen anytime soon.

Don't take it personally. Your offered solution for route signing (whether you wrote them or not) just isn't feasible right now.

IPv6 is much simpler than IPv4

[marcosdumay]

Really, even if you are completely ignorant about it, it does not take much more than a short reading to see how simpler IPv6 is. That's why it corrects so many issues.

The problem with IPX style local names assignment is in security. Doing it in the open, wild Internet is a certain way to destroy it. The nearest option that's actualy usable is dynamic DNS, and it's quite widspread.

Re:Betteridge

[mjwalshe]

It was past time 20 years ago for ipv6 to be taken out back behind the barn and put out of its misery - ivory tower standard with no real world people involved

Re:Betteridge

Like what? Name some sites that break when you have IPv6 enabled. I haven't seen one.

IPv6 won't fix this problem

Because of the size if ipv6 addresses you can divide prefixes up geographically (as in graph theory, not necessarily how the world is divided).
So you get part of the address saying Europe/Netherlands/xs4all/my home. This means a router at xs4all looks at an address for USA and it knows to what interface it should be routed, a single prefix rule.

Re:Betteridge

It's Betteridge's Law of Headlines and it doesn't apply: The question isn't in the headline.

Correct. This is the Slashdot summary corollary.

Why are cisco execs not in prison?

They hate the Internet and have spent twenty years stealing from the public by charging more than a fair price for their equipment. Also, they have caused much of the downtime on the Internet because they now tie licenses to hardware serial numbers to prevent companies from having spare equipment. Well, you can have the spare equipment, but they do not allow you to use it. My last employer was put out of business by cisco because cisco wouldn't give us a license to run the software we bought on our spare ASA. My employer before that went out of business because we couldn't afford to replace our ten+ year-old cisco 2501 routers at our seventy-seven restaurants because cisco charges an unfair price for routers. After not being able to process credit cards at locations because cisco didn't allow us to be able to afford replacement equipment, we had to sell out to a competitor.

cisco is the most Republican company on the planet. They refuse to sell their equipment at a reasonable price. They refuse to allow us to run the software we own on spare equipment. Finally, they refuse to fix bugs in software to force you to buy entirely new equipment.

Re:Betteridge

[RazzleDazzle]

This is not technically the explanation for the 2x ratio difference, at least on the Cisco platform under the microscope here. It is slightly more nuanced than that.

The TCAM entries are divided up into two bucket sizes: 72 bit buckets and 144 bit buckets.
An IPv4 address is 32 bits
An IPv6 address is 128 bits

An IPv4 FIB entry is 32-bits plus any additional bits it stores like interface and next-hop info
An IPv6 FIB entry is 128-bits plus any additional bits it stores like interface and next-hop info

128 bits do not fit into a 72-bit bucket so it gets stored in the larger 144-bit bucket.
There are multicast entries, MPLS entries, etc that all fit into one or the other of the two TCAM buckets.

The bucket sizes are 2x difference, not the amount of stored info from the address family sizes.

Incentives for aggregation???

[WaffleMonster]

Are there incentives of any kind for operators to think twice before making piecemeal routing advertisements? Is there any cost for multi-homing every rinky-dink company who thinks they are important enough to warrant such misuse?

Now that IPv4 resources are gone do operators pay out any penalty when they go off and start announcing random piecemeal /24's right and left?

I don't care if the penalty is simply a listing on a global wall of shame.

While IPv6 stands to reduce absolute need for disaggregation it will only be effective in doing so if there is some mechanism by which unnecessary advertisements carry a cost.

Re: Betteridge

Netflix

Ipv6 is the fix ?

[goarilla]

Can someone explain me how a protocol with bigger addresses and bigger routes fixes
a hardware resource problem.

Re:Ipv6 is the fix ?

[Dagger2]

See RFCs 1715 and 3194. Lower HD-ratio means less fragmentation of allocations, which means fewer routes required to cover the same number of hosts. Each route takes twice the memory, but you have way fewer than half the number of routes because your allocations aren't fragmented to hell and back.

Re:Ipv6 is the fix ?

[goarilla]

Aah so instead of John doe owning 1.1.1.0/24,1.2.0.0/16, 6.6.6.0/24, etc ... he only owns one. OK thanks.

Re:Ipv6 is the fix ?

Aah so instead of John doe owning 1.1.1.0/24,1.2.0.0/16, 6.6.6.0/24, etc ... he only owns one.

You are a quick learner. Thumbs up.

Re: Betteridge

[plover]

OK, but apart from the sanitation, medicine, education, wine, public order, irrigation, roads, the fresh water system and public health, what has IPV4 ever done for us?

who the hell uses a 6500 as their ISP router?

[ruebarb]

I've been a Cisco networking guy for 10+ years - the 6500 series is a Distribution/Core technology for the LAN - it's definitely been milked over the years but the 4500 series is basically designed to phase it out

some of the 7600 routers (the older bricks) - I can also understand - but seriously - if you are a core internet provider, why the hell are you using a 6500 router for the BGP routing table of the internet? Put that thing in a dorm room and buy yourself an ASR 9000

RB

Re:who the hell uses a 6500 as their ISP router?

[WaffleMonster]

some of the 7600 routers (the older bricks) - I can also understand - but seriously - if you are a core internet provider, why the hell are you using a 6500 router for the BGP routing table of the internet? Put that thing in a dorm room and buy yourself an ASR 9000

Worth remembering the Internet is a global network and not all participants in the default free zone have the same buying power.

Re:who the hell uses a 6500 as their ISP router?

[statemachine]

I've been a Cisco networking guy for 10+ years

Then you'll realize it only takes one router to constantly flap routes to ruin everyone else's day. Hey Traffic! Over here! Nope, go over there! OK, over here now! Wait a minute, go over there! and on and on...

Re:who the hell uses a 6500 as their ISP router?

[KapUSMC]

Except if you have an AS and playing in BGP, there is a responsibility to maintain your equipment because it is a global network. As ruebarb mentioned, although they can do it, this isn't really what 6500's are made for. There are better, cheaper, and more efficient ways to do it anyway. Even a ASR 1000 would be a better choice. Just because a switch can route, doesn't make it the right choice for a router. And 7600's are at EOL anyway. If you have any left in production, you should be watching them like a hawk at this point. FWIW, if everyone was IPV6, this problem would have been far worse. TCAM can hold twice as many v4 routes as v6, and the v6 by nature are more fragmented. This wasn't a case of IPV4 breaking the internet... It was a case of poor design and monitoring.

Re:who the hell uses a 6500 as their ISP router?

[WaffleMonster]

Except if you have an AS and playing in BGP, there is a responsibility to maintain your equipment because it is a global network.

Being a global network everyone has responsibility including responsibility to refrain from unnecessarily advertising disaggregated routes.

FWIW, if everyone was IPV6, this problem would have been far worse. TCAM can hold twice as many v4 routes as v6, and the v6 by nature are more fragmented.

The only difference WRT entry count scarcity based disaggregation no longer occurs. There can be less if operators elect to act responsibly.

Re:Betteridge

[Just+Some+Guy]

My ISP does IPv6, as does all my equipment. I had to disable it so that the rest of my family doesn't wonder why random sites don't work on their PC but work fine on their phone and while I can't remember the ones off to the top of my head, there are some big ones that regularly fuck up.

Wow, your setup sucks. My ISP offers native IPv6 and all our laptops, tablets, etc. come up with both protocols live. I have literally never, not once, zero times, ever had a problem that traced back to having IPv6 enabled. Maybe we just buy better equipment or have a better ISP or something, because it Just Works for everyone in our household.

Re:Betteridge

[Cramer]

ABSOLUTELY FUCKING WRONG IPv6 addresses are 128bits with a 128bit mask. Every bit counts.

You have fallen to a classic blunder. Just because that bullshit SLAAC requires a 64bit prefix does NOT mean the whole damned world is 64+64. This idiot-assumption makes your entire product line completely useless; you have now bankrupt your company.

Yes we must switch to IPv6 but...

This is really a different problem. We knew the BGP problem was coming, but far too many ISPs didn't bother to do the upgrades and replacements needed to address it. IPv6 adoption wouldn't have made much difference to it. At most, it would have delayed it as we neared the maximum number of IPv4 routes that older routers could handle.

Re:Betteridge

[Cramer]

IPv6 currently has fewer prefixes, but that won't always be the case, and it uses the same TCAM space as everything else. Giving IPv4 a little more space means taking it from something else -- by default that's IPv6 space.

Re:Betteridge

[reve_etrange]

I believe that technically it's that the routing table is configured to use an insufficient amount the available CAM. According to Cisco, their devices all have enough memory, it's just that the default configuration only allocated 512k for the routing table.

Re:Betteridge

[reve_etrange]

Sorry, to clarify, it's 512 thousand routes worth of space, not 512 kilobytes.

Re: Betteridge

[kevingolding2001]

Brought peace?

Re:Not really to do with "BGP" or "IPv4" as such..

"every router knowing about every destination network"

That's just not true. Your TCP/IP stack is a router and I guarantee you it doesn't know every destination network. It only knows a small set of destination networks, usually just 2. Your gateway is a router and it probably only knows 3 networks destination networks.

That's what makes IP so flexible. The end nodes can be stupid, and the intermediate nodes can be nearly as stupid. No router has full knowledge about all the networks.

If there's a problem here, it's carriers not working hard enough to simplify their networks. The system requires constant housekeeping. But dispersed knowledge, continuous chatting among intermediate routers, and every subnet being vigilant about housekeeping, is the only known algorithm that can scale to the size of the Internet.

Plus...

It *WAS* 'the entire internet', barring any routers that didn't have that 512k limitation. My home internet was down from 12am to 6am yesterday, and it was definitely the edge routers (tracepath could make it up to the exit hosts for their internal network, but packets from there out were spotty. Sometimes you'd get a reply back, othertimes nothing. And this was initial on some links, then as propogation spread on all links until at some point after I went to bed they finally sorted that shit out.

Point is this was a fuckup of global proportions.

Really makes me think people aren't taking this 'decentralized network technology' seriously, given how easily major outages are generated against it for extended periods of time.

TCAM stores IPv4 and IPv6 routes

The TCAM stores IPv4 and IPv6 prefixes at same time so this issue is relevant to both families of address space.

Re:Hmm, the example on that page is interesting

[Dagger2]

If you use SLAAC to automatically configure an address, it does it by putting the MAC (rather, EUI-64) address in the lower 64 bits. If your address comes from something other than SLAAC then it doesn't need to have the MAC address there.

Re:Betteridge

[Dagger2]

Of course it won't. The internet is growing and v6 is there to handle that growth, so of course it's going to end up with more prefixes. However, the number of prefixes scales much better with network size in v6, due to the much lower HD-ratio (which is a big part of why the address space is so huge in the first place). A v6 prefix tends to take 2x the TCAM space a v4 prefix does, but v6 can handle the same number of nodes with way fewer than half the prefixes that end up being needed in v4.

Re:Betteridge

[lsatenstein]

You're right. It was time 10 years ago. Now it's way PAST time.

Ah don't worry, Comcast, AOL, Verizon, TimeWarner and NSA will come to the rescue. They will block EurAsia from the USA Shores and then there will be enough addresses available. There will be a new definition of Global Access.

If you want Europe, The defunct Net Neutrality rule will allow you to purchase "World" global access.

Heh, did you hear the one about

Heh, did you hear the one about the nerd who was so out of it that he expected his parents to upgrade their router?

Ugh, this. Exactly this.

I live and work in the UK but support offices in the US, Europe and SE Asia. Yesterday some of our network monitoring services were insisting our whole office in South Carolina was offline, despite the fact that I was at that moment screwing around with their servers remotely trying to figure out why some of our services wouldn't connect to some of our other services, pretty much bringing business completely to a halt. TWC swore up and down the fault was not with them, till eventually they acknowledged that yes, half of our businesses websites didn't work and and, yes, any traffic routed to/from BT (Britain's largest telecomm) was not reaching SC. That was yesterday, 7:30AM EST. Just now, 4:30PM EST they still have not "fixed the problem" as "not enough users have been affected." We've given up on them being useful any time soon and have routed the SC office's business-critical services through our office in Germany just to get things moving again.

I mean, I'm just IT but isn't someone at the top going to start asking these ISPs who is going to compensate them for business lost?

Re: Betteridge

[jandrese]

Netflix is better for me on v6 than it is on v4 because my ISP (Fios) does not support v6 so I have to tunnel it out, and the tunnel avoids the congested uplink that Verizon has to Netflix.

./ is bad now

Nothing gets published even though I was an ex moderator. What ./ crash like google, facebook, yahoo is going to do. I bet this post gets deleted.

IPv4 will be around for a while.

[Hoov7178]

Even if everyone makes a serious attempt to switch to IPv6 right now, IPv4 will be around for a while. There is not enough hardware available to replace the hardware that is not able to deal with IPv4 only. I have been ready for years. I am irritated that I cannot access anything via IPv6. As for the falsehood that we will never run out of IPv6 address's, look again. There is an end. It is way out in the future, but with everything being connected to the net, including pets, the end is coming. I hope they are working on IPvSomething past 6. We will need it.

Already on IPv6

[WillAffleckUW]

we just run a bridge to IPv4 so it looks like IPv4 to the rest of you.

Re:Betteridge

[kasperd]

Every bit counts.

Not on backbone routes. Backbone routes only need 48 bits. And if you use the recommended link prefix length, you don't need longer than 64 bits anywhere. 64 bit networks ought to be enough for anybody.

Even if you decide to make your link prefixes longer than 64 bits, you don't need a CAM with thousands of entries for that. Most routers don't have thousands of ports.

Re:Betteridge

[kasperd]

Seems like to fail all at once now is a sign of something intentionally wrong.

The only thing intentionally done wrong, that I am aware of, is ISPs not deploying IPv6 for a decade.

Re:Not really to do with "BGP" or "IPv4" as such..

[kasperd]

This isn't really to do with BGP or IPv4 as such, it's an inherent problem in the way "The Internet" regards addresses.

It is a problem made five times worse by the extreme high HD-ratios needed to keep IPv4 alive. If we switch to IPv6, we can go on much longer before this becomes a problem again.

It may become a problem again after IPv4 has been abandoned as the network keeps growing. Something scaling better than BGP would be nice. I predict a more scalable solution is going to need more addresses - no problem for IPv6 but would make such a scalable solution unusable with IPv4.

Re:Betteridge

[The+New+Guy+2.0]

IPv6 didn't improve enough to be two versions ahead... let's start work on IPv7+!

Re:Betteridge

[kasperd]

let's start work on IPv7+!

IPv7 was officially deprecated in 2012. In practice IPv7 was obsolete before IPv6 was finalized.

Re:Betteridge

[The+New+Guy+2.0]

Guess they only implement the even numbered IP sets... IPv8 anyone?