Google Deploys IPv6 For Internal Network 260
itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."
Supported (Score:5, Insightful)
"'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."
I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.
Re:Supported (Score:5, Insightful)
I don't think they meant "we shouldn't hold the vendors accountable if the equipment doesn't work right".
I think they meant "we shouldn't expect that just because the vendor says it works, that it does".
Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.
Re: (Score:3)
Google has the benefit of size. If Google calls up Cisco and say "please fix this problem that exists in the thousands of routers we buy from you", it'll get fixed. If you or I call up Linksys and say "please fix this problem that exists in this one router I bought from you"... well... don't hold your breath.
So I'm not the only one who read the article as "stay as far away from IPv6 as possible for as long as you can manage"? If an organisation with the size, resources, and clout with vendors that Google has is four years into an estimated eight-year move to IPv6 (as opposed to "we switch over from v4 to v6 next weekend, set your watches"), that's a sign that I don't want to move my organisation to this stuff any time soon. A network upgrade should be, at worst, a somewhat over-long weekend, not a new career
Re:Supported (Score:4, Insightful)
On the other hand not supporting or working with a customer like Google in their move to IPv6 would be short sighted. If Google were not happy with Cisco's attitude they could easily go an invest in another company and publicize why they dropped Cisco. That would hurt Cisco down the road as they end up no longer being taken seriously.
Companies know that IPv6 is going to become a reality sooner rather than later, especially in markets such as east Asia and Africa, which already have a rapidly diminishing pool of available IPv4 addresses. To ignore these markets would be handing future success over to companies who recognized the expanding niche and got in there early.
Re:Supported (Score:4, Insightful)
And funnily enough - it's way more easier for Linksys/D-Link/Netgear to fix a bug or implement a feature on a SOHO device than it is for Cisco - not only they don't have to care about the installed base, but their customer base is used to sub-par firmware - so were they to implement an IPv6 feature in a buggy or less-than-optimal way . . . not that much of backslash.
That is exactly why this story is news. If it had been SOHO routers being buggy - well, that's sad, but it's not likely to surprise the /. readership. If it had been "professional equipment" not supporting IPv6, I don't think that would have surprised a whole lot of us, either.
The news here is that vendors who you might expect to deliver quality product shipped appliances that they claimed would support IPv6, and that the IPv6 support is shoddy. Now, some people will not be surprised by this, either (I'm not, for one), but some people will be - as you neatly illustrated by pointing out that people hold Cisco to higher standards than SOHO gear.
Re: (Score:2)
Re:Supported (Score:5, Insightful)
I think that if something is declared "supported", it is perfectly reasonable to expect it to work. If it turns out it doesn't work, I think the problem is more that the vendor hasn't done as good a job as they should have than that your expectations were too high.
Indeed, but it's the same with all commodity technology - you find various implementations, not all of which work properly.
The same was true 10 or 15 years ago with booting from CD. Same was true 5-6 years ago with PXE. Same's true with CIDR - I've come across equipment like printers that can't handle the idea - you have to give them a class A, B or C subnet mask. Same with STP (spanning tree) - I've met switches that just plain don't work if you turn on STP then plug in a cheapie unmanaged switch - and I don't mean the port plugged into the cheapie switch doesn't work, I mean the entire expensive managed switch doesn't work. Only a couple of weeks ago I met a server BIOS providing software RAID (yeuch) that needed the drives set to RAID in the BIOS for it to work. But if power to the server was lost, that specific BIOS setting would go. Every other BIOS setting would be just fine and you'd get no error at bootup; you'd just find your disks magically appeared differently on boot.
If Google's network team honestly thought that any product with "IPv6 supported" on the label meant "Every aspect of IPv6 fully supported, tested, interoperable with other vendor's implementation - basically it'll work as well as you'd expect IPv4 to work in something released in the last five years", they're displaying incredible naiveté.
Re:Supported (Score:5, Funny)
If you mean that the managed switch dies when you connect an unmanaged switch with NO loop: then you have an extremely crappy managed switch. This use case has nothing to do with STP.
That's exactly what I mean; disable STP and it all starts to magically work.
This was a Dell switch, which probably explains rather a lot - rumour has it that particular model is a rebadged Allied Telesyn. Mind you, if Dell were to write to me informing me the sky was blue I'd stick my head out of the window.
Re: (Score:2)
I run V6 and V4 at home; the $20 LAN switches, wireless router and PCs support V6 but the DSL router doesn't. Otherwise the only issues I've come across are that some of the services on the my Linux server don't listen on V6 addresses, I've never got IPSEC to work with V6 and the XP machines don't really work very well with V6 (but they also don't get used much these days).
The fine article is wrong (Score:3, Informative)
"Each campus or office got a /48 address block, which meant that it was allotted 280 addresses. In turn, each building got a /56 block of those addresses (or about 272 addresses) and each VLAN (Virtual Local Area Network) received a /64 block, or about 264 addresses."
a /48 block is 65536 subnets for each campus. A /64 has 18,446,744,073,709,551,616 IP addresses.
The RFCs on this type of thing are RFC 6177 which replaced 3177 and RFC 5375. For a itworld/usenix article, fact checking is really low.
Re:The fine article is wrong (Score:5, Insightful)
Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.
Try this: 2<sup>80</sup> -> 280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.
Re: (Score:3)
Uhm, it's obvious something dropped <sup> tags. Just like, for example, Slashdot does.
Try this: 2<sup>80</sup> ->280. Not the writer's fault, the blame lies on editors who didn't notice their software mutilates basic harmless tags.
It is the writer's fault. We have forced comment preview for exactly this reason.
Re: (Score:2)
So you mean they can't edit it afterwards, like on /.?
Re: (Score:2)
We do, but the incorrect number is not on Slashdot. Also, I doubt the person who wrote this text could made this mistake, it's quite certainly the editor's fault ("editor" as a person, not as a program).
Re: (Score:2)
The address allocation schemes have carefully been designed to support about as many addresses as there are MAC addresses, that is, in the range of 48 bits.
But while the bottom 64 can be used for MAC-based autoconfig, they don't have to be. There's nothing preventing you from running DHCP and handing out sequentially-numbered addresses if you ever feel the need to.
IPv4.1 (Score:2, Funny)
Simple solution, bump it up a notch.
My octets go to 257. Solved.
Re:IPv4.1 (Score:5, Funny)
That's not how IPv4.1 works. Check the facts [packetlife.net].
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Not really, the top of the octet is at 255. An address like 257.257.257.257 would be rather larger than one that goes 256.256.256.256 .
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Business as usual? (Score:3)
For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,'
In other words, business as usual in all other areas of IT. Glad to see there is nothing "special" about ipv6 deployment.
And while the current versions of most OSes support IPv6, they do not do so by default.
What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.
Re:Business as usual? (Score:5, Interesting)
And while the current versions of most OSes support IPv6, they do not do so by default.
What are those OSes? Its been a long time since I turned on ipv6 at home. As I recall I had to do little other than turn it on. There is a difference between "activate" which is kind of like setting the sound mixer output to a comfortable level no big deal, vs searching on the internet to install 3rd party drivers and/or recompiling kernels.
Windows 7 actually defaults to it being turned on, but will generally not do anything with it if it doesn't get an IPV6 DHCP address. But some MS technology (like the Win7 HomeGroup support, and DirectAccess) work via IPV6. Odds are there are a TON of people using IPV6 on their home network and just don't know it.
Re: (Score:3)
Re:Business as usual? (Score:5, Funny)
Re: (Score:2)
Re: (Score:3)
I think that says more about yourself than anything else.
There are problems with various drivers, hardware and software with IPv6 implementations. Blaming the end users doesn't get anyone anywhere.
Hmm (Score:3)
Even I am kind of curious to see what would happen if we set a week in the future to switch everyone over. I say a week, not a day, because vendors will need at least 72 hours to issue emergency firmware upgrades after sections of the internet disappear, and allowing for different time zones and what not, of course.
Does anyone know if all the major service providers have upgraded their equipment to ipv6 yet? Any laggards?
well inside IP4 works and just the out side (Score:2)
needs to be IPV6 so it can be like NAT is just need to make the out side stuff work with IPV6 and the in side can still have the older IPV4 only stuff.
Re:Hmm (Score:4, Informative)
In Europe, Asia and Africa ISPs are already making the slow move to IPv6. In North America it is only a handful of ISPs that have publicized their efforts (two come to mind: Comcast and TechSavvy), whereas others are putting short term profits before long term success.
In the short term companies that already have massive private networks can install a web proxy to deal with external IPv6 HTTP hosts. Long term they will need to revaluate the design of the network and what really needs to have access to the external IPv6 network and what can stay oblivious. In general anything that is only going to communicate with the internal network can stay IPv4 centric, while other devices with be dual IPv4/IPv6 stack.
The one challenge people with wanting to make the web server accessible from IPv6 clients are hosting centres that don't provide IPv6 yet. It is certainly possible to get around this by using a tunnel, but this is really far from optimal.
BTW Some hosting services that are IPv6 ready are listed here:
http://www.sixxs.net/wiki/IPv6_Enabled_Hosting [sixxs.net]
what about printers and other Internal stuff IPV4 (Score:2)
There is a lot of stuff that does not have IPV6. Do they have some kind of NAT for the older IPv4 stuff?
Re: (Score:2)
It took Google 4 years... (Score:5, Insightful)
Re: (Score:2)
not everyone has a network as large as the network of google.
Vendors are a tad better enabled now... (Score:2)
Early large-scale adopters like Google have suffered the leading edge of vendors trying to get ready. In terms of the problems Google ran into, I'd wager a large chunk of them won't be inflicted again by the same company. Once kinks are worked out for even one customer, they are generally worked out for all customers.
That said, while I've seen a large amount of increased IPv6 capability from vendors (showing they have expertise *somewhere*), it's still an arcane art for almost everyone at these companies
Re:Vendors are a tad better enabled now... (Score:4, Interesting)
I suspect that most of the pain was suffered by the vendors in this case. Google will have written the IPv6 requirements into the multimillion dollar purchase orders and is quite capable of phoning a VP of sales and telling him that if this is not fixed NOW you might find yourself no longer qualified as a Google supplier.
BTW I read that the DoD has come up with a unique way to encourage vendors to make sure that their IPv6 implementations actually work. They've been told that whether or not their own Web sites are accessible via IPv6 will be a factor in acquisition decisions. I can't reach Cisco on IPv6, though.
Re: (Score:2)
Really? You don't think that a company the size and shape of Google might have a slightly more complex network than a shop of, say, 100 people?
Technically complex... (Score:2)
While I anticipate Google to have one of the most complex networks, they also probably have a more reasonable organizational structure populated by more talented individuals on the whole. I say this not because I think Google is magic, but I optimistically *hope* they aren't as bad as some of the companies I have dealt with. Most companies have a technical staff either not talented enough, bound up in an impossibly convoluted organizational structure that paralyses them in any efforts to technically advan
Re:Technically complex... (Score:4, Interesting)
Google may have the largest networks, but I doubt they have the most complex networks. Otherwise they wouldn't be able to "scale out" as easily and quickly. I suspect most Google data centers are very similar in network topology and technologies used.
Old large organizations are the ones with weird complex networks which are not self-similar and use different network technologies. x.25 over tcp/ip, frame relay, netbios over tcp/ip, SDLC, token ring, FDDI, stuff that's still using Novell 802.3 ethernet frames ( http://support.novell.com/techcenter/articles/ana19930905.html [novell.com] ). If you're unlucky you'd need network equipment that can handle both the old stuff and ipv6 properly. The networks may not be connected to each other, but what if the old expensive equipment handling the "legacy network stuff" are also handling some IPv4 stuff?
Unless forced to I wouldn't bother upgrading an old bank to IPv6. Users inside can't connect directly to the outside world, unless they go through a proxy? That's a feature not a bug ;).
Vendors (Score:2)
Re:Vendors (Score:5, Insightful)
Because the hardware that can handle large amounts of small packets fast when you install your own software ('firmware'), does not exist AFAIK. Atleast not the type which will also be supported by (multiple) vendors (no1 wants to be stuck on, locked into, one vendor). designing not-massproduced ASICS isn't cheap. It would be like Google designing their own CPU's for their servers.
The closest things are:
- NetFPGA (some people at Google worked on that project I believe) / LibreRouter - which use FPGA's to handle packets, you tell it how to do that.
- projects like Netmap, handle packets in userspace so you don't have to push packets through the kernel on normal PC-hardware, making it faster: http://www.youtube.com/watch?v=SPtoXNW9yEQ [youtube.com]
The best chance currently to be useful in 'doing your own thing' is probalby:
- OpenFlow, which basically is an API standard which multiple vendors would support to describe what the hardware in a switch should be doing, a programming language almost. Some demo's:
http://www.youtube.com/user/stanfordopenflow [youtube.com]
Which can allow for lots of tricks, like 'software defined networking'
What's the point? (Score:3)
IPv6 is cool, I get it. But how many ISPs are offering it to their consumers? If I want to build a web presence, would I settle for only IPv6 address space? If not, how much would I pay to buy into the IPv4 space so I can reach all my potential customers?
Re:What's the point? (Score:5, Informative)
IPv6 is very popular in Asia, and you have a large number of Eastern languages sites that are only reachable on IPv6 (some only have IPv4 for western visitors if their content applies).
And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.
The limiting factor is going to be the home routers. But as more ISPs begin offering the option (maybe bundled with a "higher performance tier" that will tie in with net neutrality), we'll likely see home routers advertising IPv6 support as if it was a new type of faster wireless. Albeit, it might take years.
Re: (Score:3, Interesting)
Even companies like Google will find it increasingly hard to get enough IPv4 addresses for their needs. See e.g.
Microsoft's recent purchase [bbc.co.uk] at $11.5 a pop.
I'm sure they require a lot of globally routable addresses for internal communication. Those can be converted to IPv6 to free up address space for their public endpoints, even while most of their users are IPv4 only.
From the user side of it, ISPs in growth areas like Asia simply cannot hand out IPv4 addresses to all their users, leading to kludges like IS
ipv6 - a private protocol for google? (Score:3, Interesting)
I'm lucky enough to use an isp that offers native ipv6.
This coupled with a nifty firefox plugin (IPvFox) enables me to determine with some certainty that somewhere between 95-99% (tongue in cheek) of all ipv6 traffic on the internet is googles.
They are pretty much the only company using it.
(O.K. rss.slashdot.org... kudos to you guys).
IPV6 is inevitable - better learn it now (Score:3, Insightful)
Right now I'm running a free IP v6-over-v4 tunnel from my router to Hurricane Electric. I got assigned my own v6 LAN range. Mac OS X works fine, hits the v6 version of a website if it exists, the v4 version otherwise. Doesn't always work, I know. The DNS part is the problem to figure out. The larger infrastructure DNS servers (comcast, at&t, verizon, etc) need to support IPv6. Comcast has just begun rolling it out to end users, so hopefully they've got dnsv6 servers that work now and still return the correct regionally sorted IP addresses for cloud services like akamai.
We should not expect something to work just . . . (Score:3)
'We should not expect something to work just because it is declared supported, . . ."
Why should IPv6 be different than any other feature a vendor documents?
Re:IPv6 (Score:5, Insightful)
assignment of smaller blocks may have extended the life of IPv4 addresses however, there are physically not enough addresses for the devices we currently have. While, there may be enough at the moment, there wont be soon.
What is IPv4; 4.3 billion addresses. There are over 6 billion people on earth and many people in the western world have numerous devices. My household of 2 has 8 devices that are nearly always online. (Computers, Phones, Top-set Boxes, printers, etc....) This number does not take into account either one of our work sites which probably add another 1-2 addresses to that number.
And no, NAT is not a solution.
Re:IPv6 (Score:5, Informative)
Re:IPv6 (Score:4, Insightful)
You've got to be kidding. Were you just looking for some way to criticize his post?
Re: (Score:2, Interesting)
NAT has improved protocol design a lot though. Before NAT, there were things like FTP, with inband port signaling. Most modern protocols avoid mentioning port numbers in the payload and can run on any port, through multiple port forwardings if necessary. Notable exception and bad example: SIP. I expect more bad protocol design once people again assume that end-to-end IP addressing is universally available.
Re: (Score:3)
Why is that bad in the absense of NAT?
Re:IPv6 (Score:4, Interesting)
OK, but that's not very clear. I can see why a program that picked a completely random port might be awkward to get to work with a firewall. But restricting the range of ports that it can use, then permitting those, would work wouldn't it?
I'm not sure it's a good idea to restrict protocol flexibility in that way anyway. There's a fundamental issue with NAT or firewalls in that they need to know details of what the users behind them want and don't want to do. This may be true for a business with a central IT department who can configure the device as necessary, but it's not true in general. If my ISP runs a NAT to conserve IP space, am I supposed to contact them to forward whatever ports are necessary? I don't think that'll work well. I just hope IPv6 actually does get rolled out before that becomes necessary.
Re:IPv6 (Score:5, Insightful)
you see, the good thing is not the NAT, but the firewall dropping packets from outside, again. As always, the people say the security comes from NAT, and really mean the requirement of having a firewall which drops packets coming in, because there is no mapping to which internal ip they should be routed.
Re:IPv6 (Score:4, Informative)
Of course sometimes its still necessary, avoiding that just isn't as flexible.
SIP/H323 are a good example as the media has to be sent in a separate RTP connection. If it's not immediately obvious why that's the case RTP has to be sent as UDP to avoid latency/loss making a call unusable which TCP would. SIP can use TCP and H323 always does, so you can't send the media in the same connection.
Plus a lot of telecom environments don't have the same server handling the media as the signalling. One such use case is sometimes you get the phones to bypass the server and talk directly. That means less latency and less bandwidth used at the server, but it is only possible where end-to-end connectivity between the phones is is possible and NAT almost always breaks that.
Re:IPv6 (Score:4, Insightful)
NAT killed one of the basic principles of the internet and you're trying to make it look like a good thing.
Re:IPv6 (Score:4, Insightful)
Thank the internet-based attacks. I've had the pleasure of plugging in a fresh Windows XP (before SP3/firewall) computer to get security updates and have it infected 30 some odd seconds later.
Re: (Score:2)
Sure, but that's the fault of Windows, not the network protocol.
In fairness, modern WIndows versions are better. I left my Vista box with a public IP and no separate firewall for months and nothing bad happened.
Re: (Score:2)
You could argue it's very much the fault of the prevalence of NAT too - most of the time it simply wasn't a problem, but not for any good underlying reason (i.e. USB key or drive-by download type attacks then propagating via RPC vulnerabilities on internal networks).
I mean, silver-lining of NAT, whatever, but I don't think it's been remotely worth it.
Re: (Score:2)
So your anecdote has become data?
A sample size of one in your study is somehow important?
Hand in your geek card.
Re: (Score:2)
I didn't realise I was publishing a scientific paper. I *thought* I was responding to one anecdote with another.
The "OMG you don't have a NAT you're going to get pwned" fearmongers are fond of using anecodes of unpatched XP boxes being hacked within seconds. If that was still such a problem, it shouldn't have been possible for even a single user such as myself to have an out-of-the-box Windows install connected directly to the itnernet for months without being hacked. Simple statistics should say that if th
Re: (Score:2)
Re:IPv6 (Score:4, Informative)
What happens when both end-points are behind a hide-NAT? ... ...
Many-to-one NAT by nature breaks the bi-directional model of TCP and UDP communications. You can workaround it by using dynamic port mappings ala uPNP, but it's a ugly hack really.
Re: (Score:2)
Re:IPv6 (Score:5, Informative)
I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.
The announcement - http://www.nro.net/news/ipv4-free-pool-depleted [nro.net] - was made when IANA, the central authority, ran out of addresses to give to the five regional internet registries. These regional registries will run out at different speeds. Geoff Huston's graph is very useful to see how fast this will happen - http://www.potaroo.net/tools/ipv4/plotend.png [potaroo.net]
Re: (Score:3)
I thought there was an announcement that the IPv4 address space is now totally exhausted.
IP allocation is heirachical. The IANA assigns IPs to the RIRs, the RIRs assign IPs to ISPs and big companies, ISPs assign IPs to their customers and so-on.
Currently the IANA have run out and APNIC have run-out. The other RIRs still have IPS to hand out for now (not for much longer though).
Re: (Score:3)
I would suggest that anyone with even a class B should probably be encouraged to break them up and return u
Re: (Score:2)
I really think that mobile companies should be among the first on IPv6 with IPv4 access via NAT & proxy.
AFAICT the majority of mobile companies - at least in the UK - already are. Plug a USB dongle into your laptop or check the IP address on your phone, there's a good chance it's in RFC1918 address space and they're NAT'ing you.
Re: (Score:2)
Re:IPv6 (Score:4, Informative)
Nice random hit on H1B's there. Blame ignorance and lack of initiative on the foreigners -- that always works out!
Re: (Score:3)
Little known fact only 15% or so if the IP V4 addresses are actually being used by honest to God websites
It's funny how the network is designed so that multiple clients can access a single server.
Talk about misusing numbers in furtherance of an argument! I'd expect the number of servers to be relatively low in any network -- servers are typically designed to be shared resources, and (in general network topography terms) only really make sense when there are multiple clients to access it.
Little known fact: there are currently enough people on this planet to overwhelm the IPv4 address space if we just gave eve
Re: (Score:3, Informative)
And no, NAT is not a solution.
Well, since IPv6 just will not happen [in-other-news.com], it's the best (which is not hard, because it's the only one) solution we have.
Re: (Score:2)
that article is drawing to conclusions way to fast.
Re: (Score:2)
Nat is defiantly a solution. There are so man devices connected directly to the Internet, consuming precious ip's that,frankly have no real reason for doing so. I worked at a publishing company some time back, thousands of employees, each with an accessible public ip address. So we're talking gobbling up thousands of ip's when through services like NAT, etc they could have shrunk their footprint to 10 or 15 public ip's. Widen that policy across the entire Internet and we'd likely be using a sliver ofthe ip4
Re: (Score:2)
Nat is defiantly a solution.
Yes, but its defiance is actually part of the problem.
Your publisher example wouldn't be a problem if we were all using IPv6. In such a scenario, running out of addresses would be inconce- er, hard to conceive. Unfortunately, silly, awkward shims like NAT give hardware manufacturers the excuse they need to avoid moving to the new standard.
As to your fridge example, before you share your fridge's address with every other fridge in the neighbourhood, I'd recommend you study man-in-the-middle attacks a little
Re: (Score:3)
As to your fridge example, before you share your fridge's address with every other fridge in the neighbourhood, I'd recommend you study man-in-the-middle attacks a little more carefully.
No man stands between me and my fridge!
Re: (Score:2)
New Orleans not so much so YMMV
Re:IPv6 (Score:5, Informative)
Something no one would need if proper assignment of IP ranges had been done.
No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.
Re: (Score:2)
Something no one would need if proper assignment of IP ranges had been done.
No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.
I'm tempted to say pot - kettle - black here as far as speaking from ignorance goes. NAT allows devices behind the wall to be addressed by port, sharing a single IP address. At an extreme you could have 65535 addressable devices behind a NAT firewall, exposed to the public internet as one IP address. There are many reasons that this is not a good idea - primarily it would involve NAT at ISP level, leading to "double NAT" issues to people with home routers, but the number of IP addresses available is not an
Re: (Score:2)
65k devices you say, you seem to know very little about NAT you need to have a unique port at the NAT box per unique ip/port/ip/port tuple, I've seen far more devices than that overloaded onto a single IP in corp networks, that said a lot can depend on the devices your using to perform NAT (PAT realy but that's a whole other debate). NAT still breaks things that should work SIP and FTP being the prime examples realy anything that can find 3 or more way communications useful. It makes sense for my phone ca
Re: (Score:3)
The real issue is that in their eagerness to make sure we never run out again, they made it too complicated. It would've been far more sane to add a fifth set of numbers. That way all existing IP's would've been 000.XXX.XXX.XXX --> essentially not requiring ANY renumbering at all. And they still would've been in a format that people could relatively easily memorize or manually enter.
Re:IPv6 (Score:4, Informative)
try having two IP's on the 'outside' of nat forward the same port to the same server (ie, port 80 on both IP's to your web server).. I have yet to find a single vendor that can do that, since it would not be able to figure out source traffic..
My ISP is a rural wireless ISP that does NAT at their POP. (I don't have much choice in Providers, its them, dial up, or satellite) Their whole wireless infrastructure is a 192.168.168.x network. All client sites sit behind another NAT device (the CPE router) that then translates that to a 10.10.x address.. I can't use any service that needs to address a certain port.. (people in my area get mad they can't host games on their WII's.. things like "whatsMyIP.com" are useless, so is dynamic DNS, since the public IP is a box serving thousands of customers.. This is the future of NAT, as IP's get scarce.
Re:IPv6 (Score:5, Insightful)
Re:IPv6 (Score:5, Informative)
I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did.
Not really. Don't forget there is a HUGE difference between the old classfull and VLSM/CIDR/classless numbering. That gain is the whole point of spending all that effort implementing netmasks. There really were not that many possible classfull lans compared to the number of minicomputer owning businesses in the world, etc.
For the post-92ish noobs, a really simple one line explanation is the netmask used to be stored inside the address itself, so for example if the first octet was 0 to 127, that meant that LAN had to be a (presumably giant bridged) /8, first octet 128-191 meant the netmask had to be a /16, not defaulted or was a pretty good guess, but operationally "had to be".
The early years of VLSM were pretty entertaining, old timers lecturing us how a LAN addressing scheme like 1.2.3.0/24 was "impossible" and so forth.
Without VLSM we would have to have done the ipv6 conversion years before the dotcom boom, rather than a decade or so after. Not entirely sure if we'd all be better off now, or not.
Re: (Score:2)
And for the post-1980s noobs, the original idea was that the first octet would be the network part and the last three would be the host part. Since 250 or so networks was 10 times what was expected. Classful addressing is a jonny-come-lately.
And yes, the fact that IP was expandable from 250 subnets to the present day shows that the initial engineering was phenomenal, but we're well past time for the next version of IP. If people spent a quarter of the time they spend complaining about IPv6 just implement
Re:IPv6 (Score:5, Funny)
Oh man, what I would have given to be there for that conversation.
"How many addresses do you figure we need?"
"Couple billion I guess."
"But what if we need more?"
"Dude, okay, let's just say one per person. 4 and a half billion or so. Now everyone on the world can have one."
"But what if, you know, there ends up being a few more people than that in the future?"
"Jesus Christ man, it's not like 3 billion extra people are gonna pop up out of nowhere in the next 30 years!"
Re: (Score:2)
Nah, from what I have read the conv went something like this:
RC [wikipedia.org] : "... well there's two in my office, one in yours, the Synchrocyclotron [wikipedia.org] requires fifteen and the LEP [wikipedia.org] guys requested four dozen."
TBL [wikipedia.org] : "so, what do you say? 4 or 8 per network?"
RC : "No no no, they all are to have a common address pool, weren't you listening?"
TBL : "common address pool, listen to yourself and who is going to build that then?"
RC : "no, that is the idea. I was thinking of two bytes of address space in the packet header, that is 65k addresses"
TBL : "weeeell, this experiment isn't going to work anyway...."
RC : "..."
TBL : "..."
RC : "Hey, lets give them 4bytes and brag that the address space in infinite!"
Re:IPv6 (Score:5, Informative)
Remember the mini-computer didn't even exists then.
So a computer was a large machine which took up a room.
And it was just an experiment, the experiment never ended.
If you want to know more about what the original creators thought, you should look up talks by Vint Cerf:
http://www.youtube.com/results?search_query=vint+cerf+ipv4+ipv6+depletion [youtube.com]
For example this video:
http://www.youtube.com/watch?v=LcXCieD5YKE [youtube.com]
Re: (Score:2)
Which naturally is a red-link on Wikipedia, because no doubt the first computers that were used to build the internet weren't "notable".
It appears that no one has ever bothered to make said article. There's nothing in the deletion log.
Re:IPv6 (Score:5, Insightful)
Re:IPv6 (Score:4, Funny)
I knew there was a language issue. Had they only realise that in manager speak "it still have some issues" means "ship it" ...
Re: (Score:2)
Yes, because with a total of 4 billion IPv4 addresses and the fact that an ever increasing number of people are having more and more devices connected to the internet this is not something that would eventually be bound to happen.
You must be from a first world country, to be able to waste your time in Slashdot. How many IP addresses are you responsible for yourself? Phones? Tablets? Routers? E-book readers? Multiply that by everyone else in a first world country and that's a ton of IP addresses, and we are
Re: (Score:3, Insightful)
Every vendor is short on delivery.
The only reason they have some support is because of the U.S. Federal Government mandate that all vendors support basic IPv6 by (i forget the year its somewhere between 2008 and 2012)
Now, that doesnt mean its a comprehensive solution (those cost even more development dollars). They simply did the least amount of work needed to still sell the product to the government.
It wont be until the rest of us demand proper support any vendor will put the time and money into a proper
Re: (Score:3)
And that's the rub, the hosting companies probably won't provide it until they absolutely have to as the ISPs are generally not providing access. And the ISPs won't be providing it until after the customers demand it. The customers mostly think that the internet is Youtube and probably Facebook and probably won't ever request it unless those sites go unavailable.
Re: (Score:2)
The quote below is from the he.net website, that doesn't seem all that great.
But people are starting to deploy it now, look at the growth of the number of BGP route entries in the routing tables:
http://www.flickr.com/photos/23667510@N03/6493294453 [flickr.com] (IPv4)
http://www.flickr.com/photos/23667510@N03/6493294527 [flickr.com] (IPv6)
And that is even though we need less IPv6 entries than IPv4 per network, because one IPv6 entry is much larger than one IPv4 entry. A lot of networks that now have 4 or 10 IPv4 entries, might now onl
Re: (Score:2)
Precisely. Here at the coyote.den, I've been NATing all my stuff to a 192.158.xx.xx scheme and will never ever use even the last block of 254 addresses fully. But that is whats forced on the home user because his ISP only gives us one address.
ALL of the existing, can be purchased from Amazon, reference books are both quite a few years old now, and damned expensive in dead tree formats, too
Re: (Score:2)
Re: (Score:2)
maybe the vendors should have just sent them bipv6 products.