Slashdot Mirror
The IPv4 Internet Hiccups
New submitter pla writes: Due to a new set of routes published yesterday, the internet has effectively undergone a schism. All routers with a TCAM allocation of 512k (or less), in particular Cisco Catalyst 6500 and 7600's, have started randomly forgetting portions of the internet. 'Cisco also warned its customers in May that this BGP problem was coming and that, in particular, a number of routers and networking products would be affected. There are workarounds, and, of course the equipment could have been replaced. But, in all too many cases this was not done. ... Unfortunately, we can expect more hiccups on the Internet as ISPs continue to deal with the BGP problem." Is it time to switch to all IPv6 yet?
Surely 512k ought to be enough for any router?
We changed all our systems over time to handle this great IPv6 change, and haven't used IPv6 yet. Our service provider doesn't even offer it. Come on, some of us are more than ready. We will probably have failures, because it hasn't been truly tested, but we are far more ready than we were for Y2K.
How much more gradual do you want? I've been running dual stack for over a decade with a tunnel back to HE. At this stage most of your equipment runs fine with IPv6.
In many cases, the "work around" is to use software routing instead of hardware routing. In the cases of the Cisco routers linked above, their TCAM can be re-partitioned, then restarted. But with the rate of IPv4 route fragmentation, it will only buy so much time. The fix is to use IPv6 or get newer hardware with a larger TCAM.
You're right. It was time 10 years ago. Now it's way PAST time.
SJW's don't eliminate discrimination. They just expropriate it for themselves.
This isn't really to do with BGP or IPv4 as such, it's an inherent problem in the way "The Internet" regards addresses.
You might be able to get some efficiencies in IPv6 by incorporating formerly-unrelated address allocations under a single prefix. But that doesn't solve the problem of a continuously growing network, increasingly complex (and commercially controversial) peering arrangements, the fact that IPv6 addresses are actually larger and the fact that you're going to have to support IPv4 anyway in parallel with any IPv6 transition (I don't personally believe it will ever happen, but that's a different story).
You could, however, get rather more efficiency in core routing tables if network addresses only had a very transient existence and were related to the source/destination route to be employed (eg: look up a domain name, do some route pre-computation, allocate some addressing tokens that make sense to the routers on the path, recalculate the route periodically or in response to packet loss). That's not IPv6, though. IPv6 has the same order of dependence on every router knowing about every destination network as IPv4 does (give or take the slightly greater prefixing efficiency).
TL;DR - The Internet is getting bigger. Buy more kit.
googling verizon, comcast, and time warner it seems like their original pledge in 2012 to start rolling out ipv6 has quietly halted. most of their sites simply say "check back" while others imply certain undisclosed service areas may be exposed to both 4 and 6. forums are another story, with most customers and techs confirming the support exists, but either modems arent enabled to receive ipv6 due to bugs, or the support is broken in all-in-one devices in the case of DSL.
speaking from a linux neckbeard standpoint, i dont care. ive had competent functional v6 support for almost a decade and in many cases implemented it for pay. In my experience the problems associated with implementing v6 are related to companies angry about any downtime at all, or vendor specific appliances that just cant for some reason or another. they either lied about their ipv6 support, only partially support routing IPv6, or have egregious bugs in their implementation that cause stability problems in the rest of the network. Hosting providers have done an excellent job of supporting it from what ive seen, and most (with the exception of godaddy) are very generous in their IP offerings (i get 30 with ramnode.)
Good people go to bed earlier.
You have no idea what you are talking about. Two words: prefix aggregation.
Except that this has nothing to do with IPv6. IPv6 will do nothing to resolve this problem and will in fact make it worse because the problem itself is due to a router not having enough RAM and nothing about IPv6 results in less RAM usage.
Sure, we should get on the IPv6 bandwagon, well, except it sucks right now and can lead to some annoying connectivity issues when sites are misconfigured, or setup IPv6 and then forget about it so you're trying to connect to an IPv6 address thats no longer used because no one bothered to update DNS ... or their IPv6 connection is through one of their shitty over saturated links.
My ISP does IPv6, as does all my equipment. I had to disable it so that the rest of my family doesn't wonder why random sites don't work on their PC but work fine on their phone and while I can't remember the ones off to the top of my head, there are some big ones that regularly fuck up. Hell, even Google's IPv6 connectivity is shoddy at times.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
First of all, paragraphs are your friend.
Second of all, the solution you described already exists.
https://en.wikipedia.org/wiki/...
On that same page, there are a bunch of other solutions as well, this has already been thought of :)
Everything is a patch. Everything is an update. There's no such thing as 'rip everything out and reinstall.'
Well, there is, but it failed the several times it was tried in the 20th century.
Get used to the maintenance cycles. It's really all we've got.
Unless IPv6 addresses are being handed out in a way that's much more conducive to this, it won't really change anything
Which they are, as a direct result of v6 being so huge. See RFCs 1715 and 3194 for discussion on this.
Obviously in the long run we'll end up with a higher absolute count of routes in v6 (because supporting more people was the other reason for it) but the route count will scale far better than a network that has to be run at a ridiculously high HD-ratio because it's too small.
One of the design goals of IPv6 was to reduce the size of the global routing table. That's why there are so many more addresses in IPv6 than there are ever going to be devices. Each provider gets so much address space that nobody needs to come back for more. That means there's no address space fragmentation due to address scarcity, like there is with IPv4, where providers usually have dozens or hundreds of separate allocations which can't be aggregated and must all be entered into the global routing table. IPv6 addresses are four times as long as IPv4 addresses, but there are far more than four times as many routing table entries per ASN with IPv4 than with IPv6
Why would that be different than with IPv4? Prefix aggregation, AKA route summary, AKA Supernetting, has been available for a very long time. Unless IPv6 addresses are being handed out in a way that's much more conducive to this, it won't really change anything. This guy agrees (#4)
He is kinda correct, but the RIR's have come up with addressing plans to deal with this.
/29 minimum. This is 2^35 networks (assuming you are using a /64 per network as recommended). If you prove you need more than a /29, fine, you can have it.
/29? Fine, increase your subnet mask to /28 and carry on. This doubles you address space. Carry on until you are at a /26. That is a LOT of room for growth.
My info comes from the RIPE region, as its the region I'm in.
Every ISP gets assigned a
The next 3 bits are then reserved for future use. You use up your initial
In the IPv4 world this isn't possible. You get your allocation. You run out. You get another etc. Verizon are currently announcing 1,446 IPv4 prefixes from AS701, compared to the 12 IPv6 prefixes. Of the 12 IPv6 prefixes 5 of them are the one prefix they have deaggagated, the rest are customers with PI space.
You have a point about the near term, but long term once IPv4 has died a death (10+ years) the routing table will shrink again.
v6 makes things better, because it uses 128-bit addresses rather than 32-bit addresses. See RFCs 1715 and 3194 for the details.
Yes, there's a small linear factor of extra memory required for v6 routes vs v4 routes, but that's irrelevant compared to the route count reduction that comes from a lower HD ratio.
Also routing only occurs on the first 64-bits of an IPv6 address, the router doesn't need to store the host last 64-bits of an IPv6 address.
In addition to the other points brought up by other posters. Routing decisions occur only on the first 64 bits of an IPv6 address. There is no need to store the entire address.
Core routers only use the first 48bits as that's the smallest block that is routable on the Internet. Which is why IPv4's /24 vs IPv6's /48 explains the routers supporting 1024K IPv4 routes or 512K IPv6 routes or a 512K/256K split. Exactly 2x difference. But IPv6 has sparse allocations resulting in about an effective 10x reduction in the number of routes.
This particular problem is due to the way routing on the Internet works, where generally every router must hold routes for every prefix announced on the Internet. That system doesn't change with IPv6. Now, there might be fewer IPv6 prefixes at this time than IPv4, but intrinsically there's nothing about IPv6 that addresses the problem that all prefixes must have global visibility.
To fix this kind of problem requires changing how routing is done.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
There's no good reason to think there'll be a significant improvement in HD with IPv6, or significantly fewer prefixes advertised.
The issue is orthogonal to IPv6, it's fundamentally about how Internet routing is organised today. No hierarchy, and all prefixes must have global visibility. Hierarchical routing of the 90s has a bit of a bad name, and support for aggregation in BGP has been deprecated. However, there are things like topographical-landmark routing, which improve on the deficiencies of hierarchical routing. These would allow the Internet to grow without routing tables everywhere having to grow in direct proportion. Instead, routing tables wouldn't grow much at all, even as the Internet grew, in relative terms.
I use Friend/Foe + mod-point modifiers as a karma/reputation system.
but that's irrelevant compared to the route count reduction that comes from a lower HD ratio.
Only if you assume you can reduce routes because there are so many people with diverse blocks in their network, which isn't the case so much.
The route count is much more a result of multihoming and portable address space, which means larger prefixes aren't going to help at all. At no point in my career would my provider having a larger prefix helped reduce the routing table as I have always had either portable address space, which is a direct allocation from a NIC rather than an ISP, or been multi homed which means at best I get the addresses from ONE of the peers and announce it out to another peer, but in that case traffic gets all screwed up if the upstream provider which allocated me the non-portable space aggregates it since aggregated addresses aren't preferred over non-aggregated address space.
I.E. larger upstream prefixes don't really help at all.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
The Mayans had predicted that we would run out of IPv4 addresses in 2012 -- and they were right.
I'll see your senator, and I'll raise you two judges.
It's TCAM, not RAM, which is A LOT faster than RAM. That's why it's a problem that it's over 512k. Most routers have more than 0.5MB of RAM.
Given the time between IPv6 design and the eventual global adoption of it and abandonment of IPv4, will the broader adoption of IPv6 reveal problems addressed in a future revision?
I'll admit to being willfully ignorant of IPv6 other than seeing it as enormously more complicated than IPv4, trying to solve too many problems at once. I sometimes wonder if maybe IPv6 didn't appear so complicated and different that adoption might have been increased.
Couldn't they just have added a couple of extra bytes to IPv4 to come up with something that worked like IPv4? I also wonder about an addressing scheme like IPX, where a single network address covers an entire broadcast domain and node addresses are MAC addresses plus the network address. IPX network addresses were only 8 bytes, maybe that wouldn't be future proof enough (4.2 billion networks). I'm not talking about IPX as a protocol, just the system for addressing.
The advantage is relative simplicity (no need for DHCP, network addresses are discovered and the rest is built-in), broadcast domains can scale arbitrarily large without needing to renumber -- sure you can start out every network with a /16, but often they don't and there are complications in organizations just arbitrarily shifting masks past /24, such as running into other networks in the local routing domain.
Since node addresses are locally determined, ISPs would need to only assign a network address which would allow for basically unlimited public network addresses to each subscriber.
I actually bought a new router within the last year. A "nice" Buffalo model with DD-WRT built in. Only to find out DD-WRT doesn't support native IPv6 (which my old, faulty NetGear did, go figure). They just support Toredo or other tunneled IPv6 solutions.
Man, was I disappointed.
Maxim: People cannot follow directions.
Increases in truth directly with the length of time spent explaining them
Not the fact that wifi routers degrade, you are totally right about that, but that people will replace them. I'm amazed at how shitty someone's Internet can be and they have an "Oh well, whatever," attitude about it.
A good example near and dear to me is my parents. They moved in to their current place about 7 years ago and got a cheapass Linksys router to handle their NAT and WiFi. It has been giving them enough grief for me to hear about it for at least 3 years. They are not poor, a new router is not a big deal, yet they didn't get one. So I got tired of it, and also had an easy solution: When they were visiting me this June I upgraded my WAP to a new 802.11ac one and gave them my old one, which was working great.
They still haven't installed it. It's not like they don't have time, mom is retired and dad is semi-retired, it's not like it is hard, it is much simpler to set up than their old model and they can always call me. They just haven't bothered. Their router acts up, they go reset it, and don't bother to replace it.
Another somewhat related example would be a friend of mine. He's a young guy, under 30, and quite technically savvy. He's complained to me that the Internet at his house is not meeting advertised speeds, going quite well below it. Strange, since we are both on the same ISP, and live only a couple miles from each other and my experience has been that they always are right around max. I inquire a bit more and find out he still has a DOCSIS 2 modem. Ahh ok, well that is probably the issue. Though his connection is of a speed that a single DOCSIS channel can handle (25mbps), that modem has one one channel to choose from and it could well be too loaded down by other people on the segment. So my recommendation was to get a DOCSIS 3 modem. An 8x4 modem that is compatible can be had for like $80. That should solve any speed issues since now there's a bunch of channels to choose from, and will be compatible when they bump the speeds in the future.
He didn't want to spend the money, and so just complains occasionally about the speed.
For whatever reason, there are more than a few people who will just use old, failing, technology and bitch about it rather than fix the issue.
OK, I've done BGP before, and I've never heard of anything smaller than a /24 being globally advertised -- most common router configurations won't even accept anything smaller.
That said, how is any network of any size supposed to protect itself again ISP outages other than multihoming? It clutters the routing table, but there is no other solution.
If it weren't for the stupidity of OS and IP stack authors, we'd be able to use the 240.0.0.0 - 255.255.255.254 addresses.
However, most of them refuse to route to those addresses because they're "Reserved for Future use."
Apparently no one stopped to think that blocking routing to those addresses would stop them from being used in the future because people insist on using older technology.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
"Is it time to switch to all IPv6 yet?"
No.
Sure. When most people will have adopted IPv6, we'll have a lot more IPv4 available!
Slashdot, fix the reply notifications... You won't get away with it...
Just shove all cellular devices to IPv6 first and then re-allocate the IPv4 pool previously occupied (if possible). The mobile device community is the fastest changing industry. It should be trivial to either update the OS/apps or replace the phones. Well, at least relative to home and business machines (PC/Servers).
Life is not for the lazy.
This is not technically the explanation for the 2x ratio difference, at least on the Cisco platform under the microscope here. It is slightly more nuanced than that.
The TCAM entries are divided up into two bucket sizes: 72 bit buckets and 144 bit buckets.
An IPv4 address is 32 bits
An IPv6 address is 128 bits
An IPv4 FIB entry is 32-bits plus any additional bits it stores like interface and next-hop info
An IPv6 FIB entry is 128-bits plus any additional bits it stores like interface and next-hop info
128 bits do not fit into a 72-bit bucket so it gets stored in the larger 144-bit bucket.
There are multicast entries, MPLS entries, etc that all fit into one or the other of the two TCAM buckets.
The bucket sizes are 2x difference, not the amount of stored info from the address family sizes.
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
This is exactly the kind of problem that makes you glad you overpaid for name brand hardware.
Which of these two answers to the question "Why did our network fall over and sink into the swamp yesterday?" would you like to give?
"Um, it's because I recommended saving a bit of money on buying off-brand routers that couldn't handle everything. I'll go clean out my desk."
or...
"It's not my fault! We bought [insert name brand here] because they were supposed to be better. Round up the rest of the management team and we'll have a conference call with [vendor] this afternoon and get them to explain how they failed us."
OK, but apart from the sanitation, medicine, education, wine, public order, irrigation, roads, the fresh water system and public health, what has IPV4 ever done for us?
John