Google Deploys IPv6 For Internal Network 260
itwbennett writes "Google is four years into a project to roll out IPv6 to its entire internal employee network. At the Usenix Large Installation System Administration (LISA) conference in Boston last week, Google network engineer Irena Nikolova shared some lessons others can learn from Google's experience. For example: It requires a lot of work with vendors to get them to fix buggy and still-unfinished code. 'We should not expect something to work just because it is declared supported,' the paper accompanying the presentation concluded."
Re:IPv6 (Score:5, Informative)
Something no one would need if proper assignment of IP ranges had been done.
No point asking what you mean, since you evidently speak from ignorance. Even with optimal assignment of IPv4 addresses, it would only delay the inevitable shortfall. Sooner or later, the number of addressable end-points on the internet would exceed 4 billion. NAT is an unfortunate workaround to delay the effects of the shortfall; it should be a freely-chosen option, not an enforced requirement.
The fine article is wrong (Score:3, Informative)
"Each campus or office got a /48 address block, which meant that it was allotted 280 addresses. In turn, each building got a /56 block of those addresses (or about 272 addresses) and each VLAN (Virtual Local Area Network) received a /64 block, or about 264 addresses."
a /48 block is 65536 subnets for each campus. A /64 has 18,446,744,073,709,551,616 IP addresses.
The RFCs on this type of thing are RFC 6177 which replaced 3177 and RFC 5375. For a itworld/usenix article, fact checking is really low.
Re:IPv6 (Score:5, Informative)
Re:IPv6 (Score:5, Informative)
I'd say the address space length that they used still makes it outrageously overengineered for the time, and we're lucky they had the vision that they did.
Not really. Don't forget there is a HUGE difference between the old classfull and VLSM/CIDR/classless numbering. That gain is the whole point of spending all that effort implementing netmasks. There really were not that many possible classfull lans compared to the number of minicomputer owning businesses in the world, etc.
For the post-92ish noobs, a really simple one line explanation is the netmask used to be stored inside the address itself, so for example if the first octet was 0 to 127, that meant that LAN had to be a (presumably giant bridged) /8, first octet 128-191 meant the netmask had to be a /16, not defaulted or was a pretty good guess, but operationally "had to be".
The early years of VLSM were pretty entertaining, old timers lecturing us how a LAN addressing scheme like 1.2.3.0/24 was "impossible" and so forth.
Without VLSM we would have to have done the ipv6 conversion years before the dotcom boom, rather than a decade or so after. Not entirely sure if we'd all be better off now, or not.
Re:IPv6 (Score:5, Informative)
Remember the mini-computer didn't even exists then.
So a computer was a large machine which took up a room.
And it was just an experiment, the experiment never ended.
If you want to know more about what the original creators thought, you should look up talks by Vint Cerf:
http://www.youtube.com/results?search_query=vint+cerf+ipv4+ipv6+depletion [youtube.com]
For example this video:
http://www.youtube.com/watch?v=LcXCieD5YKE [youtube.com]
Re:IPv6 (Score:4, Informative)
Nice random hit on H1B's there. Blame ignorance and lack of initiative on the foreigners -- that always works out!
Re:IPv6 (Score:4, Informative)
What happens when both end-points are behind a hide-NAT? ... ...
Many-to-one NAT by nature breaks the bi-directional model of TCP and UDP communications. You can workaround it by using dynamic port mappings ala uPNP, but it's a ugly hack really.
Re:IPv6 (Score:3, Informative)
And no, NAT is not a solution.
Well, since IPv6 just will not happen [in-other-news.com], it's the best (which is not hard, because it's the only one) solution we have.
Re:What's the point? (Score:5, Informative)
IPv6 is very popular in Asia, and you have a large number of Eastern languages sites that are only reachable on IPv6 (some only have IPv4 for western visitors if their content applies).
And on ISPs. Cox and Time Warner (Road Runner) started running consumer IPv6 pilots this year, and I wouldn't be surprised if other ISPs also started.
The limiting factor is going to be the home routers. But as more ISPs begin offering the option (maybe bundled with a "higher performance tier" that will tie in with net neutrality), we'll likely see home routers advertising IPv6 support as if it was a new type of faster wireless. Albeit, it might take years.
Re:Hmm (Score:4, Informative)
In Europe, Asia and Africa ISPs are already making the slow move to IPv6. In North America it is only a handful of ISPs that have publicized their efforts (two come to mind: Comcast and TechSavvy), whereas others are putting short term profits before long term success.
In the short term companies that already have massive private networks can install a web proxy to deal with external IPv6 HTTP hosts. Long term they will need to revaluate the design of the network and what really needs to have access to the external IPv6 network and what can stay oblivious. In general anything that is only going to communicate with the internal network can stay IPv4 centric, while other devices with be dual IPv4/IPv6 stack.
The one challenge people with wanting to make the web server accessible from IPv6 clients are hosting centres that don't provide IPv6 yet. It is certainly possible to get around this by using a tunnel, but this is really far from optimal.
BTW Some hosting services that are IPv6 ready are listed here:
http://www.sixxs.net/wiki/IPv6_Enabled_Hosting [sixxs.net]
Re:IPv6 (Score:4, Informative)
Of course sometimes its still necessary, avoiding that just isn't as flexible.
SIP/H323 are a good example as the media has to be sent in a separate RTP connection. If it's not immediately obvious why that's the case RTP has to be sent as UDP to avoid latency/loss making a call unusable which TCP would. SIP can use TCP and H323 always does, so you can't send the media in the same connection.
Plus a lot of telecom environments don't have the same server handling the media as the signalling. One such use case is sometimes you get the phones to bypass the server and talk directly. That means less latency and less bandwidth used at the server, but it is only possible where end-to-end connectivity between the phones is is possible and NAT almost always breaks that.
Re:IPv6 (Score:5, Informative)
I thought there was an announcement that the IPv4 address space is now totally exhausted. Or at least there are no new blocks to be assigned. The tunnel broker, Hurricane Electric indicates that IPv4 is exahusted.
The announcement - http://www.nro.net/news/ipv4-free-pool-depleted [nro.net] - was made when IANA, the central authority, ran out of addresses to give to the five regional internet registries. These regional registries will run out at different speeds. Geoff Huston's graph is very useful to see how fast this will happen - http://www.potaroo.net/tools/ipv4/plotend.png [potaroo.net]
Re:IPv6 (Score:4, Informative)
try having two IP's on the 'outside' of nat forward the same port to the same server (ie, port 80 on both IP's to your web server).. I have yet to find a single vendor that can do that, since it would not be able to figure out source traffic..
My ISP is a rural wireless ISP that does NAT at their POP. (I don't have much choice in Providers, its them, dial up, or satellite) Their whole wireless infrastructure is a 192.168.168.x network. All client sites sit behind another NAT device (the CPE router) that then translates that to a 10.10.x address.. I can't use any service that needs to address a certain port.. (people in my area get mad they can't host games on their WII's.. things like "whatsMyIP.com" are useless, so is dynamic DNS, since the public IP is a box serving thousands of customers.. This is the future of NAT, as IP's get scarce.